Search plugin: Or browse by category:

logdog summary

Plugin Name: logdog
Version: 0.1.0
Author: @melezhik
Realease Date: 2016-12-28 09:34:29
Short Description: smart beagle to find suspicious entries in your logs for the period of time
Category: utilities
Plugin web page: https://github.com/melezhik/logdog.git
Download link: logdog-v0.001000.tar.gz
Latest version link: https://sparrowhub.org/info/logdog

logdog documentation

logdog doc

SYNOPSIS

Smart beagle to find suspicious entries in your logs for period of time.

INSTALL

$ sparrow plg install logdog

CONFIGURATION

$ sparrow project create nginx

$ sparrow task add nginx 500-errors logdog

$ sparrow task ini nginx/500-errors 

# all the configuration
# should be kept under
# `logdog' section

<logdog>

# set path to log file
  
file = /var/log/nginx/access.log

# this is examples of nginx log entries
# 127.0.0.1 - - [24/Mar/2016:14:27:17 +0300] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0)

# define how to extract time chunks 
# from your log entries:

# this should perl regexp:
time_pattern  = \[(\d+\/\S+\/\d+):(\S+)

# this should be posix strftime format
# see `man strftime`
time_format   = %d/%b/%Y %T

# check logs for last 5 minutes
history = 5 minutes

# to proper time calculation 
# need to know a timezone
timezone = Europe/Moscow

# I need 500 errors
filter = HTTP\/\S+?"\s+500\s


# group found entries by IP address:
key_field = (\S+)


# density - is optional parameter
# show only groups with entries number more or equal 3 
density = 3


# check_mode

# should be one of : zero|one_or_many|report
# default value - report

# group is a found entries grouped by key_field

# zero - if zero group found test succeed
# one_or_many - if one or many groups found - test succeed
# report - test succeed always ( report mode - when you don't care whether or not any groups found )

check_mode = report

</logdog>

USAGE

sparrow task run nginx/500-errors

AUTHOR

Alexey Melezhik