This is Info file xlogmaster.info, produced by Makeinfo version 1.68 from the input file xlogmaster.texinfo. INFO-DIR-SECTION Miscellaneous START-INFO-DIR-ENTRY * Xlogmaster: (xlogmaster). quick and easy monitoring of a UNIX system END-INFO-DIR-ENTRY This file documents the Xlogmaster Copyright 1998 Georg C. F. Greve Contributers to this documentation also were: Adrian Wontroba Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the sections entitled "Copying" and "GNU General Public License" are included exactly as in the original, and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Georg C. F. Greve. The Xlogmaster is a GNU program. Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA  File: xlogmaster.info, Node: Top, Next: Copying, Prev: (dir), Up: (dir) Xlogmaster ********** The Xlogmaster is a program to monitor system activity (logfiles) & hardware status (devices) and take actions if necessary. This is edition 0.8, for the Xlogmaster version 1.6.0 * Menu: * Copying:: Your rights and freedoms. * Introduction:: Introduction into the Xlogmaster * Runtime Commands:: How to use the Xlogmaster * Xlogmaster Concepts:: Internal Xlogmaster workings * Configuration Files:: The file formats used for configuration * FAQ:: Frequently Answered Questions * Concept Index:: Concept Index  File: xlogmaster.info, Node: Copying, Next: Introduction, Prev: Top, Up: Top Copying ******* The Xlogmaster is a GTK+ based program to monitor system activity (logfiles) & hardware status (devices) and take actions if necessary. Copyright (C) 1998 Georg C. F. Greve The Xlogmaster is a GNU program. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., Temple Place, Suite 330, Boston, MA 02111-1307 USA  File: xlogmaster.info, Node: Introduction, Next: Runtime Commands, Prev: Copying, Up: Top Introduction into the Xlogmaster ******************************** Hint for people that are too impatient to read the full documentation (as I usually am): RIGHT MOUSE BUTTON IN TEXT WINDOW BRINGS UP MENU MIDDLE MOUSE BUTTON IN TEXT WINDOW HIDES/SHOWS BUTTONS The first version of the Xlogmaster has been written in 1996, using the XVIEW toolkit. I didn't like that toolkit too much so it all ended up in a pretty messy piece of code that was only compile-time configurable and not very stable -- I did use it for two years, though, always telling myself "I'll be writing a clean version soon". June 1998 I finally managed to actually keep this promise and completely rewrote the Xlogmaster for the GTK+ toolkit (see `http://www.gtk.org/'). First I only intended to write it for my private usage but when I got a lot of feedback from people around the world I decided to make the Xlogmaster a real and regular project. With version 1.4.0 the Xlogmaster then became an official GNU program. The Xlogmaster will allow you to monitor all your logfiles and all devices that allow being read by `cat'. Furthermore it supplies several filters that will do things from raising/hiding lines in the text display to starting programs to send you a paging message about a possible security breach. If used wisely the Xlogmaster can make it very easy to keep track of everything that happens on your system and it can increase your systems security by quite a lot. This program has been written and published in the hope that it will prove useful to you but I do * not guarantee for anything* but my best will.  File: xlogmaster.info, Node: Runtime Commands, Next: Xlogmaster Concepts, Prev: Introduction, Up: Top How to use the Xlogmaster ************************* The Xlogmaster runtime usage is basically pretty simple. There is a button on the side for each entry and as you might have guessed clicking on the button will make the Xlogmaster display that entry. There are more functions that are less obvious: `right mouse button' will bring up the menu. `middle mouse button' will toggle whether the buttons are being shown/hidden. `left mouse button' will pick the standard selection (for cut&paste). these do only work in the *text window*, though. Apart from that you can use the cursor-keys to move the standard selection around and activate it by hitting . The configuration should be self explanatory, if you keep the mouse pointer over an object a small help window will pop up.  File: xlogmaster.info, Node: Xlogmaster Concepts, Next: Configuration Files, Prev: Runtime Commands, Up: Top Internal workings of the Xlogmaster *********************************** The two concepts you should definitely know about within the Xlogmaster are * Menu: * Modes:: Description of the main modes * Filters:: Information about the filters * Audio Support:: Audio Support for *Class 1* filters  File: xlogmaster.info, Node: Modes, Next: Filters, Prev: Xlogmaster Concepts, Up: Xlogmaster Concepts Modes ===== The Xlogmaster knows basically two modes of operation, the *tail mode* and the *cat mode*. Both modes are named after the programs they emulate. For both modes you can give an interval -- this is the time (in 1/10 seconds) between two calls of the interrupt function. This interval directly determines how often the Xlogmaster checks for changes in the logfile (*tail mode*) or how often it replaces the data in the buffer with the current data (*cat mode*). * Menu: * Tail mode:: Details about the Tail mode * Cat mode:: Details about the Cat mode * Run mode:: Details about the Run mode  File: xlogmaster.info, Node: Tail mode, Next: Cat mode, Prev: Modes, Up: Modes Tail mode --------- The *tail* mode basically works like using `tail -f' on a logfile. It will read a file and then keep on reading whatever gets appended to it over time. The Xlogmaster should also be able to catch logfile rotations so you don't have to reopen it every time the logfiles have been rotated.  File: xlogmaster.info, Node: Cat mode, Next: Run mode, Prev: Tail mode, Up: Modes Cat mode -------- The *cat* mode works like doing a `cat ' so it reads the whole file every time. This is necessary for reading things like the `/proc' devices.  File: xlogmaster.info, Node: Run mode, Prev: Cat mode, Up: Modes Run mode -------- The *run* mode gives you the opportunity to execute any script or program that you can think of to retrieve some data that is of interest for you and process it's *stdout* and *stderr* with the Xlogmaster. The *run* mode has one more parameter than the other modes, the "DELAY" interval (given in tenth of seconds) that determines the time between an end of the monitored process and it's restart. If you monitor the output of `w' (a very nice one to monitor, btw.) and give it a *delay* of 10 and an *interval* of 3 it will cause the Xlogmaster to do the following: * execute `w' * look for output from it every 0.3 seconds * process the output with Class 1 filters * display if necessary * once the program terminated: wait 1 second * start at the beginning  File: xlogmaster.info, Node: Filters, Next: Audio Support, Prev: Modes, Up: Xlogmaster Concepts Filters ======= The Xlogmaster has two classes of filters, enumerated *Class 0* and *Class 1* filters. The main difference is that the *Class 0* filters are filters being applied at *display time* while the *Class 1* filters are being applied at *read-time*. Matching for the filters is *always* done per line -- patterns that would match more than one line will *never* match anything ! The following filters are known: * Menu: * Class 0 filters:: Details about the Class 0 filters * Class 1 filters:: Details about the Class 1 filters  File: xlogmaster.info, Node: Class 0 filters, Next: Class 1 filters, Prev: Filters, Up: Filters Class 0 filters --------------- As mentioned before *Class 0* filters are being applied at *display-time* -- if a line triggered multiple filters only the one with the highest priority is being applied ! The filters are (from highest to lowest priority): * Menu: * Hide:: Functionality of the "Hide" filter * Raise:: Functionality of the "Raise" filter * Lower:: Functionality of the "Lower" filter  File: xlogmaster.info, Node: Hide, Next: Raise, Prev: Class 0 filters, Up: Class 0 filters Hide .... Lines that trigger this action will be hidden without paying attention whether the line triggered other *Class 0* filters or not. Lines that do trigger any of these will be displayed the usual way.  File: xlogmaster.info, Node: Raise, Next: Lower, Prev: Hide, Up: Class 0 filters Raise ..... Lines that triggered this acton will be raised (highlighted) without paying attention whether they also triggered a *Lower* action.  File: xlogmaster.info, Node: Lower, Prev: Raise, Up: Class 0 filters Lower ..... Lines that triggered this action will be lowered (lowlighted).  File: xlogmaster.info, Node: Class 1 filters, Prev: Class 0 filters, Up: Filters Class 1 filters --------------- *Class 1* filters are being applied at *read-time* -- logfiles with *Class 1* filters are being watched in the background, the filters will do exactly the same thing regardless of whether you are just looking at that logfile or not. The *Class 1* filters will be triggered for each line they can be applied on, but each filter only once (even if the string would theoretically match multiple times). They do *not* exclude each other, though. Each filter that can be applied will be applied ! * Menu: * Alert:: Functionality of the "Alert" filter * Execute:: Functionality of the "Execute" filter * Notice:: Functionality of the "Notice" filter * Uniconify:: Functionality of the "Uniconify" filter  File: xlogmaster.info, Node: Alert, Next: Execute, Prev: Class 1 filters, Up: Class 1 filters Alert ..... The button of the entry that triggered the alert will flash in the *alert color* and then slowly fades back to it's normal color. The *alert color*, the time it takes to fade back and the smoothness of the fading can be controlled at *configure-time* as well as *runtime*. The purpose of this filter is to inform you of events that are of interest right now but become less important over time -- the fading back prevents a situation that you come back to your machine and find all the buttons in *alert color* additionally you get an impression of how recent the alert was if you catch it while fading back.  File: xlogmaster.info, Node: Execute, Next: Notice, Prev: Alert, Up: Class 1 filters Execute ....... This filter allows you to start programs and/or scripts when a certain string shows up. This is potentially the most powerful of the filters. Your program gets it's information via environment variables or via command line. The following variables / environment variables are known: `%F' `XLM_FILENAME' absolute path to file/device of entry. `%H' `XLM_HELP' help text of entry. `%L' `XLM_LINE' line that actually triggered the Execute filter. `%M' `XLM_MODE' mode of entry. `%N' `XLM_NAME' name of the Logfile that triggered the Execute filter. A word of warning: the execute entry will only process one command and substitute the variables accordingly. If you want to create a more complicated setup I'd recommend to write a small shell script. This especially means that piping will *not* work.  File: xlogmaster.info, Node: Notice, Next: Uniconify, Prev: Execute, Up: Class 1 filters Notice ...... This filter has been implemented for events that are of extreme importance regardless of when they have been triggered. A notice box is being popped up at the current mouse position. This notice box contains a list with the time and date of the triggering action as well as the name of the entry that triggered it. If you click on an entry in this list you'll see the triggering line in the text field below the list. If you set `--notice-follows-mouse' at startup the notice box will move to the current mouse position every time something new has been added.  File: xlogmaster.info, Node: Uniconify, Prev: Notice, Up: Class 1 filters Uniconify ......... For people who like to keep the Xlogmaster iconifed because of space shortage. If you set this filter the Xlogmaster will uniconify automatically when a matching line has been seen.  File: xlogmaster.info, Node: Audio Support, Prev: Filters, Up: Xlogmaster Concepts Audio Support ============= The Xlogmaster has Open Sound System (OSS) support. For every *Class 1* filter type (the only exception being execute) you can define a sound that gets played whenever this filter type has been triggered. The requirements that the sounds have to meet are simple: They need to be playable via `cat > /dev/dsp'. This usually means they should be about 8KHz and in a standard format (`Wave', `ULaw' or `SUN audio' for instance). Please check out the command line options for setting of the sound files. If nothing is given the Xlogmaster will use the files in `$prefix/etc/sound'. The standard is to play back the files called `notice', `alert' or `uniconify' -- I'd recommend to make then symbolic links instead of actually copying the files there.  File: xlogmaster.info, Node: Configuration Files, Next: FAQ, Prev: Xlogmaster Concepts, Up: Top Configuration Files ******************* * Menu: * Configfile Introduction:: A short overview over the used formats * Xlogmasterrc location:: Locations searched for configuration files * Xlogmasterrc format:: The main configuration file for all entries  File: xlogmaster.info, Node: Configfile Introduction, Next: Xlogmasterrc location, Prev: Configuration Files, Up: Configuration Files Configfile Introduction ======================= There are two different file types used for configuration by the Xlogmaster. One is the GTK+ special style file, the "gtkrc" file I do not want to say too much about that one because it is documented with the GTK+ toolkit (*note GTK+ style file: (GTK)Resource Files) and it's format is actually pretty simple. A look at the sample files distributed along with the Xlogmaster should already solve all questions, so feel free to check them out and try around with them. They allow you to control the look of the Xlogmaster any way you want and it's definitely worth risking a look. The Xlogmaster internal configuration file is pure ASCII and can hence be processed easily with any text editor although you will most probably not need to do so because the customization menu is much nicer.  File: xlogmaster.info, Node: Xlogmasterrc location, Next: Xlogmasterrc format, Prev: Configfile Introduction, Up: Configuration Files Xlogmaster configuration file location ====================================== Xlogmaster looks for a configuration file in the following sequence, using the first found. If no configuration file is found, a set of internal defaults is used. * The file specified by the `-f' command line option. * A `.xlogmaster' file in the user's home directory. * A `xlogmasterrc' file in the Xlogmaster style directory. E.g. `/usr/X11R6/etc/xlogmaster/xlogmasterrc' for some systems.  File: xlogmaster.info, Node: Xlogmasterrc format, Prev: Xlogmasterrc location, Up: Configuration Files Xlogmaster configuration file format ==================================== The format is line oriented, this means every entry needs to use exactly one line. Entries that do not follow this policy will be ignored. There are two kinds of entries for the configuration file, the first is a line that contains the "mode" of the entry along with it's name and some more information. The format for this kind of entry is `MODE{FILENAME,INTERVAL[/DELAY],BUTTONTEXT,HELPTEXT}' where the fields are the same as in the customization menu: `MODE' The mode for the entry (See *note modes: Modes.) , either "TAIL" or "CAT" `FILENAME' The absolute path to the file or device that the entry is for. `INTERVAL' The interval (in tenth of seconds) for this entry. (See *note mode descriptions: Modes.) `DELAY' The delay (in tenth of seconds) for this entry. The delay is *optional* and *only* applies to the "RUN" mode, anyways. (See *note mode descriptions: Modes.) `BUTTONTEXT' The name to appear on the button for the entry. `HELPTEXT' The text that should pop up when the mouse pointer has been pending over the button for a short while. The second kind of entry is the one for the filters. A filter line looks like `MODES{REGEX}' the `MODES' are a comma separated list of filter modes (only one *Class 0* filter is allowed) and the `REGEX' is a standard regular expression (see GNU Regex manual). The filter lines always apply to the Available strings for the `MODES' are `RAISE' A display-time filter. (See *note Class 0 filters::.) `LOWER' A display-time filter. (See *note Class 0 filters::.) `HIDE' A display-time filter. (See *note Class 0 filters::.) `NOTICE' A background filter. (See *note Class 1 filters::.) `ALERT' A background filter. (See *note Class 1 filters::.) `UNICONIFY' A background filter. (See *note Class 1 filters::.) `EXECUTE' A background filter. (See *note Class 1 filters::.) This filter requires another argument - the command line that will be executed when a line matches the *REGEX*. The command line is just appended in `{ }' brackets. (See *note Execute::.) `INVERT' invert sense of matching -- all non-matching lines will trigger a filter `CASE_SENSITIVE' matching is performed case sensitive Here are some lines to give you an example of how a proper xlogmasterrc file looks. TAIL{/var/log/messages,3,System Messages,/var/log/messages} RAISE{greve} HIDE{accesswatch} HIDE{faxqclean} HIDE{uucpcontrol} HIDE{touch.*/tmp/newsrun} TAIL{/var/log/warn,3,Warning Messages,/var/log/warn} TAIL{/var/adm/kernel,3,Kernel Messages,/var/adm/kernel} TAIL{/var/adm/debug,3,Debugging Messages,/var/adm/debug} RAISE,NOTICE{accesswatch} HIDE{newsrun} EXECUTE,CASE_SENSITIVE{uucpcontrol}{xlm-mail greve} RUN{w,3/10,Who's Online,...tell me who's online...} ALERT{root}  File: xlogmaster.info, Node: FAQ, Next: Concept Index, Prev: Configuration Files, Up: Top Frequently Answered Questions ***************************** This is a list of frequently asked questions (FAQ's) about the Xlogmaster with answers. If you know the answer of a question is in the FAQ list, please reply to the question by e-mail instead of posting. Help reduce noise! Please suggest new questions, answers, wording changes, deletions, etc. The most helpful form for suggestions is a context diff (i.e. the output of `diff -c'). Include `FAQ' in the subject of messages sent to me about the FAQ list. Please do not send questions to me just because you do not want to disturb a lot of people and you think I would know the answer. I do not have time to answer questions individually and keep up with everything else I have to get done. Questions to me that have been answered before slow down development and that is bad for everyone. * Menu: * Introductory Questions:: * Compiling Xlogmaster::  File: xlogmaster.info, Node: Introductory Questions, Next: Compiling Xlogmaster, Prev: FAQ, Up: FAQ Introductory Questions ====================== * Menu: * What:: What is the Xlogmaster ? * Current version:: What is the current version of the Xlogmaster ? * Where:: Where can I find it? * Getting help:: Where can I get help for using the Xlogmaster ? * Regexp:: What are Regular Expressions  File: xlogmaster.info, Node: What, Next: Current version, Prev: Introductory Questions, Up: Introductory Questions What is the Xlogmaster ? ------------------------ The Xlogmaster is a GTK+ (see the GIMP toolkit page under http://www.gimp.org/ for more information) based program that helps you to monitor all kinds of system activity. It allows monitoring and background surveillance of all logfiles and devices that allow being read by `cat' like the `/proc' devices. You can configure the Xlogmaster graphically to take almost any action you can think of upon certain events and it can certainly help you keeping track of everything and increasing system security.  File: xlogmaster.info, Node: Current version, Next: Where, Prev: What, Up: Introductory Questions What is the current version of the Xlogmaster ? ----------------------------------------------- The current version is 1.6.0, yet to be released.  File: xlogmaster.info, Node: Where, Next: Getting help, Prev: Current version, Up: Introductory Questions Where can I find it? -------------------- The source can be found via anonymous FTP at `ftp.gnu.org:/pub/gnu/'.  File: xlogmaster.info, Node: Getting help, Next: Regexp, Prev: Where, Up: Introductory Questions Where can I get help for using the Xlogmaster ? ----------------------------------------------- If you installed everything correctly the easiest ways are probably * the tutorial that should be in your info tree. Otherwise you can find it in the `doc' directory of the distribution * the man page. * executing the Xlogmaster via `xlogmaster --help' Other ways are to check out the home page at `http://www.gnu.org/software/xlogmaster/xlogmaster.html' or the mailing lists * `beta-xlogmaster@gnu.org' Subscription is done by sending a mail to `beta-xlogmaster-request@gnu.org' leave the *subject* blank and enter `subscribe' in the *body*. * `help-xlogmaster@gnu.org' Subscription is done by sending a mail to `help-xlogmaster-request@gnu.org' leave the *subject* blank and enter `subscribe' in the *body*.  File: xlogmaster.info, Node: Regexp, Prev: Getting help, Up: Introductory Questions Regular Expressions ------------------- This is a brief and shallow outline. For more details, consult the 'ed' man page (man ed), or the GNU regex info file (if you have it installed). Regular expressions are a means of specifying a text pattern. Xlogmaster uses them in its filter specifications, where lines containing the pattern activate the filter. There are however a number of characters and character sequences which have a special meaning - which may change on the context. `^' matches start of line. Negates a character class. `$' matches end of line. `.' matches any character. `\(' starts a subexpression. `\)' ends a subexpression. `\|' Alternation (OR) operator. `[' Starts a character class. `]' Ends a character class. `*' Matches ZERO OR MORE occurrences of the preceding expression. `+' Matches ONE OR MORE occurrences of the preceding expression. At their simplist, regular expressions are just text strings, for example: `kernel' would match any line containing the string `kernel' anywhere within it. Slightly more complicated expressions, and their effects, are: `^kernel.*link' would match any line starting `kernel', followed by any number of characters (including zero), and `link'. `\(kernel\)\|\(link\)' would match any line containing 'kernel' or 'link'. `[a-z][0-9a-z_]*' would match many languages' idea of an identifier, that is, starts with a letter, followed by any number of letters, digits or the character '_'.  File: xlogmaster.info, Node: Compiling Xlogmaster, Prev: Introductory Questions, Up: FAQ Compiling the Xlogmaster ======================== * Menu: * Installation:: Normal installation * Make problems:: Make doesn't seem to understand the Makefiles  File: xlogmaster.info, Node: Installation, Next: Make problems, Prev: Compiling Xlogmaster, Up: Compiling Xlogmaster Normal installation ------------------- Normal installation is done by unpacking the archive and then entering it. `./configure ; make ; make install' should do everything then. The default is to install it into the `/usr/local' structure. If you want to change that and for other configuration options, please see `./configure --help'. Note. If you are using a FreeBSD system and want to compile from source, consider using the port `/usr/ports/sysutils/xlogmaster'. If you just want to install an executable version, consider using the package.  File: xlogmaster.info, Node: Make problems, Prev: Installation, Up: Compiling Xlogmaster Make doesn't seem to understand the Makefiles --------------------------------------------- This can happen on some systems (especially SunOS or old Solaris ones) - the problem is easily fixed by using `gmake' instead of `make'.  File: xlogmaster.info, Node: Concept Index, Prev: FAQ, Up: Top Concept Index ************* * Menu: * Alert filter (Class 1): Alert. * Audio Support: Audio Support. * Cat mode: Cat mode. * Class 0 filters: Class 0 filters. * Class 1 filters: Class 1 filters. * Compiling Xlogmaster: Compiling Xlogmaster. * Configfile Introduction: Configfile Introduction. * Configuration Files: Configuration Files. * Current version: Current version. * Execute filter (Class 1): Execute. * Filters: Filters. * FreeBSD: Installation. * Frequently Answered Questions: FAQ. * Help: Getting help. * Hide filter (Class 0): Hide. * How to use the Xlogmaster: Runtime Commands. * Internal workings of the Xlogmaster: Xlogmaster Concepts. * Introduction into the Xlogmaster: Introduction. * Introductory Questions: Introductory Questions. * Lower filter (Class 0): Lower. * mailing lists: Getting help. * Make problems: Make problems. * Modes: Modes. * Normal Installation: Installation. * Notice filter (Class 1): Notice. * Obtaining Xlogmaster: Where. * Raise filter (Class 0): Raise. * Regular Expressions: Regexp. * Run mode: Run mode. * Tail mode: Tail mode. * Uniconify filter (Class 1): Uniconify. * What is the Xlogmaster ?: What. * Xlogmaster configuration file format: Xlogmasterrc format. * Xlogmaster configuration file location: Xlogmasterrc location. * Your rights and freedoms.: Copying.  Tag Table: Node: Top1352 Node: Copying2079 Node: Introduction3082 Node: Runtime Commands4806 Node: Xlogmaster Concepts5757 Node: Modes6228 Node: Tail mode7006 Node: Cat mode7405 Node: Run mode7670 Node: Filters8592 Node: Class 0 filters9267 Node: Hide9847 Node: Raise10158 Node: Lower10395 Node: Class 1 filters10550 Node: Alert11460 Node: Execute12191 Node: Notice13134 Node: Uniconify13814 Node: Audio Support14101 Node: Configuration Files14982 Node: Configfile Introduction15352 Node: Xlogmasterrc location16339 Node: Xlogmasterrc format16974 Node: FAQ20107 Node: Introductory Questions21136 Node: What21636 Node: Current version22316 Node: Where22572 Node: Getting help22802 Node: Regexp23787 Node: Compiling Xlogmaster25455 Node: Installation25759 Node: Make problems26439 Node: Concept Index26768  End Tag Table