Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

logtail2(8) [debian man page]

LOGTAIL(8)							  logtail2 manual							LOGTAIL(8)

NAME

       logtail2 - print log file lines that have not been read

SYNOPSIS

       logtail2 [-t] -flogfile [-ooffsetfile]

DESCRIPTION

       logtail2  reads a specified file (usually a log file) and writes to the standard output that part of it which has not been read by previous
       runs of logtail2.  It prints the appropriate number of bytes from the end of logfile, assuming that all changes that are made to it are	to
       add new characters to it.

       logfile must be a plain file.  A symlink is not allowed.

       logtail2  stores  the information about how much of it has already been read in a separate file called offsetfile.  offsetfile can be omit-
       ted.  If omitted, the file named logfile.offset in the same directory which contains logfile is used by default.

       If offsetfile is not empty, the inode of  logfile  is  checked.	 If  the  inode  is  changed,  logtail2  uses  the  heuristics	stored	in
       /usr/share/logtail/detectrotate/  to  find  a file that might be the rotated logfile and prints it starting with the stored offset. It then
       proceeds to simply print the entire new file and generates a new offsetfile.  If the inode is not changed but logfile is  shorter  than	it
       was at the last run of logtail2, it writes a warning message to the standard output.

OPTIONS

       -f     logfile to be read after offset

       -o     offsetfile stores offset of previous run

       -t     test mode - do not change offset in offsetfile

RETURN VALUES

       0      successful

       65     cannot get the size of logfile

       66     general file or directory access issue

       73     cannot write offsetfile

AUTHOR

       The original logtail was written in C by Craig H. Rowland <crowland@psionic.com>.  This version of logtail is a modification of Paul Sloot-
       man's re-implementation in perl.  enhanced by the Debian Logcheck Team <logcheck-devel@lists.alioth.debian.org>.

       This   manual   was   written   by   Oohara   Yuuma   <oohara@libra.interq.or.jp>   and	 enhanced   by	 the	Debian	  Logcheck    Team
       <logcheck-devel@lists.alioth.debian.org>..

SEE ALSO

       logcheck(8)

Debian								    28 Jul 2007 							LOGTAIL(8)

Check Out this Related Man Page

logcheck-test(1)					      General Commands Manual						  logcheck-test(1)

NAME

       logcheck-test - test new logcheck rules easily

SYNOPSIS

       logcheck-test [-q|-i] [-a|-s|-l FILE] [-e] [-P PREFIX] [-S SUFFIX] RULE
       logcheck-test [-q|-i] [-a|-s|-l FILE] -r RULEFILE

DESCRIPTION

       logcheck-test  parses  a log file for matching lines specified by a single rule or a rule file. If using a single RULE you can set a PREFIX
       and a SUFFIX to write new rules easily.

OPTIONS

       -h, --help
	      Show usage information

       -a, --auth.log
	      Parse /var/log/auth.log for matching lines

       -s, --syslog
	      Parse /var/log/syslog for matching lines

       -l, --log-file FILE
	      Parse FILE for matching lines

       -i, --invert-match
	      Show line that don't match the RULE or the RULEFILE

       -q, --quiet
	      Suppress rule summary at the end of output

       -e, --surround-rule
	      Surround RULE with standard prefix and suffix:

	      ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ RULE$

       -P, --append-prefix PREFIX
	      Append PREFIX to rule prefix. Option can be given multiple times

       -S, --prepend-suffix SUFFIX
	      Prepend SUFFIX to rule suffix. Option can be given multiple times

       -r, --rule-file RULEFILE
	      Use file RULEFILE for rule input

EXAMPLES

       With logcheck-test you can easily write and test new rules.

       Test a single rule against /var/log/syslog:
	      logcheck-test -s "RULE"

       Test a single rule against ~/log, surround the rule with standard prefix and suffix and append "kernel " to prefix:
	      logcheck-test -l ~/log -e -P "kernel " "RULE"

       Test the rules in rulefiles/linux/ignore.d.server/kernel against ~/log:
	      logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel

       Test which lines the rules in rulefiles/linux/ignore.d.server/kernel doesn't match:
	      logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel -i

EXIT STATUS

       On successful matching logcheck-test will complete with exit code 0. An exit code of 1 indicates no successful matching.

       An exit code greater then 1 indicates an error occurred. Textual errors are written to the standard error stream.

SEE ALSO

       logcheck(8)

AUTHOR

       logcheck is developed by Debian logcheck Team at alioth: http://alioth.debian.org/projects/logcheck/. This manual was written by Hannes von
       Haugwitz <hannes@vonhaugwitz.com>.

								   Feb 19, 2010 						  logcheck-test(1)
Man Page