-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogtail.conf
executable file
·55 lines (45 loc) · 2.48 KB
/
logtail.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#sample config for logTail
#DO NOT USE this, create your own please
#SECTION = DROP | COLOR | REPLACE | POSTTRIGGER | HIGHLIGHT (case-sensitive!)
# DROP{Foo} #logTail will drop lines with "Foo"
# DROP{FoO } #logTail will drop lines with "FoO " the two whitespace have to be in origin log line
# DROP{foo _AND_bar} #drop lines containing "foo " and "bar" note the whitespace
# COLOR{KEYWORD}VAL #logTail will colorize the KEYWORD
# REPLACE{KEYWORD}VAL #tail will replace KEYWORD with VAL
#Allowed COLOR vals} (ANSIESC)
# Forground:
# black red green yellow blue magenta cyan white
# Background:
# bblack bred bgreen byellow bblue bmagenta bcyan bwhite
# Other controls:
# bold blink cright cleft cup cdown beep underscore concealed reverse
# COLOR{FOO#}ansi-name #will see keyword "FOO" as "field" and colorize (ansi-escapes) from the keyword to next whitespace
# NOTE Whitespace are NOT ignored, good for values like 'Foo ' where 'Foobar' won't match
# You should start with DROP, then REPLACE and COLORize, for a better overview while your configuration becomes bigger
# because COLORize will be used for REPLACEd strings when ever if it occurs after an according REPLACEd string.
THIS IS A SAMPLE FILE, please create your own please ;-)
#Use # to comment or comment out in first position ONLY. The comments below will raise a config parser error.
# You may do a logical "and" with "_AND_" #the underscores belong to the _AND_ - better readable config
DROP{lcdclient}
DROP{192.169.124.199_AND_CRON_AND_ pam_unix} #will drop lines with "192.169.124.199" and " pam_unix" #
DROP{named[}
DROP{ SPT=631 _AND_ DPT=631 } #remember, whitespaces ARE evaluated
DROP{Last message repeated}
REPLACE{192.168.0.99}ComputerNAME
REPLACE{SQUID}PROXY
REPLACE{http://archive.ubuntu.com#}http://archive.ubuntu.com... #will truncate the "url"
COLOR{pppstats}white bold bred
COLOR{pppstatwarn#}blink white bred
COLOR{RX=#}black bgreen
COLOR{TX=#}black bred
COLOR{REJECT}red
COLOR{<-}red
COLOR{->}green
COLOR{martian source}bold bcyan white blink
COLOR{Firewall}bred white beep underscore #white on red background, a "bel" in your terminal and underscores
HIGHLIGHT{WARN} #will highlight a complete line after any other modification
# be carefull with POSTRIGGER!
# 1st, do not run logTail as root,
# 2nd read twice what you will allow to "exec"!
POSTTRIGGER{firewall_AND_warning}sudo /usr/sbin/beeper #obvious
POSTTRIGGER{temp}sudo /root/bin/temp.sh _LINE_ & # _LINE_ will give the logline as "Parameter" (from 0.9.5 on)