Why not adopt me?

This distribution is up for adoption! If you're interested then please contact the PAUSE module admins via email.

NAME

SyslogScan::Daemon - Watch log files

SYNOPSIS

syslogscand [-f] [-c config] {start|stop|reload|restart|check}

@ISA = qw(SyslogScan::Daemon);

newdaemon()

DESCRIPTION

SyslogScan::Daemon is a framework on which to hang log file watchers. SyslogScan::Daemon is a subclass of Daemon::Generic and uses Plugins to create the framework.

CONFIGURATION PREFIX

The configuration prefix for plugins for SyslogScan::Daemon is ''. Use plugin to load plugins.

CONFIGURATION PARAMETERS

SyslogScan::Daemon defines the following configuration parameters which may be given in indented lines that follow plugin SyslogScan::Daemon or anywhere in the configuration file.

debug: (default 0) Turn on debugging.
configfile: (default /etc/syslogscand.conf). The location of the configuration file for the plugins or SyslogScan::Daemon.

WRITING PLUGINS

Plugins for SyslogScan::Daemon should subclass SyslogScan::Daemon::Plugin. The following methods will be invoked by SyslogScan::Daemon:

new(%args)

Called from Plugins and %args will come from the configuration file. An object of the type of the plugin is expected as the return value. It's okay to die here.

preconfig($configfile)

Called right after new() and when a reload is requested. Return value is a %hash that is then passed into postconfig(). It's okay to die here.

postconfig(%args)

Called after all plugin's preconfig()s are called. No return value is expected.

get_logs()

Called after postconfig(). The return value of get_logs() is a hash: the keys are log file names and the values are lists of regular expressions to match. For example:

 sub get_logs
 {
	return (
		'/var/log/mail.log'	=> [
			qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(bounced).*\b(?i:blacklist(ed)?|spamming|spam list|removal|remove|block list|blocked for abuse)\b},
			qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(deferred).*Rejected: \S+ listed at http},
		],
	);
 }

The default implementation of get_logs() checks to see if there is a $self-{plugins}> member and if there is, it re-dispatches the get_logs() call to its plugins. It keeps track of the regular expressions returned by its plugins that in matched_line(), callbacks can be redistributed to the appropriate plugin:

 sub matched_line
 {
	my ($self, $logfile, $rx) = @_;

	for my $plugin (@{$self->{logs}{$logfile}{$rx}}) {
		my @ret = $plugin->invoke('parse_logs', $logfile, $rx);

		# your stuff here...
	}
 }

matched_line($file, $rx)

Called after one of the regular expressions returned by get_logs() matched a log line. The arguments are the log filename where the match was found and the regular expression that matched. Passed implicitly are the line that was matched ($_) and any of the numbered regular expression submatches ($1, $2, etc). No return value is expected.

periodic()

Called once per second or so (or however of the config file says).

The default implementation of periodic() checks to see if there is a $self-{plugins}> member and if there is calls $self-{plugins}->invoke('periodic')> to send the heartbeat down the plugin tree.

Use Plugins::SimpleConfig

Using Plugins::SimpleConfig to write the plugins make the job much easier.

Plugins that have plugins

For plugins that in turn have plugins, a helper function is provided in SyslogScan::Daemon::Plugin:

 sub set_api
 {
	my ($self, $ssd_configfile, @api) = @_;

	my $config = $self->{configfile} || $ssd_configfile;

	$self->{myapi} = Plugins::API->new;
	$self->{myapi}->api(@api);
	$self->{myapi}->autoregister($self);
	$self->{myapi}->register(undef, parentapi => sub { return $self->{api} });

	$self->{plugins} = new Plugins context => $self->{context};
	$self->{plugins}->readconfig($config, self => $self);

	$self->{plugins}->api($self->{myapi});
	$self->{myapi}->plugins($self->{plugins});

	$self->{plugins}->initialize();
	$self->{plugins}->invoke('preconfig', $config);
 }

To use it, define your preconfig() as follows:

 sub preconfig
 {
	my ($self, $ssd_configfile, @api) = @_;

	$self->set_api($ssd_configfile,
		stuff for Plugins::API::api()
	);

	... more initialization if needed
 }

LICENSE

If you find this useful, please thank me by giving me a chance to bid on your next Internet transit purchase of T1 or larger. I have good prices for T1s, T3s, OC3s and such. Thank you.

To install SyslogScan::Daemon, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SyslogScan::Daemon

CPAN shell

perl -MCPAN -e shell
install SyslogScan::Daemon

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)