* Package name : logsurfer Version : 1.8 Upstream Author : Kerry Thompson <kerry@crypt.gen.nz> * URL : http://www.crypt.gen.nz/logsurfer/ * License : BSD Programming Lang: C Description : Monitoring system logs in real-time Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events.
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.04.29.2306 +0200]: Is this a logcheck replacement?
Am 30.04.2012 um 11:21 schrieb martin f krafft:
use it that way because the syntax is much more complex.
But it has some advantages compared to logcheck:
- monitoring of log files in real-time
- grouping of related log entries ("contexts")
- trigger any action, executing programs with the current context
(of course the most common case is sending mail)
Thilo
Hi RFP, after reading an article in logsurfer. From webpage furthermore: It is similar to 'swatch', which is already in the archive. Thilo, do you know what logsurfer has as features in advance to swatch? Regards, Salvatore
Am 01.05.2012 um 06:42 schrieb Salvatore Bonaccorso: logsurfer. In addition it is written in C and the author thinks it is much more efficient then swatch which is written in Perl. By the way, the package is on mentors.debian.net: http://mentors.debian.net/package/logsurfer Thilo
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.04.30.1513 +0200]: I don't quite understand. Are you telling me that I will not be able to properly configure logsurfer (even if it is more complex) and then purge logcheck and have at least the same service available? Can logsurfer only execute an action when a filter (?) matches? The nice thing about logcheck was that it always fired except if an exception matched, which is the proper way to do it!
Am 01.05.2012 um 13:57 schrieb martin f krafft: can replace logcheck. I just would not use it that way (just my opinion), because the nice thing with logcheck is that the rules are very simple and a lot of other packages ship already their own rules for logcheck. I would use logsurfer as an addition to logcheck for example when I need more then a single line of a log (the "context" feature in logsurfer) or if I need react immediately to an event (real-time). You can configure logsurfer that way as well. Thilo
also sprach Thilo Uttendorfer <debian@uttendorfer.net> [2012.05.01.1429 +0200]: logcheck is a catastrophe and the rules are not standardised and thorough mess! Good! Thanks,
Hi, I see that you've uploaded 1.8-3 to mentors.d.n, I haven't looked at the details but here are some suggestions: 1.New package should close your ITP bug in debian/changelog 2.You need to target to unstable, but not UNRELEASED in debian/changelog 3.You don't need to Build-Depends on quilt in most cases. 4.The package hasn't been released in Debian archive, you'd better reuse the version 1.8-1 before it actually being accepted and published.
Hi Aron, thanks for your suggestions. Am 01.06.2012 um 16:45 schrieb Aron Xu: I uploaded a new version 1.8-1 that fixes all the points you mentioned. Thanks, Thilo
Hi, For the newly uploaded version, issues remaining: 1. debian/* are licensed under GPL-2, so your patches cannot be directly integrated to upstream unless you re-license it. This is okay to accept the package, but a suggestion to license at least those patches under the same license as your upstream. 2. debian/copyright said all upstream files are licensed under a BSD-like license, but at least the following two files are licensed under GPL-2+: src/regex.c and src/regex.h. Please recheck all files and document them 3. debian/rules has many template sentences from dh-make, please remove those unnecessary ones.
Am 05.06.2012 um 19:55 schrieb Aron Xu: I changed the license of the patches to the upstream license. Fixed. Could you have a look at "regex/regex.ps", I hope I got this one right in debian/copyright. Fixed. I just uploaded the new version. Thanks again for looking at the package! Thilo
Hi, Thanks for your work! But I'm out and not able to look at those packages untill 12th. Please do find other sponsors if you'd like to see your package available in Wheezy!
Hi Thilo I had a quick look again at your current version uploaded to mentors.d.n. Really thanks for your work you put into that package. I'm adding only again some comments: current lintian reports the following two: W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called N: by any routines, all unfortified calls have already been fully validated N: at compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CPPFLAGS. N: N: NB: Due to false-positives, Lintian ignores some unprotected functions N: (e.g. memcpy). N: N: Refer to http://wiki.debian.org/Hardening and N: http://bugs.debian.org/673112 for details. N: N: Severity: normal, Certainty: possible N: N: Check: binaries, Type: binary, udeb N: This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the CPPFLAGS asignmend should do unless I missed something. After doing so my resulting binary had: foo/usr/bin/logsurfer: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! I: logsurfer: FSSTND-dir-in-manual-page usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/ N: N: The manual page references a directory that is specified in the FSSTND N: but not in the FHS which is used by Debian. This can be an indicator of N: a mismatch of the location of files as installed for Debian and as N: described by the man page. N: N: If you have to change file locations to abide by Debian Policy please N: also patch the man page to mention these new locations. N: N: Severity: wishlist, Certainty: certain N: N: Check: manpages, Type: binary N: No files are installed into the wrong directory, but looking at the manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is references as default configuration file. Trying to start logsurfer: # logsurfer warning: logsurfer started as root error opening configfile /usr/local/etc/logsurfer.conf error reading configfile /usr/local/etc/logsurfer.conf For more information on Configuration files[1], in particular see 'Location' and 'Behaviour'. Location of a default configuration file seems configurable in the configure part. [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files debian/changelog: For the initial upload it is only needed to have the 'Initial release (Closes: #670875)' entry, the others as part of the inital packaging could be removed. Hmm, maybe would be good to actually add a README.Debian to give an introduction on how to use logsurfer on a Debian system? How to set up monitoring of a logfile? cronjobs? Hope this could help you, Regards, Salvatore
Hi Salvatore, Am 20.09.2012 um 19:37 schrieb Salvatore Bonaccorso <carnil@debian.org>: Yes, that worked for me, too. I included the patch. While I think that lintian show this warning because of "/var/adm", I get your point. I changed the default to /etc/logsurfer.conf. The warning about /var/adm is still there, but I think that should be ok. Fixed. Yes, I thought about that as well. For now I created a small README.Debian. But maybe it would be a good idea to include some examples like an init.d script to start logsrufer on system boot. Yes, very much! I uploaded a new version to mentors.d.n. Thanks again, Thilo
retitle 670875 RFP: logsurfer -- Monitoring system logs in real-time noowner 670875 tag 670875 - pending thanks Hi, A long time ago, you expressed interest in packaging logsurfer. Unfortunately, it seems that it did not happen. In Debian, we try not to keep ITP bugs open for a too long time, as it might cause other prospective maintainers to refrain from packaging the software. This is an automatic email to change the status of logsurfer back from ITP (Intent to Package) to RFP (Request for Package), because this bug hasn't seen any activity during the last 10 months. If you are still interested in packaging logsurfer, please send a mail to <control@bugs.debian.org> with: retitle 670875 ITP: logsurfer -- Monitoring system logs in real-time owner 670875 ! thanks It is also a good idea to document your progress on this ITP from time to time, by mailing <670875@bugs.debian.org>. If you need guidance on how to package this software, please reply to this email, and/or contact the debian-mentors@lists.debian.org mailing list. Thank you for your interest in Debian,
Hi,
logsurfer would seem to have a lot more
power than swatch. Not having tried it
out it's hard to say. But with swatch
(unless you use the perl hooks, but
writing program is cheating) you can't
do stuff like match multiple log
line, in order, within a given time
window and then fire an event.
It looks like logsurfer
might be able to do things like this.
Regards,
Karl <kop@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein