[Logwatch] repeated log in logwatch

julien Touche julien.touche at touche.fr.st
Sat Aug 26 02:51:45 MST 2006


is anything provided in logwatch to avoid multiple repetition of similar
log ?
for example for unmatched line: give number of repetition of the line
(ignoring date/pid) if appears more than one or n times.

joined a dirty hack for sudo logfiles, as my monitoring keeps doing the
same stuff, and it's not interesting to see the same command repeated
more than a hundred times a day.

thanks
Regards

		Julien

=== scripts/services/sudo
--- sudo.orig	2006-08-01 16:33:38.000000000 +0200
+++ sudo	2006-08-01 16:47:34.000000000 +0200
@@ -19,6 +19,8 @@
 #require 5.6.0; # our

 our ($Debug,  $Detail,  %byUser);
+my $count = 0;
+my $old_cmd;

 BEGIN {
     $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
@@ -36,18 +38,30 @@
         print "=" x 78, "\n";
         foreach my $euser (sort keys %{$byUser{$user}}) {
             print "$user => $euser\n", "-" x 78, "\n";
+	    $count = 0;
             foreach my $row (@{$byUser{$user}{$euser}}) {
         	my ($cmd, $dir, $tty) = @$row;
         	# make long commands easier to read
         	$cmd =~ s/(?=.{74,})(.{1,74}) /${1} \\\n    /g
         	    if (length($cmd) > 75);
-        	print "$cmd\n";
-        	if ($Detail > 20) {
-        	    my $ttydetail = "";
-        	    $ttydetail = "($tty) " if $Detail >= 30;
-        	    print "\t$ttydetail$dir\n";
-        	} # if $Detail
+		if ($old_cmd eq $cmd) {
+			$count += 1;
+		} else {
+                    if ($count>1) {
+		        print "     repeated = $count\n";
+		    }
+        	    print "$cmd\n";
+        	    if ($Detail > 20) {
+        	        my $ttydetail = "";
+        	        $ttydetail = "($tty) " if $Detail >= 30;
+        	        print "\t$ttydetail$dir\n";
+        	    } # if $Detail
+		    $old_cmd = $cmd;
+		}
             } # foreach $row
+            if ($count>1) {
+	       print "     repeated = $count\n";
+	    }
         } # foreach $euser
     } # foreach $user
 } # END



More information about the Logwatch mailing list