Provided by: lwatch_0.6.2-3_amd64
NAME
lwatch.conf — configuration file for lwatch(1), syntax highlighting for syslog/syslog-ng file
DESCRIPTION
Default configuration file for lwatch is /etc/lwatch.conf (built-in value), but you can specify another file with -C command line option. Read lwatch(1) for details. Comments Everything from # (hash) to end of line is a comment. General options cfg_ver - this is obligatory variable and it must be placed as the first option in config file. This variable contains version of configuration file syntax. Current manual describes version 1. rule_action - after successful matching rule lwatch tries to match next one. You can choose to exit after executing matching rule changing this parameter from continue (that's the default) to exit. You can override this global parameter for each rule. See section Actions and modificators. use_syslog - if set to yes some messages will be logged through syslog, default is yes log_level - how verbose log messages should produce lwatch date_color - default color of date part host_color - default color of hostname part serv_color - default color of service part mesg_color - default color of message part input_file - where lwatch is reading data from, built-in default is /var/lib/syslog.fifo, could be overwritten with command line option -i output_file - where lwatch output colored data; built-in default is stdout (-), could be overwritten with command line option -o show_unparsed - by default lwatch ignores lines which cannot be split into date, host, service and message, set this variable to yes if you would like to see those lines; it is the same as command line option -s Available colors To specify color you can use following strings: black, red, green, brown, blue, magenta, cyan, lightgray, darkgray, brightred, brightgreen, yellow, brightblue, purple, brightcyan, white. Available log levels To specify the lower visible log level you can use following strings: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG. However, lwatch logs some debug data at LOG_DEBUG, some maybe useful messages at LOG_NOTICE and errors at LOG_ERROR. So, technically, meaningful values are: • LOG_DEBUG - log everything • LOG_NOTICE - log maybe useful messages and errors (this is the default) • LOG_ERROR - log only errors (if LOG_NOTICE is too verbose for you this is the next recommended setting) • LOG_CRIT - be quiet Please keep in mind that meaningful values may be a subject of change in future releases. Matching patterns There The True Power of Lwatch is hidden. You can match input lines against PCRE (Perl Compatible Regular Expression) and change output depends on matching. You can read more about PCRE in pcrepattern(3) (from libpcre) or in perlre(1) (from perl). There are two ways to define matching pattern/action. First one is the simple one. Just pattern and one action: /regexp/ action The second one is more complex, but it allows to specify more than one action or modificator with one pattern: /regexp/ { action1 action2 ... actionN } There is one important thing you should remember. There is no need to quote / (slash) if you use it inside regexp pattern. For example: //USR/SBIN/CRON/ { # cron's messages are not important color=blue # display it in blue match_service } Actions and modificators date_color - set date color mesg_color, color - set message color serv_color - set service name color host_color - set hostname color ignore - ignore this pattern, do not match next patterns exit - do not match next patterns when rule_action is set to continue, in other case it is superfluous continue - continue with next pattern when rule_action is set to exit, in other case it is superfluous; please note, that if ignore> is used in the same action it takes a priority - it makes no sense to match other rules for string that has been ignored highlight - highlight matched string with given color (see NOTES) match_host - match hostname insted message match_service - match service name instead message
NOTES
highlight action changes the matched text. That's why the following part of configuration wont work: /root/ highlight=brown /session closed for user root/ ignore when (pam_unix) session closed for user root would appear as an input line. First rule changes the text to: (pam_unix) session closed for user [BROWN]root[NORMAL] where [BROWN] and [NORMAL] are control sequences to change color to brown, then change it back to default color of this part. Of course this line does not match the second rule and you can see it on the output. There are two possible workarounds: • put the ignore pattern before the highlight one • enhance your second rules like: /session closed for user .*root.*/ ignore
EXAMPLES
Just look into provided lwatch.conf.
COPYRIGHT
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England. This library is available at: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
SEE ALSO
lwatch(1), pcrepattern(3), perlre(1) lwatch.conf(5)