metalog.conf(5) Metalog configuration file metalog.conf(5)

metalog.conf - configuration file for metalog

[default values]
<section title :>
<section values>
<section 2 title :>
<section 2 values>
# Comments are introduced with "#", which is ONLY allowed at the beginning of a line.
<etc.>

[default values] will be used if you do not redefine them in a section. You can choose <section title> as you wish. It doesn't mean anything, just allow you to keep an easy to read config file.

Values names can be one of the following:

Once a logfile has exceeded the value defined (in bytes), it will be rotated. If maxfile is equal to zero, it disables log rotation. Defining a default value is a good idea.
Once a logfile is older than the value defined (in seconds), it will be rotated. Defining a default value is a good idea.

NB: A logfile is rotated when either maxsize or maxtime limit is reached. If either one or both is equal 0, then log rotation is disabled.

This value indicates the maximum number of rotated files kept. So you'll have x rotated files (log-date-string filename type), plus the file named "current".
Only records a message if the application that issued it uses syslog facility <facility>. Facility names are : "auth", "authpriv", "cron", "daemon", "ftp", "kern", "lpr", "mail", "news", "security", "syslog", "user", "uucp", "local0", "local1" ... "local7". All kernel messages are logged with facility "kern". A section can have several "facility = ..." lines to match more than one facility. If <facility> is "*", it'll match all the facilities.
Log entries are sent to the remote log server defined by this IP address or domain name. Only one remote log server can be defined. This can only be defined in the default values section. All log messages are sent there, limitations via "ratelimit", "ratelimit_burst" or "showrepeats" are ignored for log message sent to the remote log server. In case a domain or host name is configured, the necessary DNS request will be repeated after every failed attempt or after 120 seconds when the name has been successfully resolved.
The UDP port of the remote log server. Default is "514". This can only be defined in the default values section.
Default is 0. Log messages are sent to the remote log server when set to 1. Can be defined for default values or in sections.
Default is 0. If set to 1 and a section is matched, perform action, but don't consider any more possible section matches below this one in the config file. This is useful for creating a config where specific types of log messages are matched and dispatched, while a "catch-all" section at the bottom of the config file handles the default case.

Using 0 would cause messages to be potentially handled by multiple sections, causing message duplication, while using 1 on the sections above a final "catch-all" would avoid duplication.

Only record a message if its urgency is inferior or equal to <level>. Level '0' is the most critical one, while level '7' is for debugging messages. 5 will strip all non-important messages. The default minimum level is 7 (i.e. keep all messages).
Don't log if the message level exceeds that value. By default, maximum is the largest possible level.
Files will be written under the specified directory. The special value "NONE" will skip the log message.
Permissions for the log directory. Defaults to 0700
Can be used to do filtering instead of facility. Remember to use the executable name.
Can be used when you only want to log messages that match the pattern (like "invalid", "fail", etc...) to send them to a single directory.

Multiple regex may be defined in a single section, only one must match.

Can be used when you only want to log messages that do not match the pattern.

A neg_regex match will override any regex matches and not log the message.

When one or more regex are provided, at least one of them must match to log the message. The lack of any regex will result in message being logged when no neg_regex match.

Multiple neg_regex may be defined in a section, only one must match.

Run specified program after a log file has been rotated.

The program is passed the date, the program name ("metalog"), and the new logfile name.

Similar to program, this is a regex that matches the program name to send all messages from related programs to the same log file.

Multiple program_regex may be defined in a section, only one must match.

The inverse of program_regex to filter out logs from programs that match.

A program_neg_regex match will override any program_regex matches and not log the message.

When one or more program_regex are provided, at least one of them must match to log the message. The lack of any program_regex will result in message being logged when no program_neg_regex match.

Multiple program_neg_regex may be defined in a section, only one must match.

Set to 0 to filter out repeat log messages.
Run the specified program as soon as something is logged in a given section.

The program is passed the date, the matching program name, and the log message.

In case the program doesn't exist at metalog startup, metalog will not exit and just ignore that config line.

Format of the human readable timestamp prepended to all log messages. The format string supports all conversion specifications from strftime plus %[nnn]N for nanoseconds (default: nine numbers long, can be shortened with nnn < 9). The format string with %[nnn]N replaced is then passed to the strftime(3) function. An empty string is used to disable timestamps (for cases where the log messages already include its own).
If set to 0, matching log messages will always be buffered. If set to 1, they will always be written to the file system immediately.

Both settings override the global default given through command line parameters (-a/-s) or signals.

Limits the rate of logged messages to the specified number of messages per unit of time. Valid units of time are second, minute, hour and day, each identified by its first letter. Fractional values are allowed such as "0.5/m" to make human parsing easier.

A limit of 0 (the default) may be used to disable any rate limit handling. In this case, the unit of time may be omitted.

Up to this number of lines will be printed at the beginning of a burst of message, if the rate of messages has been well below the limit before. The specified message rate will not be exceeded. The default value of 1 disables special treatment for bursts. Values less than 1 are invalid and will be rejected.
This optional directory can contain more config files that will get interpreted at metalog start. Only file names ending with ".conf" are interpreted. This option is only allowed once, all repetitions will be ignored.

Note that the exact paths depend on the build settings. These are the standard paths.

/etc/metalog.conf

Mike Frysinger <vapier@gentoo.org>
Laurent Wandrebeck (low) <wandre.l@free.fr>
Leo Lipelis <aeoo@gentoo.org>
Hendrik Visage <hvisage@users.sourceforge.net>
Frank DENIS (Jedi/Sector One) <j@pureftpd.org>

metalog(8)

4 Frank DENIS