Epylog is a new log notifier and parser which runs periodically out of
cron, looks at your logs, processes the entries in order to present
them in a more comprehensive format, and then provides you with the
output. It is written specifically with large network clusters in mind
where a lot of machines (around 50 and upwards) log to the same
loghost using syslog or syslog-ng.
Alternatively, Epylog can be invoked from the command line and provide
a log report based on a certain provided time period. In this case it
relies on syslog timestamps to find the offsets, as opposed to the
end-of-log offsets stored during the last run, though this behavior is
not as reliable and is easily thwarted by skewed clocks.
Provide an alternative config file to Epylog. By default, it will look
Logging level. The default is 1. 0 will produce no output except for
critical errors (useful for cron runs). 2 and above are debugging
levels. 5 is the most verbose.
Will make a report on events that occurred in the last PERIOD. PERIOD
can be either "hour", "day", "week", "month", or more granular: "1h",
"2h", "3d", "2w", etc. When --last is specified, epylog will ignore
the saved offsets and locate the entries by timestamps. CAUTION:
this process is not to be trusted, since the timestamps are not
checked for any validity when arriving to the loghost. One reporting
machine with a skewed clock may confuse Epylog enough to miss a lot of
When specified, will store the offset of the last log entry processed
in offsets.xml. During the cron runs epylog relies on the offset
information to find out what new entries to process. This is more
trustworthy than relying on timestamps. The default behavior is not to
store the offsets, as this allows to run epylog both from cron and
manually without the two interfering with each-other. The location of
offset.xml is specified in epylog.conf. See epylog.conf(5) for
In every way identical to -d 0.
This is essentially --quiet --store-offsets, plus a lockfile will
be created and consulted, preventing more than one instance of epylog
from running. You can still run epylog manually -- the lockfile is
only checked when running in --cron mode.
The core of epylog is written in python. It handles things like
timestamp lookups, unwrapping of "last message repeated" lines,
handling of rotated files, preparing and publishing the reports, etc.
The modules are pluggable and can be either "internal", written in
python, or external. External modules can be written in any language,
but at a price of some convenience. For more info see
Depending on the size of your logs, you might want to initialize your
offsets before letting epylog run from cron. When the offsets.xml file
is missing, epylog will by default process the entire log, and
depending on your configuration, that can be a lot of entries. A good
way to init epylog is to run: