[Logwatch-Devel] Cisco PIX log extension

Bjorn L. bl_logwatch at mblmail.net
Thu May 25 12:11:15 MST 2006



Giovanni Mellini wrote:

> Logwatch don't search for the rigth date format. Can I force the 
> SearchDate format locally in my script??

You can use TimeFilter to specify the new date format.  Attached
is an example file, based on your email.  (But check for the
exact format - for example, are single-digit days preceded
by a zero or a space?  And does the date start at the beginning
of the line, or are there spaces?)

This file can be put in a directory under scripts/logfiles
with the same name as the service.  Or embed the code into
your script.

Also make sure your configuration files do not call out
other date formats (such as ApplyStdDate).  Scripts under
scripts/logfiles/service_name get called when processing
service_name.
-------------- next part --------------

##########################################################################
# Apply date for Cisco PIX
##########################################################################

use POSIX qw(strftime);
use Logwatch ':dates';

my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;

$SearchDate = TimeFilter('%b %e %H:%M:%S');

if ( $Debug > 5 ) {
   print STDERR "DEBUG: Inside ApplyDate (up2date)...\n";
   print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
}

while (defined($ThisLine = <STDIN>)) {
    if ($ThisLine =~ m/^$SearchDate/o) {
      print $ThisLine;
    }
}

# vi: shiftwidth=3 tabstop=3 syntax=perl et


More information about the Logwatch-Devel mailing list