James Bond Log (JBL)
------------------------------------------
What is James Bond Log?
James Bond Log is a log daemon watcher, which checks for you your logs, giving some perl regular
expression patterns. It regulary (every minute) checks the log (i.e. /var/log/messages), set the offset file
in its own directory, and search for pattern matching specified in the configfile.
Configfile's syntax is:
startmatch
pattern Some match
endmatch
Actually between startmatch and endmatch are implemented the follow action:
emailto mailaddress
subject mail subject
Other action will be implemented:
gpgmail
tofile
James Bond Log must be runned by root and must EXIST a user for working.
JBL drops immediatly root privileges and switch to that user, so after installing
one must do (for example):
grouadd -g 900 jbl
useradd -g 900 -u 900 jbl
Then create james bond log dir:
mkdir /var/spool/bondlog
chown jbl /var/spool/bondlog
chmod 700 jbl /var/spool/bondlog
Now we can customize our configfile, suppose to put our configuration in /etc/bondlog.conf
and we want to check /var/log/syslog
We wanna be sure that /var/log/syslog has correct permission for read.
chmod 640 /var/log/syslog
chgrp jbl /var/log/syslog
Now we can start bondlog:
bondlog -c /etc/bondlog.conf -l /var/log/syslog -u 900 -g 900
Done !
bondlog 0.1
usage:
bondlog [-c configfile] [-t chrootdir] [-m mailhost] [-l logfile] -u userid -g groupid
Option needed :
-c configuration file
-u user to switch
-g group to switch
JBL has default that can be changed in the file bondlog.h provided with the source code.
COMPILING
do a simple:
make
then copy the bondlog executable where you prefer.
For further development see http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/bondlog
-----------------
Giorgio Zoppi
deneb@unixwave.org
For downloading ---> click here