search

fxnn / gowatch

Configurable logfile analysis for your server.
MIT License
8 stars 2 forks source link

Make configuration keywords more intuitive #14

Closed fxnn closed 9 years ago

fxnn commented 9 years ago

Currently, a configuration file looks as follows:

logfiles:

- filename: /var/log/auth.log
  tags: ['auth.log']
  timelayout: Stamp
  config: {pattern: '%{SYSLOGBASE} %{GREEDYDATA:Message}'}

summary:

- summarizer: count
  title: auth.log
  where: {tags: {contains: 'auth.log'}}
  config: {
    'sudo [%{user}->%{effective_user}] %{command}': '\s*%{USER:user}\s*: TTY=%{DATA:tty} ; PWD=%{PATH:pwd} ; USER=%{USER:effective_user} ; COMMAND=%{PATH:command}(: %{GREEDYDATA:arguments})?'
  }

Parts of it are made to be easy to read, like where: {tags: {contains: 'auth.log'}}. Everyone should know what's ment, and I also feel that it's quite intuitive and thus easy to write and remember.

This should be done with all keywords in the file (as far as possible). Ideas:

fxnn commented 9 years ago

After making the whole configuration clean and nice, we have to introduce some documentation in the README.md so that everyone visiting the project get's an idea of how to configure gowatch, and how mighty it is :)