-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogmerge.man
72 lines (72 loc) · 2.13 KB
/
logmerge.man
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
.TH LOGMERGE 1 "4 July 2006" Tardis "Logmerge manual"
.SH NAME
logmerge \- merge dated log files
.SH SYNOPSIS
.B logmerge
.RB [ \-\-no\-update ]
.RB [ \-\-offsets
.IR file ]
.SH DESCRIPTION
Merge several log files together line by line, keeping the lines in
chronological order. The position after the last message read from each file
is stored so that messages are not duplicated in subsequent runs. Information
about the log files is stored in the
.I offsets
file. A new
.I offsets
file can be produced using the
.B logmerge-mkoffsets
(1) program.
.SH OPTIONS
.IP \-\-no\-update
Do not update the
.I offsets
file with the last position read from each log file. The next time the program
is run all of the output will be repeated. This is useful for testing.
.IP "\-\-offsets file"
Use the given file name rather than the default of
.IR /var/lib/logmerge/offsets .
.SH EXAMPLE
The principle intended use for
.B logmerge
is to combine log files for regular summary reports generated by
.IR piperlog (1).
First, make an initial
.I offsets
file:
.IP
logmerge-mkoffsets /var/log/auth.log /var/log/syslog > /var/lib/logmerge/offsets
.PP
then set up a cron job to produce the summaries at regular intervals:
.IP
5 */4 * * * (logmerge | piperlog | mail -s "Log summary at `date`" [email protected])
.SH LIMITATIONS
Log rotation may change the file names, so
.B logmerge
uses each file's inode number (its raw identity in the file system) to find the
correct file to start reading from. For example, if the log file is called
.I syslog
is rotated to
.I syslog.0
then
.B logmerge
notices that
.I syslog
now has a different inode number and so checks
.IR syslog.0 .
.PP
Strange file systems may not preserve inode numbers. This will cause the
entire log file to be output each time
.B logmerge
is run.
.PP
The messages in the log files are assumed to be in chronological order. If
they are not then all the lines will still be output, but not necessarily in
the correct order. Year rollovers may not yet be handled correctly.
.SH FILES
.IR /var/lib/logmerge/offsets .
.SH AUTHORS
Brian Campbell ([email protected]).
.SH SEE ALSO
.BR logmerge-mkoffsets (1),
.BR piperlog (1)