File: notify.html

package info (click to toggle)
socklog 2.1.2%2Brepack-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,056 kB
  • sloc: ansic: 3,356; sh: 388; makefile: 316
file content (115 lines) | stat: -rw-r--r-- 4,118 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>socklog - log events notification</title>
</head>
<body>
<a href="https://smarden.org/pape/">G. Pape</a><br>
<a href="index.html">socklog</a><br>
<hr>
<h1>socklog - log events notification</h1>
<hr>
The service <i>socklog-notify</i> provides instant notification of
log events. There is an interval in seconds for the creation of
notifications to prevent a flood.
<p>
Set up the <i>socklog-notify</i> service as described in
<a href="configuration.html#notify">Configuration</a> to ensure that the
named pipe <tt>/var/log/socklog/.notify</tt> exists. Do not delete
this file after creation.
<p>
Read <a href="#disable">disable notifications</a> before stopping the
<i>socklog-notify</i> service once it is started.
<p>
<i>socklog-notify</i> is handled by the
<a href="uncat.1.html">uncat</a> program.
<hr>
<h2>how to configure log events</h2>
Choose a log controlled by
<a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>
to be watched for log events, say <tt>/var/log/socklog/main/</tt>.
<p>
Make sure the account running this log service is member of the
<i>socklog</i> group <tt>adm</tt>. If it isn't, change it now. Make sure
that the <i>socklog-notify</i> service is running.
<p>
Redirect the standard error output of
<a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>
to the named pipe <i>socklog-notify</i> is reading from.
To do so, insert <tt>exec 2&gt; /var/log/socklog/.notify</tt> as second
line into <tt>/var/service/socklog-unix/log/run</tt>:
<pre>
  #!/bin/sh
  exec 2&gt; /var/log/socklog/.notify
  exec setuidgid log svlogd \
    main/main main/auth main/cron main/daemon main/debug main/ftp \
    main/kern main/local main/mail main/news main/syslog main/user
</pre>
<a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>'s
error messages are always log events.
<p>
To configure additional log events in
<tt>/var/log/socklog/main/</tt>, use the <tt>e</tt> instruction in the
<tt>config</tt> file of this log, see the
<a href="https://smarden.org/runit/svlogd.8.html">svlogd man page</a>.
For example, if you want to be notified about all log messages of the
priority <i>alert</i>, add a corresponding <tt>e</tt> instruction to the
<tt>config</tt> file <tt>/var/log/socklog/main/config</tt> like this:
<pre>
  s999999
  n10
  e*.alert: *
</pre>
Then tell the log service to re-read the <tt>config</tt> files:
<pre>
  # sv hup socklog-unix/log
</pre>
<hr>
<h2>how to configure the notification</h2>
Per default, <i>socklog-notify</i> injects a mail to a specified
address containing the log events, but the behavior is configurable, so
you can change it to use instant or short messaging service for example.
<p>
To configure the kind of notification, edit
<tt>/etc/sv/socklog-notify/run</tt> and change the <tt>prog</tt> argument
of <a href="uncat.1.html">uncat</a> to your needs. This example
uses <i>sms_client</i> to notify:
<pre>
  #!/bin/sh -e
  PIPE=/var/log/socklog/.notify
  if [ ! -p "$PIPE" ]; then mkfifo -m0620 "$PIPE"; chown log:adm "$PIPE"; fi
  exec &lt;&gt; "$PIPE"
  exec setuidgid log uncat -s49999 -t90 \
    sh -c 'head -c140 | sms_client pager'
</pre>
Then restart the service:
<pre>
  # sv restart socklog-notify
</pre>
<p>
Another example using <i>wall</i>:
<pre>
  exec setuidgid log uncat -vs49999 -t180 sh -c 'head | wall'
</pre>
<hr>

<a name="disable"><h2>Disable log event notifications</h2></a>
You need to disable all log event notifications</a> before stopping
the <i>socklog-notify</i> service. To check which services are configured
for sending log events, run:
<pre>
  # grep -F /var/log/socklog/.notify /var/service/*/log/run
</pre>
For each of these services, edit the corresponding <tt>log/run</tt> script
to remove the <tt>exec 2&gt;/var/log/socklog/.notify</tt> line and the
configured log event(s) and restart its log service:
<pre>
  # sv restart &lt;service&gt;/log
</pre>
Now it is safe to stop the <i>socklog-notify</i> service.
<hr>
<address><a href="mailto:pape@smarden.org">
Gerrit Pape &lt;pape@smarden.org&gt;
</a></address>
</body>
</html>