Sébastien Aperghis-Tramoni > Parse-Syslog-Mail > Parse::Syslog::Mail

Download:
Parse-Syslog-Mail-0.17.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.17   Source  

NAME ^

Parse::Syslog::Mail - Parse mailer logs from syslog

VERSION ^

Version 0.17

SYNOPSIS ^

    use Parse::Syslog::Mail;

    my $maillog = Parse::Syslog::Mail->new('/var/log/syslog');
    
    while(my $log = $maillog->next) {
        # do something with $log
        # ...
    }

DESCRIPTION ^

As its names implies, Parse::Syslog::Mail presents a simple interface to gather mail information from a syslog file. It uses Parse::Syslog for reading the syslog, and offer the same simple interface. Currently supported log formats are: Sendmail, Postfix, Qmail.

METHODS ^

new()

Creates and returns a new Parse::Syslog::Mail object. A file path or a File::Tail object is expected as first argument. Options can follow as a hash. Most are the same as for Parse::Syslog->new().

Options

  • type - Format of the syslog stream. Can be one of "syslog" (traditional syslog format) or "metalog" (Metalog format).
  • year - Syslog files usually do store the time of the event without year. With this option you can specify the start-year of this log. If not specified, it will be set to the current year.
  • GMT - If this option is set, the time in the syslog will be converted assuming it is GMT time instead of local time.
  • repeat - Parse::Syslog will by default repeat xx times events that are followed by messages like "last message repeated xx times". If you set this option to false, it won't do that.
  • locale - Specifies an additional locale name or the array of locale names for the parsing of log files with national characters.
  • allow_future - If true will allow for timestamps in the future. Otherwise timestamps of one day in the future and more will not be returned (as a safety measure against wrong configurations, bogus year arguments, etc.)

Example

    my $syslog = new Parse::Syslog::Mail '/var/log/syslog', allow_future => 1;
next()

Returns the next line of the syslog as a hashref, or undef when there is no more lines. The hashref contains at least the following keys:

  • host - hostname of the machine.
  • program - name of the program.
  • timestamp - Unix timestamp for the event.
  • id - Local transient mail identifier.
  • text - text description.

Other available keys:

  • from - Email address of the sender.
  • to - Email addresses of the recipients, coma-separated.
  • msgid - Message ID.
  • relay - MTA host used for relaying the mail.
  • status - Status of the transaction.
  • delivery_type - (Qmail only) type of the delivery: "local" or "remote".
  • delivery_id - (Qmail only) id number of the delivery.

Example

    while(my $log = $syslog->next) {
        # do something with $log
    }

DIAGNOSTICS ^

Can't create new %s object: %s

(F) Occurs in new(). As the message says, we were unable to create a new object of the given class. The rest of the error may give more information.

Expected an argument

(F) You tried to call new() with no argument.

SEE ALSO ^

Parse::Syslog

Inspecter /var/log/mail.log avec Parse::Syslog::Mail, by Philippe Bruhat, published in GNU/Linux Magazine France #92, March 2007

TODO ^

Add support for other mailer daemons (Exim, Courier, Qpsmtpd). Send me logs or, even better, patches, if you want support for your favorite mailer daemon.

AUTHOR ^

Sébastien Aperghis-Tramoni <sebastien (at) aperghis.net>

BUGS ^

Please report any bugs or feature requests to bug-parse-syslog-mail (at) rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/Bugs.html?Dist=Parse-Syslog-Mail. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

CAVEATS ^

Most probably the same as Parse::Syslog, see "BUGS" in Parse::Syslog

COPYRIGHT & LICENSE ^

Copyright 2005, 2006, 2007, 2008 Sébastien Aperghis-Tramoni, All Rights Reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: