[Logcheck-commits] r1618 - in logcheck/branches/zugschlus200707: . debian docs

zugschlus at users.alioth.debian.org zugschlus at users.alioth.debian.org
Sat Jul 28 12:48:50 UTC 2007 

Author: zugschlus
Date: 2007-07-28 12:48:50 +0000 (Sat, 28 Jul 2007)
New Revision: 1618

Added:
   logcheck/branches/zugschlus200707/debian/logtail2.docs
   logcheck/branches/zugschlus200707/debian/logtail2.files
   logcheck/branches/zugschlus200707/debian/logtail2.preinst
   logcheck/branches/zugschlus200707/debian/logtail2.prerm
   logcheck/branches/zugschlus200707/docs/logtail2.8
Modified:
   logcheck/branches/zugschlus200707/Makefile
   logcheck/branches/zugschlus200707/debian/control
   logcheck/branches/zugschlus200707/docs/README.logtail
Log:
add packaging foo


Modified: logcheck/branches/zugschlus200707/Makefile
===================================================================
--- logcheck/branches/zugschlus200707/Makefile	2007-07-28 08:03:39 UTC (rev 1617)
+++ logcheck/branches/zugschlus200707/Makefile	2007-07-28 12:48:50 UTC (rev 1618)
@@ -2,6 +2,7 @@
 
 CONFDIR = etc/logcheck
 BINDIR = usr/sbin
+SHAREDIR = usr/share/logtail/detectrotated
 
 install:
 	# Create the directories
@@ -21,6 +22,10 @@
 	# Install the scripts
 	install -m 755 src/logcheck $(DESTDIR)/$(BINDIR)/
 	install -m 755 src/logtail $(DESTDIR)/$(BINDIR)/
+	install -m 755 src/logtail2 $(DESTDIR)/$(BINDIR)/
+	install -m 755 src/detectrotated/10-savelog.dtr $(DESTDIR)/$(SHAREDIR)/
+	install -m 755 src/detectrotated/20-logrotate.dtr $(DESTDIR)/$(SHAREDIR)/
+	install -m 755 src/detectrotated/30-logrotate-dateext.dtr $(DESTDIR)/$(SHAREDIR)/
 
 	# Install the config files
 	install -m 640 etc/logcheck.logfiles $(DESTDIR)/$(CONFDIR)

Modified: logcheck/branches/zugschlus200707/debian/control
===================================================================
--- logcheck/branches/zugschlus200707/debian/control	2007-07-28 08:03:39 UTC (rev 1617)
+++ logcheck/branches/zugschlus200707/debian/control	2007-07-28 12:48:50 UTC (rev 1618)
@@ -33,6 +33,21 @@
 Architecture: all
 Depends: perl (>= 5.8.0)
 Replaces: logcheck (<= 1.1.1-9)
+Description: Print log file lines that have not been read (deprecated)
+ This program will read in a standard text file and create an
+ offset marker when it reads the end. The offset marker is read
+ the next time logtail is run and the text file pointer is moved
+ to the offset location. This allows logtail to read in the next
+ lines of data following the marker. This is good for marking log
+ files for automatic log file checkers to monitor system events.
+ .
+ This program is in the process of being replaced by logtail2, which
+ automatically handles a single instace of log rotation.
+
+Package: logtail2
+Architecture: all
+Depends: perl (>= 5.8.0)
+Replaces: logcheck (<= 1.1.1-9)
 Description: Print log file lines that have not been read
  This program will read in a standard text file and create an
  offset marker when it reads the end. The offset marker is read
@@ -41,5 +56,13 @@
  lines of data following the marker. This is good for marking log
  files for automatic log file checkers to monitor system events.
  .
+ If logtail2 finds that the inode of the file was changed, it assumes
+ that the log has been rotated, and tries to find the file it was
+ rotated to using heuristic plugins. If it finds the file, it will
+ print the remainder of the file starting at the offset saved to the
+ offset file. If a file with the correct inode
+ was not found, logtail2 will only print the new file in its entirety
+ before writing a new offset file.
+ .
  This program is mainly used by logcheck, because it returns only
  parts of the system logfiles that have not already been checked.

Copied: logcheck/branches/zugschlus200707/debian/logtail2.docs (from rev 1611, logcheck/branches/zugschlus200707/debian/logtail.docs)
===================================================================
--- logcheck/branches/zugschlus200707/debian/logtail2.docs	                        (rev 0)
+++ logcheck/branches/zugschlus200707/debian/logtail2.docs	2007-07-28 12:48:50 UTC (rev 1618)
@@ -0,0 +1 @@
+./docs/README.logtail

Added: logcheck/branches/zugschlus200707/debian/logtail2.files
===================================================================
--- logcheck/branches/zugschlus200707/debian/logtail2.files	                        (rev 0)
+++ logcheck/branches/zugschlus200707/debian/logtail2.files	2007-07-28 12:48:50 UTC (rev 1618)
@@ -0,0 +1,2 @@
+usr/sbin/logtail2
+usr/share/logtail/detectrotated/*

Copied: logcheck/branches/zugschlus200707/debian/logtail2.preinst (from rev 1611, logcheck/branches/zugschlus200707/debian/logtail.preinst)
===================================================================
--- logcheck/branches/zugschlus200707/debian/logtail2.preinst	                        (rev 0)
+++ logcheck/branches/zugschlus200707/debian/logtail2.preinst	2007-07-28 12:48:50 UTC (rev 1618)
@@ -0,0 +1,38 @@
+#! /bin/sh
+# preinst script for logtail
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+

Copied: logcheck/branches/zugschlus200707/debian/logtail2.prerm (from rev 1611, logcheck/branches/zugschlus200707/debian/logtail.prerm)
===================================================================
--- logcheck/branches/zugschlus200707/debian/logtail2.prerm	                        (rev 0)
+++ logcheck/branches/zugschlus200707/debian/logtail2.prerm	2007-07-28 12:48:50 UTC (rev 1618)
@@ -0,0 +1,33 @@
+#! /bin/sh
+# prerm script for logtail
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    remove|failed-upgrade|upgrade|deconfigure)
+        ;;
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

Modified: logcheck/branches/zugschlus200707/docs/README.logtail
===================================================================
--- logcheck/branches/zugschlus200707/docs/README.logtail	2007-07-28 08:03:39 UTC (rev 1617)
+++ logcheck/branches/zugschlus200707/docs/README.logtail	2007-07-28 12:48:50 UTC (rev 1618)
@@ -23,10 +23,17 @@
 common effect of logfile rotation.  On the other hand a file 
 shrinking _without_ moving is a possible symptom of intruders
 covering their tracks, and triggers prominent warnings in the output.
+
+Logtail2, a different executeable, also handles log file rotation by
+guessing a file name that might have been the target of log rotation
+and printing that file's contents starting with the stored offset. If
+you have a non-standard rotation scheme, you can drop your own
+heuristic into /usr/share/logtail/detectrotated/ and have it
+automatically picked up by logtail2.
 ======================================================================
 COMMANDLINE ARGUMENTS
 ---------------------
-See logtail(8).
+See logtail(8) and logtail2(8).
 
 The first, compulsory argument is the name of the input logfile;
 unlike tail, logtail cannot use stdin! 

Copied: logcheck/branches/zugschlus200707/docs/logtail2.8 (from rev 1611, logcheck/branches/zugschlus200707/docs/logtail.8)
===================================================================
--- logcheck/branches/zugschlus200707/docs/logtail2.8	                        (rev 0)
+++ logcheck/branches/zugschlus200707/docs/logtail2.8	2007-07-28 12:48:50 UTC (rev 1618)
@@ -0,0 +1,91 @@
+.TH LOGTAIL 8 "28 Jul 2007" "Debian" "logtail2 manual"
+.SH NAME
+logtail2 \- print log file lines that have not been read
+.SH SYNOPSIS
+.B logtail2
+.RI [-t]
+.BI \-f logfile
+.RI [\-o offsetfile ]
+.SH DESCRIPTION
+.B logtail2
+reads a specified file (usually a log file) and writes
+to the standard output that part of it
+which has not been read by previous runs of
+.BR logtail2 .
+It prints the appropriate number of bytes from the end of
+.IR logfile ,
+assuming that all changes that are made to it are to add new
+characters to it. 
+.P
+.I logfile
+must be a plain file.  A symlink is not allowed.
+.P
+.B logtail2
+stores the information about how much of it has already been read
+in a separate file called
+.IR offsetfile .
+.I offsetfile
+can be omitted.  If omitted, the file named
+.I logfile.offset
+in the same directory which contains
+.I logfile
+is used by default.
+.P
+If
+.I offsetfile
+is not empty, the inode of
+.I logfile
+is checked.  If the inode is changed,
+.B logtail2
+uses the heuristics stored in
+.I /usr/share/logtail2/detectrotated/
+to find a file that might be the rotated
+.I logfile
+and prints it starting with the stored offset. It then proceeds to
+simply print the entire new
+.I file
+and generates a new
+.I offsetfile.
+If the inode is not changed but
+.I logfile
+is shorter than it was at the last run of
+.BR logtail2 ,
+it writes a warning message to the standard output.
+.SH OPTIONS
+.TP
+.B \-f
+.I logfile 
+to be read after offset
+.TP
+.B \-o
+.I offsetfile 
+stores offset of previous run
+.TP
+.B \-t
+test mode - do not change offset in
+.I offsetfile
+.SH RETURN VALUES
+.IP 0
+successful
+.IP 65
+cannot get the size of
+.IR logfile
+.IP 66
+general file or directory access issue
+.IP 73
+cannot write
+.I offsetfile
+.SH AUTHOR
+The original
+.B logtail
+was written in C by Craig H. Rowland <crowland at psionic.com>.
+This version of
+.B logtail
+is a modification of Paul Slootman's re-implementation in perl.
+enhanced by the Debian Logcheck Team <logcheck-devel at lists.alioth.debian.org>.
+.P
+This manual was written by Oohara Yuuma <oohara at libra.interq.or.jp>
+and enhanced by the Debian Logcheck Team
+<logcheck-devel at lists.alioth.debian.org>..
+.SH SEE ALSO
+.BR logcheck (8)

More information about the Logcheck-commits mailing list