<div dir="ltr"><div>Wanted to introduce my recently open sourced project, routelog to the talk list:</div><div><br></div><a href="https://github.com/axialmarket/routelog">https://github.com/axialmarket/routelog</a><div><br>
</div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">It's a UNIX filter that matches log lines, parses them, and executes commands using the parsed log entry ... it's basically cron, but for logs, rather than for time.</span></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">Routelog is written in Python, using the shlex module, and implements both a domain specific language and an interpreter. The rules file language (routelog(5)) looks like this:</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">/pattern/ command</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">command is a shell command (just like cron, it gets passed to sh via the -c option using execvp(2)), that takes it's positional arguments are the results of a parsed log entry. So if you have a log line like this:</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><span style="font-family:arial,sans-serif">2012-12-07T12:06:11-05:00</span><font face="arial, sans-serif"> server1 program_name: ERROR foo<br></font></div><div><font face="arial, sans-serif"><br>
</font></div><div><font face="arial, sans-serif">$1 = </font><span style="font-family:arial,sans-serif">2012-12-07T12:06:11-05:00</span></div><div><span style="font-family:arial,sans-serif">$2 = </span><span style="font-family:arial,sans-serif">server1</span></div>
<div><span style="font-family:arial,sans-serif">... and so on</span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">So you can do things like:</span></div>
<div><span style="font-family:arial,sans-serif"><br></span></div><div>/ERROR/ echo "$*" | mail -s "Error executing ${3%:} on $2 at $1" <a href="mailto:error@example.com">error@example.com</a></div>
<div><br></div><div>You can also group your log arguments (again just like shell):</div><div><br></div><div><span style="font-family:arial,sans-serif">2012-12-07T12:06:11-05:00</span><font face="arial, sans-serif"> server1 program_name: "these are all one arg"</font><br>
</div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">The routelog(1) program emits to stdout, so you can pipline your log processing inside a single command:</font></div><div><font face="arial, sans-serif"><br>
</font></div><div><font face="arial, sans-serif">routelog mail-errors.rules /var/log/*.log | bzip2 > todays-logs.`date +%s`.bz2<br></font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">It's easily implemented by any log rotation program, via cron, or using a queue system like fsq (<a href="http://github.com/axialmarket/fsq">github.com/axialmarket/fsq</a> ... also available via pip) in concert with log rotation (which is how we use it).</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">Any thoughts, suggestions or improvements (or ports Makefiles ... ;)) are much appreciated. </font></div><div><font face="arial, sans-serif"><br>
</font>-- <br>regards,<br>matt
</div></div>