NAME SyslogScan::Daemon - Watch log files SYNOPSIS syslogscand [-f] [-c config] {start|stop|reload|restart|check} @ISA = qw(SyslogScan::Daemon); newdaemon() DESCRIPTION SyslogScan::Daemon is a framework on which to hang log file watchers. SyslogScan::Daemon is a subclass of Daemon::Generic and uses Plugins to create the framework. CONFIGURATION PREFIX The configuration prefix for plugins for SyslogScan::Daemon is ''. Use "plugin" to load plugins. CONFIGURATION PARAMETERS SyslogScan::Daemon defines the following configuration parameters which may be given in indented lines that follow "plugin SyslogScan::Daemon" or anywhere in the configuration file. debug (default 0) Turn on debugging. configfile (default "/etc/syslogscand.conf"). The location of the configuration file for the plugins or SyslogScan::Daemon. WRITING PLUGINS Plugins for SyslogScan::Daemon should subclass SyslogScan::Daemon::Plugin. The following methods will be invoked by SyslogScan::Daemon: new(%args) Called from Plugins and %args will come from the configuration file. An object of the type of the plugin is expected as the return value. It's okay to "die" here. preconfig($configfile) Called right after "new()" and when a "reload" is requested. Return value is a %hash that is then passed into "postconfig()". It's okay to "die" here. postconfig(%args) Called after all plugin's "preconfig()"s are called. No return value is expected. get_logs() Called after "postconfig()". The return value of "get_logs()" is a hash: the keys are log file names and the values are lists of regular expressions to match. For example: sub get_logs { return ( '/var/log/mail.log' => [ qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(bounced).*\b(?i:blacklist(ed)?|spamming|spam list|removal|remove|block list|blocked for abuse)\b}, qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(deferred).*Rejected: \S+ listed at http}, ], ); } The default implementation of "get_logs()" checks to see if there is a "$self-"{plugins}> member and if there is, it re-dispatches the "get_logs()" call to its plugins. It keeps track of the regular expressions returned by its plugins that in "matched_line()", callbacks can be redistributed to the appropriate plugin: sub matched_line { my ($self, $logfile, $rx) = @_; for my $plugin (@{$self->{logs}{$logfile}{$rx}}) { my @ret = $plugin->invoke('parse_logs', $logfile, $rx); # your stuff here... } } matched_line($file, $rx) Called after one of the regular expressions returned by "get_logs()" matched a log line. The arguments are the log filename where the match was found and the regular expression that matched. Passed implicitly are the line that was matched ($_) and any of the numbered regular expression submatches ($1, $2, etc). No return value is expected. periodic() Called once per second or so (or however of the config file says). The default implementation of "periodic()" checks to see if there is a "$self-"{plugins}> member and if there is calls "$self-"{plugins}->invoke('periodic')> to send the heartbeat down the plugin tree. Use Plugins::SimpleConfig Using Plugins::SimpleConfig to write the plugins make the job much easier. Plugins that have plugins For plugins that in turn have plugins, a helper function is provided in SyslogScan::Daemon::Plugin: sub set_api { my ($self, $ssd_configfile, @api) = @_; my $config = $self->{configfile} || $ssd_configfile; $self->{myapi} = Plugins::API->new; $self->{myapi}->api(@api); $self->{myapi}->autoregister($self); $self->{myapi}->register(undef, parentapi => sub { return $self->{api} }); $self->{plugins} = new Plugins context => $self->{context}; $self->{plugins}->readconfig($config, self => $self); $self->{plugins}->api($self->{myapi}); $self->{myapi}->plugins($self->{plugins}); $self->{plugins}->initialize(); $self->{plugins}->invoke('preconfig', $config); } To use it, define your "preconfig()" as follows: sub preconfig { my ($self, $ssd_configfile, @api) = @_; $self->set_api($ssd_configfile, stuff for Plugins::API::api() ); ... more initialization if needed } SEE ALSO Plugins Plugins::Style1 Plugins::API SyslogScan::Daemon::BlacklistDetector SyslogScan::Daemon::SpamDetector LICENSE Copyright (C) 2006, David Muir Sharnoff This module may be used and copied on the same basis as Perl itself. If you find this useful, please thank me by giving me a chance to bid on your next Internet transit purchase of T1 or larger. I have good prices for T1s, T3s, OC3s and such. Thank you.