This is a module for monitoring log files, such as those updated by the UNIX syslogd utility.
To avoid repetitions, messages are grouped by type, with an occurrences columns to evaluate the frequency of a sort of message.
Messages are displayed in a table, and ordered so that the most recent message is at the top.
Only the lines conforming to the following format will be displayed in the module table:
month day hours:minutes:seconds host source: message
Aug 3 14:01:31 localhost net-snmp: Received TERM or STOP signal... shutting down...
Data is displayed in 1 table with the following columns:
- date of latest message occurrence of its sort.
- time of latest message occurrence of its sort.
- number of occurrences of this sort of message since this module was launched.
- the name of the host that produced the message
- the source of last message occurrence of its sort
- the processed message text of its sort
The message text is formed by merging all the messages of the same sort, with variants displayed as ? characters.
The algorithm is roughly as follows:
- -f (--file)
The log file path. Default is /var/log/messages.
- -r (--remote) [[rsh|ssh]://][user@]host
remote monitoring using user as logname on remote host host (rsh or ssh facilities must be properly setup). If user is not specified, current user is used as logname on remote host. The protocol is either ssh or rsh (used by default). The module title is set to log(host).
When there is a communication error with the remote host, a descriptive error message is generated.
Limits the number of rows displayed in the module table. Defaults to 10. Using a 0 value removes that limitation, which may be useful if one wants to be able to scan the whole log (see also the --whole option).
If specified, the whole log file will be read and parsed initially so that all messages (up to the limit imposed by the --rows option) will be displayed when the module is launched. Be warned that using this option may result in very long start up times, depending on your processor speed and eventually the bandwidth to the remote database server.
- Monitor a specific file:
$ moodss log -f /var/log/secure
- View all the messages from the default log file on the local host:
$ moodss log --whole --rows 0
- Monitor a remote UNIX server log from UNIX using a secure channel:
$ moodss log -r ssh://server.company.com
Note that you should first check that ssh is properly configured first, so that the following command, for example, works:
$ ssh server.company.com tail /var/log/messages
- Monitor a remote UNIX system log from Windows (the server value of the -r option is a putty saved configuration):
$ moodss log -r server
Note that you should first check that putty is properly configured first, so that the following command, for example, works:
C:\> putty server tail /var/log/messages