"Centralized logs, to your e-mail."
About Screenshots Readme Manpage FAQ Download

FAQ

If you have a question that is not covered here let me know and I'll add it.

Q: I didn't receive the test e-mail. What's wrong?

A: See the README file, section 3.1.2.

Q: I started the configuration interface but I can't navigate anywhere from the main menu.

A: Dialog is probably looking for gpm and it can't find it. Start gpm (type "/etc/init.d/gpm start") or install gpm if it's not present and try again.

Q: I started logsend and I'm sure there are some new lines added to the files to watch, but I don't receive any e-mail.

A: Did you receive the test e-mail? If it worked, remember that there is a delay between the e-mails to be sent (which you can configure). Only if you waited for a while longer than this delay you have reasons to worry.

Q: I saw that logsend has 3 backends but I don't know which one to choose.

A: Short answer: TAIL. It is suitable for all systems and the recommended one for high-activity servers (with rapidly increasing log files). If you use logsend on your home pc (or have low activity servers) you can switch to the INOTIFY backend and logsend will enter a stand-by-like state until the log files are modified. And last, only if you are totally sure the watched files aren't rotated, you can choose the SIMPLE backend.

Q: I'm afraid to set an e-mail delay longer than 1 day. If my log files are rotated once per day, won't the changes be lost?

A: No. Logsend keeps an internal cache containing the lines added to the files. This cache is refreshed after the e-mail notification is sent.

Q: I use the INOTIFY backend. I stopped logsend a couple of hours ago and I forgot about it; now I want to start it again and also to get the meantime changes, even though I didn't set it up to send these changes.

A: Do it now. Configure logsend and check "Get meantime changes", then start it. You should receive them.

Q: I need to watch a directory recursively, to an unlimited depth.

A: Start the configuration interface, go to "Internal settings" -> "Inotifywait options for directories" and ADD this:

--recursive

Q: I want logsend to watch a directory of some importance to me, but I want to be notified only when the files in that directory are modified (and not when they are open or read from).

A: By default, all the events are caught and sent. You can easily change this in the "Internal settings" section. Set the "Inotifywait options for directories" to catch only the modification events, by ADDING this:

-e modify -e delete -e create -e move -e move_self

Check the inotifywait manpage for a description of these events. Alternatively, if you configured manually, change the LH_INOTIFY_DIR_OPTS variable.

Q: I want to improve logsend's performance. Is there any way I can do this?

A: So you're using it on a high-activity server. First, consider using the TAIL backend. If you are already using it and you feel adventurous, re-configure logsend and in the "Internal settings" section, change the "Extra options for tail" to:

--sleep-interval=2 --follow=name --quiet

This will check the files once at 2 seconds (instead of once per second). If for some reason you are using the INOTIFY backend to watch directories, you should know that catching only the major events can increase the perfomance, so make sure you read the previous question in this FAQ.

Q: What's the story with the white spaces not being supported about?

A: When we talk about white spaces we refer to the user settings: a string to be searched for which contains a white space, or a file to be watched which contains a white space in its name. Logsend assigns these settings to arrays and a white space inside an element would break the field separation; since changing the $IFS is not a solution to this problem, the array mechanism will be replaced in a future release. Till then, this is what you can do to enable the white space support (or a substitute of it).

  • If you need white space support into the strings to be searched for you can replace the white space with a period. For example, lets's say you need to get only the lines containing "john doe". You can use as the string to be searched for "john.doe". Now, the period inside "john.doe" will match any single character, including a white space. Of course, you will also get the lines containing strings like "johnXdoe", but at least you won't loose anything (you can only get some extra lines you are not interested in). You can use as many periods as the white spaces they should substitute. This works both with "grep -e" and with "grep -E", but it doesn't work with "grep -F" (and it's quite natural to be this way).

  • If you need white space support into the filenames, you can symlink the file containing white spaces in its name to a file without any space. Let's say you need to watch a file named "my log file":

    ln -s 'my log file' myfile
    
    And then tell logsend to watch "myfile".