logaudit

command module
v0.0.0-...-57f5bc4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2020 License: GPL-3.0 Imports: 17 Imported by: 0

README

logaudit

logaudit is a tool for gathering and analyzing log files. I intend it for logs such as those in GNU/Linux systems under /var/log.

I have a few machines and I want to keep an eye on the logs. One problem is that there are many log messages I don't care about. Another is that it is time consuming to look at logs on each host.

I hope this to make monitoring the logs more efficient for me.

How it works

logaudit runs on each host where you want to monitor logs. Typically it runs from cron. It reads logs from /var/log, filters them, and publishes lines of interest to a GCP Pub/Sub topic. I use emailpub to email me this summary.

Setup

Create a service account and allow it to publish to GCP Pub/Sub. If necessary, copy the key to the host.

Create a config and copy it to the host.

Add logaudit to root's cron:

21 6 * * * GOOGLE_APPLICATION_CREDENTIALS=service-account.json /path/to/logaudit \
  -config /path/to/logaudit.conf \
  -email you@example.com  \
  -project-id myproject \
  -state-file /path/to/logaudit.state \
  -topic mytopic 2>&1 | logger

Note GOOGLE_APPLICATION_CREDENTIALS only needs to be set if you're using a key from a file.

Documentation

Overview

This program ships logs from the server it runs on.

It reads logs from /var/log, skips those with a timestamp prior to its last run, filters them, and ships the remainder by publishing them to a GCP Pub/Sub topic.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.