Using the config file below to alert on all events entering the log, I've found that events entering the logs /var/log/apache/error_log and /var/log/qmail/current do not generate matches. My first thought was that wasabi didn't have read access, but in debug mode, it is seeing the entries. For example, here is a line from each of the two files and how wasabi reports it: [MAIN] got message: @4000000040dda6302f673b24 new msg 813592 [MAIN] got message: [Sat Jun 26 09:26:04 2004] [error] PHP Notice: Use of undefined constant userbox - assumed 'userbox' in /home/apache/websites/www.madslab.com/mainfile.php on line 397 No "matched" lines. However, log entries landing in /var/log/syslog and /var/log/kern are matching. For example (ip address obfuscated by me): [MAIN] got message: Jun 26 09:23:59 sinope pop3d: Connection, ip=[::ffff:***] [MAIN] matched message for queue misc: pop3d: Connection, ip=[::ffff:***] [MAIN] masked message: pop3d: Connection, ip=[::ffff:***] Reproducible: Always Steps to Reproduce: 1. Use the config file specified below. 2. Run wasabi in debug mode. 3. Generate some log events to the varios logs. 4. Observe the output of wasabi. Actual Results: Log entries in files in /var/log generated "matched" lines in the wasabi debug output. Log entries in files in directories that are sub-directories of /var/log did not generate "matched" lines. Expected Results: All log entries should have matched, since the match criteria is ".*" This is the wasabi config file I tested with: set pidfile /var/run/wasabi.pid set logfile /var/log/apache/error_log set logfile /var/log/qmail/current set logfile /var/log/kern.log set logfile /var/log/syslog set logfile /var/log/messages set sleep 5 set limit 800 set mask ___ set mailserver localhost set subject Wasabi report set queue misc wasabi@arcticbears.com eric@arcticbears.com 8h misc .* I'm using wasabi 0.2.1-r1 and perl 5.8.2-r1.
Hi, in debug mode wasabi is not executed as 'wasabi' user, are you sure that the logs are readable by wasabi user and/or group?
Well, first off, it still seems to be able to read the log, since I am seeing "got message" in the console. Secondly, I did some of the tests as root just to make sure. Can you not reproduce it?
Ah, sorry I misread your report ;), the problem is that error_log and qmail log are not in syslog format, currently wasabi watches only for syslog messages. Next release will have an option for reading arbitrary log messages, meanwhile you can check this topic in the forums: http://forums.gentoo.org/viewtopic.php?t=189207 Next release will have something like that. I'll leave this open for another 24 hours if you have any questions.
OK, that patch works for me, so I'm happy. I guess the real bug is in the man page - perhaps make it more clear that (in this release) it will only match syslog-style log entries that start with date-time-hostname. Anyhow, great tool. Can't wait for the next release! :) Thanks!
Thank you :)
