lograptor [options] [FILE ...]
lograptor [options] [-e PATTERN | -f PATTERNS_FILE ] [FILE ...]
Lograptor is a search tool for system logs saved with legacy BSD syslog format (RFC 3164) or IETF syslog format (RFC 5424).
It’s developed as a compact and configurable CLI tool, usable for raw or refined searches and to create specific or periodic reports on system logs. The application mix classical pattern matching features with scope parameters and a configurable set of filters. You can define application filtering rule using the classical regexp syntax. Lograptor can also produce and publish reports in various formats. Reporting could be automated using cron.
To understand Lograptor’s configuration see lograptor-conf(5).
For more informations on adding and configuring applications see lograptor-apps(5).
Show program’s version number and exit.
Show this help message and exit.
Provide a different configuration to Lograptor (default is /etc/lograptor/lograptor.conf). If you call the program from the command line without options and arguments, or with only this option, a summary of configuration settings is dumped to stdout and then the process exit successfully.
Logging level. The default is 2 (warning). Level 0 log only critical errors, higher levels show more informations.
Restrict the analysis to log lines related to comma separated list of hostnames and/or IP addresses. File path wildcards can be used for hostnames.
Analyze only log lines related to a comma separate list of applications. An app is valid when a configuration file is defined. As default all apps defined and enabled are processed.
Skip applications processing and works only with pattern(s) matching. This option is incompatible with report and filtering options.
Restrict search scope to a previous date/time period.
Restrict search scope to a date or an interval of dates.
Restrict search scope to a time range.
The search pattern. Use the option more times to specify multiple search patterns. Empty patterns are skipped.
Obtain patterns from FILE, one per line. Empty patterns are skipped.
Ignore case distinctions in matching.
Invert the sense of matching, to select non-matching lines.
Apply a list of filters to the search. The filters specified within a single option are applied with logical conjunction (AND): only the app’s rules that contain all the filters, as Python regex’s named groups, are considered. Multiple -F options are used with logical disjunction (OR).
Perform matching at application’s thread level. The thread rules are defined in app’s configuration file.
Match only lines that are unparsable by app’s rules. This option is useful for finding anomalies and for application’s rules debugging. This option is incompatible with filters (option -F).
Anonymize output for values connected to provided filters. Translation tables are built in volatile memory for each run. The anonymous tokens have the format FILTER_NN. This option overrides –ip, –uid.
Suppress normal output; instead print a count of matching lines for each input file. With the -v, –invert-match option, count non-matching lines.
Stop reading a file after NUM matching lines. When -c/–count option is also used, lograptor does not output a count greater than NUM. When using -t/–thread option the limit is related to the number of threads and not to the number of lines matched.
Quiet; do not write anything to standard output. Exit immediately with zero status if any match is found, even if an error was detected. Also see the -s or –no-messages option.
Suppress final run summary and error messages about nonexistent or unreadable files.
Print the filename for each matching line.
Suppress the default headers with filenames on output. This is the default behaviour for output also when searching in a single file.
Do a reverse lookup translation for the IP addresses. Use a DNS local caching to improve the speed of the lookups and reduce the network service’s load.
Map numeric UIDs to usernames. The configured local system authentication is used for lookups, so it must be inherent to the UIDs that have to be resolved.
Make a formatted text report at the end of processing and display on console.
Make a report and publish it using a comma separated list of publishers. You have to define your publishers in the main configuration file to use this option.
Davide Brunato <brunato@sissa.it>
lograptor.conf(5), lograptor-apps(5), lograptor-examples(5),