#!/usr/bin/perl -w # # perl script to give /var/log/messages nice colors for readability # # Jules Stuifbergen # (I was bored, rewrote 'logcolorise.pl' from Michael Babcock from scratch) # # Thanks Jeffrey Paul for several improvements # Cristian Ionescu-Idbohrn for better patterns use Term::ANSIColor; use strict; $Term::ANSIColor::AUTORESET++; # reset color after each print $SIG{INT} = sub { print "\n"; exit; }; # reset color after Ctrl-C my ($i,$word,$date,$host,$service,$rest,@mesg); #### Put your own preferences here # # lines get processed in this order: ignore service, ignore line, color line, color word # ignore service (default = ignore nothing) my $service_ignore = ""; # or.. (to ignore syslogd and gdm) # my $service_ignore = "syslogd|gdm"; # ignore line (default = ignore nothing) my $line_ignore = ""; # "connect|hhrpuffnstuff|User unknown in local recipient table|client=|timeout"; # or.. (to block out portsentry + name server messages and some sendmail msgs): # my $line_ignore = "already blocked Ignoring|XSTATS|USAGE|NSTATS|Lame server|^[A-Z][A-Z][A-Z][0-9][0-9][0-9][0-9][0-9]"; # color line my $line_alert = "DENY|lost|shutting|dead|failure|inactive|refus|reject|status=bounced"; my $line_warn = "invalid|bad|attackalert|UPTIME|Lame|failing|unknown|Yes|discard"; my $line_good = "DHCP_ACK|[cC]lean[e]?[d]?|alive|accepted|stat=Sent|status=sent"; # color word my $alert = "LOGIN|reject|ruleset|fatal|[Ss]uccessful|failed|[Dd]eferred"; my $warn = "dangling|stat=Deferred:|root|miss(ed|ing)|[Ii]gnore|adminalert|delet(e|ing)"; my $good = "[Ll]isten|[Ss]tart(ed|ing)|[Rr]eady|active|[Rr]eload(ed|ing)|OK"; ########### **BEGIN** ADDED BY JULIO ############################# # Color hosts. Change your hosts here, if you don't make syslog from other # servers in this machine, you don't need make changes here. You can add # others serves, but you must edit (add "if" command line) in "SECTION HOSTS" my $host1 = "alfa"; my $host2 = ""; # Color services. Makes the Services always with the same color. You can add # others services ($serviceX), but you must edit (add "if" command line) in "SECTION SERVICES" my $service1 = "named"; # my bind my $service2 = "kernel|syslog|sshd"; # my critics servers my $service3 = "cucipop|vpop3d|IMP"; # my pop3 servers my $service4 = "postfix"; # my mta my $service5 = "amavis"; # amavis virus scaner (www.amavis.org) ########### **END** ADDED BY JULIO ############################# # 'palette' Change your colors here! my $date_color = "white"; my $host1_color = "red"; my $host2_color = "green"; my $host_other_color = "blue"; my $service1_color = "yellow"; my $service2_color = "red"; my $service3_color = "magenta"; my $service4_color = "cyan"; my $service5_color = "magenta"; my $service_other_color = "blue"; my $alert_color = "red"; my $warn_color = "yellow"; my $good_color = "green"; my $alert_word_color = "red"; my $warn_word_color = "yellow"; my $good_word_color = "green"; #### Main loop # NEWLINE: while (<>) { ($date,$host,$service,$rest) = /^(.+?\s.+?\s.+?\s)(.+?\s)(.+?:\s)(.*)/; # Anything interesting to show? next NEWLINE if ! defined($rest) or (length($rest) < 1); # ignore if.. $service_ignore && next NEWLINE if ($service =~ /$service_ignore/); $line_ignore && next NEWLINE if ($rest =~ /$line_ignore/); print colored("$date", $date_color); #[SECTION HOSTS] #print colored your "$hostxxx", else print colored default $host_other_color if ($host =~ /$host1/) { print colored("$host", $host1_color); } elsif ($host =~ /$host2/) { print colored("$host", $host2_color); } else { print colored("$host", $host_other_color); } #[SECTION SERVICES] #print colored your "$servicexxx", else print colored default $service_other_color if ($service =~ /$service1/) { print colored("$service", $service1_color); } elsif ($service =~ /$service2/) { print colored("$service", $service2_color); } elsif ($service =~ /$service3/) { print colored("$service", $service3_color); } elsif ($service =~ /$service4/) { print colored("$service", $service4_color); } elsif ($service =~ /$service5/) { print colored("$service", $service5_color); } else { print colored("$service", $service_other_color); } # color the whole message if.. if ($rest =~ /$line_alert/) { print colored("$rest\n", $alert_color); next NEWLINE; } if ($rest =~ /$line_warn/) { print colored("$rest\n", $warn_color); next NEWLINE; } if ($rest =~ /$line_good/) { print colored("$rest\n", $good_color); next NEWLINE; } # else, color seperate words @mesg = split(/ /,$rest); foreach $word (@mesg) { if ($word =~ /$alert/) { print colored ("$word ", $alert_word_color); next; } elsif ($word =~ /$warn/) { print colored ("$word ", $warn_word_color); next; } elsif ($word =~ /$good/) { print colored ("$word ", $good_word_color); next; } else { # no color print "$word "; } } print "\n"; } =pod =head1 NAME loco - colorize B for easy reading =head1 SYNOPSIS B [I]... =head1 DESCRIPTION Colorize FILES(s), or standard input and print on the standard output. With no FILE, read standard input. To produce colors, loco uses the B module. =head1 EXAMPLES loco /var/log/messages tail -f /var/log/messages | loco =head1 AUTHOR Jules Stuifbergen . Basically, I was bored, and rewrote 'logcolorise.pl' from Michael Babcock from scratch. Feel free to mail me patches, improvements, or fixes. =head1 BUGS The Escape codes used for coloring are characters, too, so lines will be broken off apparently prematurely. If there's no match, the lines will be displayed in the default color. If you default color happens to be red, the effect of red keywords will disappear. =head1 LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. =cut