I'm trying to get LogWatch to monitor/parse Asterisk logs, but no success so far.
Can anyone maybe see something I'm not?
LogWatch was installed via "yum install logwatch"
LogWatch runs correctly and generates the normal/default output. It's just not picking up my new Asterisk service and parsing the logs.
Operating System
Code:
# cat /etc/issue
CentOS release 5 (Final)
Kernel \r on an \m
Code:
#ls -la /var/log/asterisk/
total 9558332
-rw-rw-r-- 1 asterisk asterisk 0 Aug 15 04:05 event_log
-rw-rw-r-- 1 asterisk asterisk 20 Jul 16 04:07 event_log-20100716.gz
-rw-rw-r-- 1 asterisk asterisk 20 Jul 17 04:07 event_log-20100717.gz
-rw-rw-r-- 1 asterisk asterisk 20 Jul 18 04:07 event_log-20100718.gz
-rw-rw-r-- 1 asterisk asterisk 20 Jul 19 04:07 event_log-20100719.gz
-rw-rw-r-- 1 asterisk asterisk 5701677130 Aug 15 22:34 full
-rw-rw-r-- 1 asterisk asterisk 10492691 Aug 12 04:03 full-20100812.gz
-rw-rw-r-- 1 asterisk asterisk 11177721 Aug 13 04:03 full-20100813.gz
-rw-rw-r-- 1 asterisk asterisk 19138963 Aug 14 04:03 full-20100814.gz
-rw-rw-r-- 1 asterisk asterisk 40995921 Aug 15 04:05 full-20100815.gz
-rw-rw-rw- 1 asterisk asterisk 2069683654 Aug 15 22:34 messages
-rw-rw-rw- 1 asterisk asterisk 428104 Aug 12 04:03 messages-20100812.gz
-rw-rw-rw- 1 asterisk asterisk 393494 Aug 13 04:03 messages-20100813.gz
-rw-rw-rw- 1 asterisk asterisk 461103 Aug 14 04:03 messages-20100814.gz
-rw-rw-rw- 1 asterisk asterisk 9686836 Aug 15 04:03 messages-20100815.gz
I added the following:
/etc/logwatch/conf/logfiles/asterisk.conf
Code:
# What actual file? Defaults to LogPath if not absolute path....
LogFile = asterisk/full
LogFile = asterisk/messages
# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
#If you use a "-" in naming add that as well -mgt
Archive = asterisk/full.*.gz
Archive = archiv/messages.*.gz
# Expand the repeats (actually just removes them now)
*ExpandRepeats
# Keep only the lines in the proper date range...
*OnlyHost
*ApplyStdDate
/usr/share/logwatch/scripts/services/
Code:
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "ASTERISK"
# Which logfile group...
LogFile = asterisk
# Only give lines pertaining to the asterisk service...
*RemoveHeaders
Running a specific test for just the Asterisk service returns this
Code:
# logwatch --detail High --service asterisk --print
Logwatch does not know how to process service: asterisk
Ultimately I would like to be able to parse the Asterisk logs looking for failed handset registrations, SIP trunks bouncing, etc...
