NAME¶
lwatch — syntax highlighting for syslog/syslog-ng file
SYNOPSIS¶
lwatch [-C
filename] [--config
filename] [-i
filename] [--input
filename] [-o
filename] [--output
filename] [-sdOhv] [--show-unparsed] [--daemon] [--omit-rc] [--help]
DESCRIPTION¶
Lwatch is a log colorizer. It reads syslog/syslog-ng data from named fifo or
from stdin and displays colored logs into stdout.
Lwatch is highly user-customizable. It reads configuration data from the file
/etc/lwatch/lwatch.conf or (if given) from the file provided with option
-C
The way it works is simple. It reads a line from input (build-in default is
/var/lib/lwatch/syslog.fifo), splits it into four parts: date, hostname,
service name (with PID, if available) and real message. Each part has its own
default color. You can redefine them in configuration file. Default colors as
the same as in loco(1) [see:
http://www.zjuul.net/~jules/loco/]. But lwatch is
not only a static log colorizer. It is something more. It can colorize your
logs any way you wish. You are able to set a new color for any part (date,
host, service, message) using regexp based patterns.
COMMAND LINE OPTIONS¶
Lwatch accepts some command line options. Command line options have precedence
over values from configuration file.
- -C filename
- --config filename
- read config from filename instead of /etc/lwatch/lwatch.conf
- -i filename
- --input filename
- read data from named fifo filename instead of
/var/lib/lwatch/syslog.fifo
- -o filename
- --output filename
- write colored logs to filename instead stdout
- -s
- --show-unparsed
- show unparsed lines like `last message repeated 5 times' or `--- MARK
---'
- -d
- --daemon
- run as daemon, detach from control terminal, move to background
- -O
- --omit-rc
- do not read values from config file
- -h
- --help
- show help about runtime option
- -v
- --version
- show version and copyright notices
RUNNING¶
Preferred way to run lwatch is to read syslog messages from named fifo or from
standard input.
If you use syslog you really want to read messages from named fifo. To do it,
put a line:
*.* |/var/lib/lwatch/syslog.fifo
in your syslog.conf. Create appropriate fifo and restart syslog, then run
lwatch. You can also run lwatch before starting syslog. If you don't know how
to create named fifo see
mknod(1) for details.
Remember:
- •
- fifo must exist
- •
- proper name must be put in /etc/lwatch/lwatch.conf or given with -i
command line option
In syslog-ng you can run lwatch directly from syslog, i.e.:
log { source(src); destination(console_all);};
destination console_all {program("/usr/bin/lwatch -i- -o/dev/tty11"); };
Lwatch does not support reading from regular files. If you really need this
functionality use following command:
tail -f /path/to/filename | /usr/bin/lwatch -i-
It could be subject to change in the future.
RESOURCES¶
- •
- http://sf.net/projects/lwatch
- •
- http://freshmeat.net/projects/lwatch/
COPYRIGHT¶
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
Regular expression support is provided by the PCRE library package, which is
open source software, written by Philip Hazel, and copyright by the University
of Cambridge, England. This library is available at:
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
NOTE FROM AUTHOR¶
I have written this tool for my own needs because perl tools, however flexible,
eated a lot of memory and CPU. I have found it useful and I share it with the
Open Source Community. But still, developing of this software is driven by my
own needs. So, you could expect next release in a year or two ;)
It would be really nice if you could find some time and spare it for rating this
project on FreshMeat (see RESOURCES). Comments are welcome too. I cannot
promise that I will add new features to lwatch immediately but any positive
feedback will raise my motivation level up.
Thank you in advance for your time.
SEE ALSO¶
lwatch.conf(5)
