Initial Logwatch integration readme

This commit is contained in:
Asif Bacchus 2018-09-27 18:54:08 -06:00
parent d9d9e58764
commit 35cdd91089

243
etc/logwatch/README.md Normal file
View File

@ -0,0 +1,243 @@
# Using Logwatch to monitor Cloudflare DDNS updater script
The Cloudflare DDNS update script's log file has been setup so that utilities
like Logwatch can easily parse it. In order to make that happen, a LogFile
group file, service and script have to be created for Logwatch to generate
reports. The correct (general) directory structure has been created in this git
archive already. Below are the details of each file.
## LogFile Group file (/etc/logwatch/conf/logfiles/cfddns.conf)
### Log file location
This file is commented so you can update it as necessary for your environment
(i.e. you've changed the name of the log file generated by the script via the -l
parameter).
```Ini
LogFile = /path/to/your/cfddns.log
...
```
Update this needed to point to the location and name of the log file generated
by the updater script. Remember, by default, the log file is created in the
same directory as the script itself. Best practices suggest you use the *-l*
flag to change this location to something like */var/log/cfddns.log*, for
example. In that case, the entry would look like:
```Ini
LogFile = /var/log/cfddns.log
...
```
### Archive location and name format
If you want Logwatch to process old (archived) log files generated by something
like *Logrotate*, then you have to specify that location and file name format of
those files. I've included the generalized compressed format of such rotated
files as the default in the script. Suppose you store your log files in the
recommended location (*/var/log/*) and are using *Logrotate* with compression
enabled, the archive line would look like:
```Ini
...
Archive = /var/log/cfddns.log.?.gz
...
```
This would tell Logwatch, when the archive option is set to true, that your
*cfddns.log* files are archived as: *cfddns.log.1.gz*, *cfddns.log.2.gz*, etc.
and are all located in */var/log/*.
**Note: This line is totally optional and only used if you set the archive
option in Logwatch to true. You can comment/delete this line if you wish.**
### External script for timestamp processing
Since the log file uses a non-standard (according to Logwatch) method of
time-stamping, a custom filter had to be created. See the relevant section of
this document for more information.
The script file is called with an *\** before the filename.
```Ini
...
*sqFullStampAnywhere
...
```
If you change the name of this file, you will have to change this line.
Remember that whatever you type here as a name is converted to all-lowercase
so your filename should be all lowercase also.
## Service definition file (/etc/logwatch/conf/services/cfddns.conf)
### LogFile group definition
The service file needs to know what group of log file it is responsible for
processing. This MUST match the name of your *LogFile Group file*:
```Ini
LogFile = cfddns
...
```
If you change your LogFile Group filename, then update it here too without the
*.conf* extension.
### Report title
The Logwatch output file (html or text) is divided into sections. You can
define the title to be anything that has meaning for you. I have arbitrarily
chosen *"CloudFlare DDNS update"* but you can change it to anything you want by
modifying the line:
```Ini
...
Title = "CloudFlare DDNS update"
```
## Service script (/etc/logwatch/scripts/services/cfddns)
Logwatch calls any script with a name that **matches the service name**. You'll
notice that I just named everything *cfddns* to keep things simple. You can
change this to whatever you want, however. If you changed the service name to
*"cloudflare*.conf", for example, you would have to rename this script file to
"*cloudflare*" with no extension. Note: The script is a PERL file.
In essence, Logwatch just spits out the log file(s) defined in the LogFile Group
file as standard input (STDIN) and then takes whatever is output (STDOUT) and
assembles that into it's report.
### Detail levels
The script supports four (4) detail levels as follows:
- **Level 0: Summary output only**
- This will display an aggregate total of certain logged elements. It will
display the total number of hostnames (A and AAAA) that are already
up-to-date, those that needed updated, those successfully updated and the
total number of errors (or any type) encountered by the script. All
totals are relative to the reporting period Logwatch is using (--range
parameter). **This is the recommended reporting level.** It does not
take up much space and is quick to read. If you see successful updates
match the number of needed updates and no errors logged, then things are
working properly. If you notice errors, you should consult the full
logs.
- **Levels 1-4: Critical messages**
- This uses the data which is summarized by Level 0 but outputs the actual
messages in the log file. For example, you will see the actual text of
the errors logged instead of just a total number of errors. This level
of reporting is useful when *initially* monitoring the script's
operation since you can see the actual text of any generated errors.
- **Level 5: Verbose (debugging) output**
- Like the previous level, this outputs the actual messages found in the
log file. However, it also includes *[INFO] tags* which contain logged
messages such as the detected IP address and the specific names of any
hostnames not found in your Cloudflare account, etc. This level of
reporting is useful in diagnosing why errors are occurring or if you just
want more insight into how the script works. **This level of output will
make your Logwatch reports longer and consume more of your time to
review. You should not use this level day-to-day.**
- **Levels 6+: Complete log file dump**
- Any number greater than 5 passed as a detail level will trigger the
script to dump the entire log file out to Logwatch line-by-line. This is
useful only if you are debugging an issue and cannot get access to the
actual raw log file itself. The actual log file is colour-coded which
makes it much easier to read. **Use this detail level only when you need
to see the entire log file and cannot otherwise access the log file.**
## Timestamp processing script (/etc/logwatch/scripts/shared/sqfullstampanywhere)
This is basically a modified version of the '*applyeurodate*' script that comes
with Logwatch. It had to be modified to search within [square brackets] and to
accept characters coming before the stamp (i.e. ANSI colour codes). If you
change '**stamp**' variable in the updater script to update the timestamp to
your liking (which to totally fine!) then you'll probably have to update this
file. There are two lines you need to modify to suit your new '**stamp**'
variable.
### The time format specification
SearchDate is the variable used in the PERL script to do exactly what it says,
search for the date stamp. I have it set up to look for the format
'*year-month-date hour:minute:second*'. Note, we don't care about brackets or
anything here, we're just defining the format of the date/time stamp.
```Perl
...
$SearchDate = TimeFilter('%Y-%m-%d %H:%M:%S');
...
```
If you changed the '**stamp**' variable so it was formatted as '*month/day/year
hour:minute*' (ex: '*[09/27/2018 18:38]*') then you'd update the **$SearchDate**
variable as follows:
```Perl
...
$SearchDate = TimeFilter('%m/%d/%Y %H:%M');
...
```
### The search REGEX
The PERL script uses a '*regular expression*' (REGEX) to search within the log file for
'*$SearchDate*'. For the default datestamp, this specification looks like:
```Perl
...
if ($ThisLine =~ m/\[$SearchDate\] /o) {
...
```
The REGEX appears between '*m/*' and '*/o*'. In this case, it searches for
'*$SearchDate*' inside [square brackets] appearing anywhere on the line. This
is because ANSI colour-codes often appear before the datestamp in the default
log file. If you have modified this so that your datestamp appears at the
beginning of the line and in the example format in the section above (using
slashes instead of dashes) then you'd rewrite this REGEX as follows:
```Perl
...
if ($ThisLine =~ m/^\[$SearchDate\] /o) {
...
```
or using regular brackets anywhere on the line:
```Perl
...
if ($ThisLine =~ m/\($SearchDate\) /o) {
...
```
or without any brackets but appearing at the beginning of the line:
```Perl
...
if ($ThisLine =~ m/^$SearchDate /o) {
...
```
## Testing
Run *logwatch --help* and note the options. You can test just this service
locally on your screen with the following command (assuming you kept default
names for everything):
```Bash
# Summary output entire duration of log file
logwatch --service cfddns --output stdout --format text --range all --detail 0
# Minimal detail yesterday only
logwatch --service cfddns --output stdout --format text --range yesterday --detail 1
# Verbose output today only
logwatch --service cfddns --output stdout --format text --range today --detail 5
```
## Final thoughts
That's it! I'm a horrible PERL programmer so if anyone can optimize/improve the
script file used for Logwatch then please do it! Otherwise, I hope this made
sense and helped you out integrating the updater script with Logwatch for easy
monitoring :-)