Customizing Logwatch to get error messages from RSnapshot

 

Tux, the Linux penguin

Image via Wikipedia

We use the fantastic rsnapshot to back up various servers in our shop to a separate disk array.

One of the things about rsnapshot is that it’s pretty much set-and-forget. Once it’s configured (via edits to /etc/rsnapshot.conf), you generally don’t have to worry about it. However, because we don’t tweak the config file very often, it’s easy to make mistakes in the config file, and there’s nothing quite as disturbing has having a non-funtional backup system.

The server that runs rsnaphot is a CentOS 5.5 box, so it already ships with Logwatch, which sends out nicely formatted emails every day with summaries of server activity and errors.

In this brief note, I’ll show you how to do the minimum amount of tweaking to the logwatch configuration in order to get it to alert you to RSnapshot errors. This is a very basic set-up. You should read through the man pages and other documentation for LogWatch to see other ways to use this tool.

By default, RSnapshot generates a single logfile at “/var/log/rsnapshot”. We want to parse this file and make sure that logwatch notifies us if there are any lines in the file that contain the word “ERROR:”, as we know from looking at the log file that RSnapshot flags all errors this way:

ERROR: Errors were found in /etc/rsnapshot.conf,
ERROR: rsnapshot can not continue. If you think an entry looks right, make
ERROR: sure you don’t have spaces where only tabs should be.

 

To tackle this problem, you will create three new files:

  1. /etc/logwatch/conf/logfiles/rsnapshot.conf
  2. /etc/logwatch/conf/services/rsnapshot.conf
  3. /etc/logwatch/scripts/services/rsnapshot

Create a new rsnaphot.conf under/etc/logwatch/conf/logfiles/

The contents should look something like this. Basically, you’re telling Logwatch to watch /var/log/rsnapshot and you’re telling it to use some built-in date routines.

# First cut at monitoring rsnapshot errors
# rsnapshot log file is /var/log/rsnapshot
# There is no archive file
#
LogFile = rsnapshot
*ApplyStdDate =

Create a new rsnapshot.conf in /etc/logwatch/conf/services/

Again, a two-line file. This tells logwatch to look at the log group that you defined in “/etc/logwatch/conf/logfiles” and it tells it to use “RSNAPSHOT” as the title when it sends you reports.

LogFile = rsnapshot
Title = "RSNAPSHOT"

Create the actual program that will search through the logfile looking for information to send you

This file is “/etc/logwatch/scripts/services/rsnapshot” and it’s an actual script that takes the logfiles identified in the configuration files above and searches through the file looking for matching patterns. The script can be written in any language. I copied another script, which happened to be written in Perl. Here’s my very basic script:

##########################################################################
# $Id: rsnapshot Wed Mar  2 09:10:43 EST 2011
##########################################################################

########################################################
# Logwatch was written and is maintained by:
#    Kirk Bauer
########################################################

my $Debug = $ENV{'LOGWATCH_DEBUG'};
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
my $Error = 0;
my @ErrorLines = ();

if ( $Debug >= 5 ) {
    print STDERR "nnDEBUG nn";
}

while (defined($ThisLine = )) {
   if ($ThisLine =~ /ERROR: /) {
      @ErrorLines[$Error] = $ThisLine;
      $Error++;
   }
}

################################################

if ($Error > 0) {
   print "WARNING: There are a total of $Error RSnapshot error(s).n";
   print "Please review immediately!n";
      }

if ( ( $Detail >= 0 ) and (scalar(@ErrorLines) > 0) ) {
   print     "nn[RSNAPSHOT] Errors:".
             "n=========================n";
   for ($count = 0; $count <= scalar(@ErrorLines); $count++) {
        print "@ErrorLines[$count]";
        }
   }

exit(0);

 

Enhanced by Zemanta
Advertisements

2 thoughts on “Customizing Logwatch to get error messages from RSnapshot

  1. not.a.test says:

    /etc/logwatch/conf/logfiles/rsnapshot.conf:
    LogFile = rsnapshot.log
    Archive = rsnapshot.log.*.gz
    *ApplyStdDate = “\[%d/%b/%Y:%H:%M:%S\]”

    /etc/logwatch/scripts/services/rsnapshot:
    #!/usr/bin/perl
    ##########################################################################
    # $Id: rsnapshot Wed Mar 2 09:10:43 EST 2011
    ##########################################################################

    ########################################################
    # Logwatch was written and is maintained by:
    # Kirk Bauer
    ########################################################

    my $Debug = $ENV{‘LOGWATCH_DEBUG’};
    my $Detail = $ENV{‘LOGWATCH_DETAIL_LEVEL’};
    my $Error = 0;
    my @ErrorLines = ();

    if ( $Debug >= 5 ) {
    print STDERR “nnDEBUG nn”;
    }

    while (defined($ThisLine = )) {
    if ($ThisLine =~ /ERROR: /) {
    @ErrorLines[$Error] = $ThisLine;
    $Error++;
    }
    }

    ################################################

    if ($Error > 0) {
    print “WARNING: There are a total of $Error RSnapshot error(s).\n”;
    print “Please review immediately!\n”;
    }

    if ( ( $Detail >= 0 ) and (scalar(@ErrorLines) > 0) ) {
    print “\n\n[RSNAPSHOT] Errors:”.
    “\n=========================\n”;
    for ($count = 0; $count <= scalar(@ErrorLines); $count++) {
    print "@ErrorLines[$count]";
    }
    }

    exit(0);

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s