Langue: en

Autres versions - même langue

Version: 362564 (ubuntu - 24/10/10)

Section: 5 (Format de fichier)


lwatch.conf --- configuration file for lwatch(1), syntax highlighting for syslog/syslog-ng file


Default configuration file for lwatch is /etc/lwatch/lwatch.conf (built-in value), but you can specify another file with -C command line option. Read lwatch(1) for details.


Everything from # (hash) to end of line is a comment.

General options

cfg_ver - this is obligatory variable and it must be placed as the first option in config file. This variable contains version of configuration file syntax. Current manual describes version 1.

rule_action - after successful matching rule lwatch tries to match next one. You can choose to exit after executing matching rule changing this parameter from continue (that's the default) to exit. You can override this global parameter for each rule. See section Actions and modificators.

use_syslog - if set to yes some messages will be logged through syslog, default is yes

log_level - how verbose log messages should produce lwatch

date_color - default color of date part

host_color - default color of hostname part

serv_color - default color of service part

mesg_color - default color of message part

input_file - where lwatch is reading data from, built-in default is /var/lib/lwatch/syslog.fifo, could be overwritten with command line option -i

output_file - where lwatch output colored data; built-in default is stdout (-), could be overwritten with command line option -o

show_unparsed - by default lwatch ignores lines which cannot be splitted into date, host, service and message, set this variable to yes if you would like to see those lines; it is the same as command line option -s

Available colors

To specify color you can use following strings: black, red, green, brown, blue, magenta, cyan, lightgray, darkgray, brightred, brightgreen, yellow, brightblue, purple, brightcyan, white.

Matching patterns

There The True Power of Lwatch is hidden. You can match input lines against PCRE (Perl Compatible Regular Expression) and change output depends on matching. You can read more about PCRE in pcrepattern(3) (from libpcre) or in perlre(1) (from perl).

There are two ways to define matching pattern/action. First one is the simple one. Just pattern and one action:

 /regexp/      action 
The second one is more complex, but it allows to specify more than one action or modificator with one pattern:
 /regexp/      { 


There is one important thing you should remember. There is no need to quote / (slash) if you use it inside regexp pattern. For example:

 //USR/SBIN/CRON/        {       # cron's messages are not important 
         color=blue              # display it in blue 


Actions and modificators

date_color - set date color

mesg_color, color - set message color

serv_color - set service name color

host_color - set hostname color

ignore - ignore this pattern, do not match next patterns

exit - do not match next patterns when rule_action is set to continue, in other case it is superfluous

continue - continue with next pattern when rule_action is set to exit, in other case it is superfluous; please note, that if ignore> is used in the same action it takes a priority - it makes no sense to match other rules for string that has been ignored

highlight - highlight matched string with given color (see NOTES)

match_host - match hostname insted message

match_service - match service name instead message


highlight action changes the matched text. That's why the following part of configuration wont work:

 /root/                         highlight=brown 
 /session closed for user root/ ignore 
 (pam_unix) session closed for user root 
would appear as an input line.

First rule changes the text to:

 (pam_unix) session closed for user [BROWN]root[NORMAL] 
where [BROWN] and [NORMAL] are control sequences to change color to brown, then change it back to default color of this part. Of course this line does not match the second rule and you can see it on the output.

There are two possible workarounds:

put the ignore pattern before the highlight one
enhance your second rules like:
 /session closed for user .*root.*/ ignore 



Just look into provided lwatch.conf.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England. This library is available at: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/


lwatch(1), pcrepattern(3), perlre(1)