logaudit is a tool for gathering and analyzing log files. I intend it for
logs such as those in GNU/Linux systems under /var/log
.
I have a few machines and I want to keep an eye on the logs. One problem is that there are many log messages I don't care about. Another is that it is time consuming to look at logs on each host.
I hope this to make monitoring the logs more efficient for me.
logaudit runs on each host where you want to monitor logs. Typically it
runs from cron. It reads logs from /var/log
, filters them, and publishes
lines of interest to a GCP Pub/Sub topic. I use
emailpub to email me this summary.
Create a service account and allow it to publish to GCP Pub/Sub. If necessary, copy the key to the host.
Create a config and copy it to the host.
Add logaudit to root's cron:
21 6 * * * GOOGLE_APPLICATION_CREDENTIALS=service-account.json /path/to/logaudit \
-config /path/to/logaudit.conf \
-email you@example.com \
-project-id myproject \
-state-file /path/to/logaudit.state \
-topic mytopic 2>&1 | logger
Note GOOGLE_APPLICATION_CREDENTIALS
only needs to be set if you're using
a key from a file.