mail-logs.pl -- email logs for the previous day.
mail-logs.pl provides a simple way to extract your logs from the previous
day and deliver them to any email address.
The mail-logs.pl was created to help ensure that the logs were checked, and
archived every day. Email delivery allows multiple people the ability to read
thru the log with out requiring access to the files. Also the email messages
provide a 'backup' of the log files.
mail-logs.pl does not accept any command line options. It parses log files
defined in the script and delivers an email for each log file to the address
Requirements for the script are described in the comments found at the
beginning of the script. Basically you will need to make sure the last and
gunzip commands are available. Also the Perl modules
need to be properly setup for this script to
Bellow is a description of the various variables that need to be defined or
setup for the script to function properly.
log_files is a list of log files to be parsed. When defining this do not
worry about logs rotated using logrotate - this script should parse those
logs also... for example if "/var/log/syslog" is specified /var/log/syslog*
will be parsed and included in the same message, as long as they are either
plain text or gziped plain text.
When defining %log_files the key for each element is the file-base. and the
value for each key should be the time format that is needed. The following
values are available by default for a time format:
"std" -- standard format in syslog
"apache" -- standard format for apache access logs.
"apache-error" -- standard format for apache error logs.
"bru" -- standard format for 'bru' logs.
"smb" -- standard format for samba logs.
"wtmp" -- standard format used in the wtmp files
(viewed with 'last').
The default value for %log_files is:
("/var/log/messages" => "std",
"/var/log/syslog" => "std",
"/var/log/boot" => "std",
"/var/log/daemon.log" => "std",
"/var/log/debug" => "std",
"/var/log/kern.log" => "std",
"/var/log/mail" => "std",
"/var/log/vsfpd.log" => "std",
"/var/log/user.log" => "std",
"/var/log/setuid" => "std",
"/var/log/uucp" => "std",
"/var/log/apache/access.log" => "apache",
"/var/log/apache/error.log" => "apache-error",
"/var/log/apache-ssl/access.log" => "apache",
"/var/log/apache-ssl/error.log" => "apache-error",
"/var/log/bruexeclog" => "bru",
"/var/log/samba/log." => "smb",
"/var/log/wtmp" => "wtmp");
$verbose should be set to '1' if you would like to watch the process as
it logs are being parsed. Currently this only displays hi-level
information. If you don't want output set $verbose to '0'.
Here is an example of a file-base being parsed with $verbose enables:
processing /var/log/apache-ssl/access.log ...
processing /var/log/apache-ssl/access.log ... done.
processing /var/log/apache-ssl/access.log.1 ... done.
processing /var/log/apache-ssl/access.log.10.gz ... done.
processing /var/log/apache-ssl/access.log.11.gz ... done.
processing /var/log/apache-ssl/access.log.12.gz ... done.
processing /var/log/apache-ssl/access.log.13.gz ... done.
processing /var/log/apache-ssl/access.log.2.gz ... done.
processing /var/log/apache-ssl/access.log.3.gz ... done.
processing /var/log/apache-ssl/access.log.4.gz ... done.
processing /var/log/apache-ssl/access.log.5.gz ... done.
processing /var/log/apache-ssl/access.log.6.gz ... done.
processing /var/log/apache-ssl/access.log.7.gz ... done.
processing /var/log/apache-ssl/access.log.8.gz ... done.
processing /var/log/apache-ssl/access.log.9.gz ... done.
sending email for /var/log/apache-ssl/access.log ... done.
done with /var/log/apache-ssl/access.log.
The $hostname refers to the hostname of the machine you are
checking logs on. This is usually found with command: 'hostname -f'
The $server is used to define which SMTP server to connect to
when sending the email. Give the full DNS name. Use host or dig
to find your DNS name.
$mail_to is the email address that will receive the messages for each log
file. Currently mail-logs.pl does not support more than one email
address to be defined here. Define an email list to contain the various
people that should receive a copy of the mail messages.
Use this to change who is listed on the "From:" line in your email
headers. By default the script uses "mail-logs\@$hostname";
There are a few other system services that do not use the syslog standard
log file format. These services can be parsed by writing extra code... a
few examples of these services that I have added are apache, bru, smb,
and wtmp. If you have additional items to add to the list let me know -
ideas are great but working code is better.
If you find a bug please let me know email me at
Copyright (C) 2003 Aaron Thompson
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA. or visit
Click here to view the source code online
Click here to download the script