Logfile Macros
The macros in the sample logfile_macros.cfg configuration file below deal with logfile outputs and determining logfile dates and times.
///////////////////////////////////////////////////////////////////////////////
//
// logfile_macros.cfg
//
///////////////////////////////////////////////////////////////////////////////
output_alarm_log(M) output log "=logdir/" . $alarm() . ".log" (M)
///////////////////////////////////////////////////////////////////////////////
notlogmsg ( #inputlength()
&& ($left($inline,3) !~ "=months")
)
///////////////////////////////////////////////////////////////////////////////
fileage(F) #trunc((#now()-#filemtime((F)))/=secs_in_day)
filetime(F) #now()-#filemtime((F))
///////////////////////////////////////////////////////////////////////////////
set_lineage(L) // for the given line (L), determine its age, in seconds,
// according to its date/time stamp (if any)
// for syslog and many other log files; look for a date/time
// stamp like "Feb 2 10:25:20" at the beginning of a line
if #parse("(L)", "^(=months)[[:space:]]+([[:digit:]]+)[[:space:]]+
([[:digit:]]+):([[:digit:]]+):([[:digit:]]+)") == 5
set #lineage = =nowdst
- (#datevalue(#year(), #monthnumber($1), #val($2))
+ #timevalue(#val($3), #val($4), #val($5)))
elseif [... still more cases (not shown) ...]
// add other cases here in their own 'elseif' as needed
// else no, or unaccounted for, date/time stamp
else
set #lineage = #err()
fi
///////////////////////////////////////////////////////////////////////////////
bypass_old_line(F, L, S) // when a log file is rolled over and the
// last portion of the old file is retained
// in the new file, PIKT will scan the log
// file from the beginning the next time the
// alarm is run because the position in the
// old file has been lost in the new file;
// use this macro to bypass older log entry
// lines from previous days so as not to
// process them twice
// (F) is the log file name (e.g., =messages)
// (L) is the line (e.g., $inline)
// (S) is the age of the line in seconds
// beyond which you want to ignore
#if mailserver
leave
#endif
// remove pesky embedded dquote chars, found especially
// in http access logs
set $line = $substitute((L), $dquote(), $char(0))
=set_lineage($line)
if #lineage == #err()
output piktlog "[WARNING] For (F),
line is improperly date/time-stamped: (L)"
// elseif #lineage < 0
// output piktlog "[WARNING] For (F),
line is in the future: (L)"
elseif #lineage >= (S)
next
fi
///////////////////////////////////////////////////////////////////////////////
set_fa(F) // set age of file in days; this presupposes that (F) exists,
// unless (F) is not supplied (invoked as: =set_fa()) so
// $mon, $date & $time are already known for the current file
if "(F)" eq "" // as with: =set_fa()
set #fa = #fileage($mon,$date,$time)
else // as with: =set_fa("=passwd")
if ! #defined($mon)
set $mon = $nil()
fi
if ! #defined($date)
set $date = $nil()
fi
if ! #defined($time)
set $time = $nil()
fi
do #split($command("=lld (F)"))
set #fa = #fileage($[6],$[7],$[8])
endif
///////////////////////////////////////////////////////////////////////////////
check_logfileage(F, S) // warn if log file (F) is not at least (S)
// seconds up-to-date
// remove pesky embedded dquote chars, found especially
// in http access logs
set $line = $substitute($command("=tail -n 1 (F) 2>/dev/null"),
$dquote(), $char(0))
if $line eq ""
if (F) =~ "pikt"
if ! -e (F)
=output_other_mail(MAIL, 'outdated PIKT file(s)',
=piktadmin,
"(F) not found!")
endif
// =output_other_mail(MAIL, 'outdated PIKT file(s)',
=piktadmin,
"(F) is empty, else not found!")
else
if ! -e (F)
=outputmail "(F) not found!"
endif
// =outputmail "(F) is empty, else not found!"
endif
else
=set_lineage($line)
if #lineage == #err()
output piktlog "[ERROR] For (F),
last line is improperly
date/time-stamped: $line"
//elseif #lineage < 0
// output piktlog "[WARNING] For (F),
// last line is in the future: $line"
elseif #lineage >= (S)
if (F) =~ "pikt"
=output_other_mail(MAIL, 'outdated PIKT file(s)',
=piktadmin,
"The last (F) line is at least
$text((S)) seconds
out-of-date: $line")
else
output mail "The last (F) line is at least
$text((S)) seconds out-of-date: $line"
endif
fi
fi
///////////////////////////////////////////////////////////////////////////////
For more examples, see Samples.
