man lwatch.conf (Formats) - configuration file for lwatch(1), syntax highlighting for syslog/syslog-ng file
NAME
DESCRIPTION
Default configuration file for lwatch is /etc/lwatch/lwatch.conf (built-in value), but you can specify another file with -C command line option. Read lwatch(1) for details.
Comments
Everything from # (hash) to end of line is a comment.
General options
cfg_ver - this is obligatory variable and it must be placed as the first option in config file (note: although it is not enforced now, it shall be in next release of lwatch). This variable contains version of configuration file syntax. Current manual describes version 1.
date_color - default color of date part
host_color - default color of hostname part
serv_color - default color of service part
mesg_color - default color of message part
input_file - where lwatch is reading data from, built-in default is /var/lib/lwatch/syslog.fifo, could be overwritten with command line option -i
output_file - where lwatch output colored data; built-in default is stdout (-), could be overwritten with command line option -o
show_unparsed - by default lwatch ignores lines which cannot be splitted into date, host, service and message, set this variable to yes if you would like to see those lines; it is the same as command line option -s
Available colors
To specify color you can use following strings: black red green brown blue magenta cyan lightgray darkgray brightred brightgreen yellow brightblue purple brightcyan white.
Matching patterns
There The True Power of Lwatch is hidden. You can match input lines against PCRE (Perl Compatible Regular Expression) and change output depends on matching. You can read more about PCRE in pcrepattern(3) (from libpcre) or in perlre(1) (from perl).
There are two ways to define matching pattern/action. First one is the simple one. Just pattern and one action:
/regexp/ actionThe second one is more complex, but it allows to specify more than one action or modificator with one pattern:
/regexp/ {
action1
action2
...
actionN
}
There is one important thing you should remember. There is no need to quote / (slash) if you use it inside regexp pattern. For example:
//USR/SBIN/CRON/ { # cron's messages are not important
color=blue # display it in blue
match_service
}
For every input line message part is matched against all defined patterns, from top to bottom. For every matched pattern attached actions are run until exit is specified (see below).
Actions and modificators
date_color - set date color
mesg_color, color - set message color
serv_color - set service name color
host_color - set hostname color
exit - do not match next patterns
highlight - highlight matched string with given color
ignore - ignore this pattern, do not match next patterns
match_host - match hostname insted message
match_service - match service name instead message
EXAMPLES
Just look into provided lwatch.conf.
COPYRIGHT
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England. This library is available at: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/