#670875 RFP: logsurfer -- Monitoring system logs in real-time

Package:
wnpp
Source:
wnpp
Submitter:
Thilo Uttendorfer
Date:
2014-09-17 07:48:19 UTC
Severity:
wishlist
#670875#5
Date:
2012-04-29 21:06:35 UTC
From:
To:
* Package name    : logsurfer
  Version         : 1.8
  Upstream Author : Kerry Thompson <kerry@crypt.gen.nz>
* URL             : http://www.crypt.gen.nz/logsurfer/
* License         : BSD
  Programming Lang: C
  Description     : Monitoring system logs in real-time

Logsurfer is a program for monitoring system logs in real-time, and reporting
on the occurrence of events.

#670875#10
Date:
2012-04-30 09:21:31 UTC
From:
To:
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.04.29.2306 +0200]:

Is this a logcheck replacement?

#670875#15
Date:
2012-04-30 13:13:31 UTC
From:
To:
Am 30.04.2012 um 11:21 schrieb martin f krafft:
use it that way because the syntax is much more complex.

But it has some advantages compared to logcheck:
 - monitoring of log files in real-time
 - grouping of related log entries ("contexts")
 - trigger any action, executing programs with the current context
   (of course the most common case is sending mail)

Thilo

#670875#20
Date:
2012-05-01 04:42:39 UTC
From:
To:
Hi
RFP, after reading an article in logsurfer.

From webpage furthermore: It is similar to 'swatch', which is already
in the archive.

Thilo, do you know what logsurfer has as features in advance to
swatch?

Regards,
Salvatore

#670875#25
Date:
2012-05-01 11:48:34 UTC
From:
To:
Am 01.05.2012 um 06:42 schrieb Salvatore Bonaccorso:
logsurfer. In addition it is written in C and the author thinks it is much more
efficient then swatch which is written in Perl.

By the way, the package is on mentors.debian.net:
http://mentors.debian.net/package/logsurfer

Thilo

#670875#30
Date:
2012-05-01 11:57:24 UTC
From:
To:
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.04.30.1513 +0200]:

I don't quite understand. Are you telling me that I will not be able
to properly configure logsurfer (even if it is more complex) and
then purge logcheck and have at least the same service available?

Can logsurfer only execute an action when a filter (?) matches? The
nice thing about logcheck was that it always fired except if an
exception matched, which is the proper way to do it!

#670875#35
Date:
2012-05-01 12:29:06 UTC
From:
To:
Am 01.05.2012 um 13:57 schrieb martin f krafft:
can replace logcheck. I just would not use it that way (just my opinion),
because the nice thing with logcheck is that the rules are very simple
and a lot of other packages ship already their own rules for logcheck.

I would use logsurfer as an addition to logcheck for example when I
need more then a single line of a log (the "context" feature in logsurfer) or
if I need react immediately to an event (real-time).

You can configure logsurfer that way as well.


Thilo

#670875#40
Date:
2012-05-01 12:35:21 UTC
From:
To:
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.05.01.1429 +0200]:

logcheck is a catastrophe and the rules are not standardised and
thorough mess!

Good! Thanks,

#670875#45
Date:
2012-06-01 14:45:23 UTC
From:
To:
Hi,

I see that you've uploaded 1.8-3 to mentors.d.n, I haven't looked at
the details but here are some suggestions:

1.New package should close your ITP bug in debian/changelog
2.You need to target to unstable, but not UNRELEASED in debian/changelog
3.You don't need to Build-Depends on quilt in most cases.
4.The package hasn't been released in Debian archive, you'd better
reuse the version 1.8-1 before it actually being accepted and
published.

#670875#50
Date:
2012-06-04 19:13:50 UTC
From:
To:
Hi Aron,

thanks for your suggestions.

Am 01.06.2012 um 16:45 schrieb Aron Xu:

I uploaded a new version 1.8-1 that fixes all the points you mentioned.

Thanks,
Thilo

#670875#55
Date:
2012-06-05 17:55:01 UTC
From:
To:
Hi,

For the newly uploaded version, issues remaining:

1. debian/* are licensed under GPL-2, so your patches cannot be
directly integrated to upstream unless you re-license it. This is okay
to accept the package, but a suggestion to license at least those
patches under the same license as your upstream.

2. debian/copyright said all upstream files are licensed under a
BSD-like license, but at least the following two files are licensed
under GPL-2+: src/regex.c and src/regex.h. Please recheck all files
and document them

3. debian/rules has many template sentences from dh-make, please
remove those unnecessary ones.

#670875#60
Date:
2012-06-07 12:05:30 UTC
From:
To:
Am 05.06.2012 um 19:55 schrieb Aron Xu:

I changed the license of the patches to the upstream license.

Fixed. Could you have a look at "regex/regex.ps", I hope I got this
one right in debian/copyright.


Fixed.

I just uploaded the new version.

Thanks again for looking at the package!
Thilo

#670875#65
Date:
2012-06-08 12:45:15 UTC
From:
To:
Hi,

Thanks for your work! But I'm out and not able to look at those
packages untill 12th. Please do find other sponsors if you'd like to
see your package available in Wheezy!

#670875#72
Date:
2012-09-20 17:37:57 UTC
From:
To:
Hi Thilo

I had a quick look again at your current version uploaded to
mentors.d.n.  Really thanks for your work you put into that package.
I'm adding only again some comments:

current lintian reports the following two:

W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer
N:
N:    This package provides an ELF binary that lacks the use of fortified libc
N:    functions. Either there are no potentially unfortified functions called
N:    by any routines, all unfortified calls have already been fully validated
N:    at compile-time, or the package was not built with the default Debian
N:    compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
N:
N:    NB: Due to false-positives, Lintian ignores some unprotected functions
N:    (e.g. memcpy).
N:
N:    Refer to http://wiki.debian.org/Hardening and
N:    http://bugs.debian.org/673112 for details.
N:
N:    Severity: normal, Certainty: possible
N:
N:    Check: binaries, Type: binary, udeb
N:

This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the
CPPFLAGS asignmend should do unless I missed something. After doing so
my resulting binary had:

foo/usr/bin/logsurfer:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!

I: logsurfer: FSSTND-dir-in-manual-page usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/
N:
N:    The manual page references a directory that is specified in the FSSTND
N:    but not in the FHS which is used by Debian. This can be an indicator of
N:    a mismatch of the location of files as installed for Debian and as
N:    described by the man page.
N:
N:    If you have to change file locations to abide by Debian Policy please
N:    also patch the man page to mention these new locations.
N:
N:    Severity: wishlist, Certainty: certain
N:
N:    Check: manpages, Type: binary
N:

No files are installed into the wrong directory, but looking at the
manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is
references as default configuration file. Trying to start logsurfer:

# logsurfer
warning: logsurfer started as root
error opening configfile /usr/local/etc/logsurfer.conf
error reading configfile /usr/local/etc/logsurfer.conf

For more information on Configuration files[1], in particular see
'Location' and 'Behaviour'. Location of a default configuration file
seems configurable in the configure part.

 [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

debian/changelog: For the initial upload it is only needed to have the
'Initial release (Closes: #670875)' entry, the others as part of the
inital packaging could be removed.

Hmm, maybe would be good to actually add a README.Debian to give an
introduction on how to use logsurfer on a Debian system? How to set up
monitoring of a logfile? cronjobs?

Hope this could help you,

Regards,
Salvatore

#670875#77
Date:
2012-10-03 12:19:17 UTC
From:
To:
Hi Salvatore,


Am 20.09.2012 um 19:37 schrieb Salvatore Bonaccorso <carnil@debian.org>:

Yes, that worked for me, too. I included the patch.

While I think that lintian show this warning because of "/var/adm", I get your point.

I changed the default to /etc/logsurfer.conf. The warning about /var/adm is
still there, but I think that should be ok.

Fixed.

Yes, I thought about that as well. For now I created a small README.Debian.
But maybe it would be a good idea to include some examples like an init.d
script to start logsrufer on system boot.

Yes, very much! I uploaded a new version to mentors.d.n.

Thanks again,
Thilo

#670875#82
Date:
2013-08-21 13:44:09 UTC
From:
To:
retitle 670875 RFP: logsurfer -- Monitoring system logs in real-time
noowner 670875
tag 670875 - pending
thanks

Hi,

A long time ago, you expressed interest in packaging logsurfer. Unfortunately,
it seems that it did not happen. In Debian, we try not to keep ITP bugs open
for a too long time, as it might cause other prospective maintainers to
refrain from packaging the software.

This is an automatic email to change the status of logsurfer back from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 10 months.

If you are still interested in packaging logsurfer, please send a mail to
<control@bugs.debian.org> with:

 retitle 670875 ITP: logsurfer -- Monitoring system logs in real-time
 owner 670875 !
 thanks

It is also a good idea to document your progress on this ITP from time to
time, by mailing <670875@bugs.debian.org>.  If you need guidance on how to
package this software, please reply to this email, and/or contact the
debian-mentors@lists.debian.org mailing list.

Thank you for your interest in Debian,

#670875#91
Date:
2014-09-17 07:35:55 UTC
From:
To:
Hi,

logsurfer would seem to have a lot more
power than swatch.  Not having tried it
out it's hard to say.  But with swatch
(unless you use the perl hooks, but
writing program is cheating) you can't
do stuff like match multiple log
line, in order, within a given time
window and then fire an event.
It looks like logsurfer
might be able to do things like this.

Regards,

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein