lwatch — syntax highlighting for syslog/syslog-ng file

       Lwatch  accepts  some  command  line  options.  Command  line  options  have  precedence over values from
       configuration file.

       -Cfilename--configfilename
                 read config from filename instead of /etc/lwatch.conf

       -ifilename--inputfilename
                 read data from named fifo filename instead of /var/lib/syslog.fifo

       -ofilename--outputfilename
                 write colored logs to filename instead stdout

       -s--show-unparsed
                 show unparsed lines like `last message repeated 5 times' or `--- MARK ---'

       -d--daemon  run as daemon, detach from control terminal, move to background

       -O--omit-rc do not read values from config file

       -h--help    show help about runtime option

       -v--version show version and copyright notices

       This  program  is  free  software;  you  can  redistribute it and/or modify it under the terms of the GNU
       General Public License as published by the Free Software Foundation; either version 2 of the License,  or
       (at your option) any later version.

       Regular  expression  support  is  provided  by  the  PCRE library package, which is open source software,
       written by Philip Hazel, and copyright by the University of Cambridge, England. This library is available
       at: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/

       Lwatch is a log colorizer. It reads syslog/syslog-ng data from named fifo  or  from  stdin  and  displays
       colored logs into stdout.

       Lwatch  is  highly  user-customizable.  It reads configuration data from the file /etc/lwatch.conf or (if
       given) from the file provided with option -C

       The way it works is simple. It reads a line from input (build-in default is /var/lib/syslog.fifo), splits
       it into four parts: date, hostname, service name (with PID, if available) and real message. Each part has
       its own default color. You can redefine them in configuration file. Default colors  as  the  same  as  in
       loco(1)  [see:  http://www.zjuul.net/~jules/loco/].  But lwatch is not only a static log colorizer. It is
       something more. It can colorize your logs any way you wish. You are able to set a new color for any  part
       (date, host, service, message) using regexp based patterns.

lwatch  — syntax highlighting for syslog/syslog-ng file

       I have written this tool for my own needs because perl tools, however flexible, eated a lot of memory and
       CPU.  I have found it useful and I share it with the Open Source Community. But still, developing of this
       software is driven by my own needs. So, you could expect next release in a year or two ;)

       It would be really nice if you could find some time and spare it for rating  this  project  on  FreshMeat
       (see  RESOURCES).  Comments  are  welcome  too.  I  cannot promise that I will add new features to lwatch
       immediately but any positive feedback will raise my motivation level up.

       Thank you in advance for your time.

          •  http://sf.net/projects/lwatch

          •  http://freshmeat.net/projects/lwatch/

       Preferred way to run lwatch is to read syslog messages from named fifo or from standard input.

       If you use syslog you really want to read messages from named fifo.  To do it, put a line:

       *.*                                 |/var/lib/syslog.fifo

       in your syslog.conf. Create appropriate fifo and restart syslog, then run lwatch. You can also run lwatch
       before starting syslog.  If you don't know how to create named fifo see mknod(1) for details.

       Remember:

          •  fifo must exist

          •  proper name must be put in /etc/lwatch.conf or given with -i command line option

       In syslog-ng you can run lwatch directly from syslog, i.e.:

       log { source(src); destination(console_all);};
       destination console_all {program("/usr/bin/lwatch -i- -o/dev/tty11"); };

       Lwatch does not support reading from regular files. If you really need this functionality  use  following
       command:

       tail -f /path/to/filename | /usr/bin/lwatch -i-
       It could be subject to change in the future.

lwatch.conf(5)

                                                                                                       lwatch(1)

lwatch  [-C  filename]   [--config filename]  [-i filename]  [--input filename]  [-o filename]  [--output
       filename]  [-sdOhv]  [--show-unparsed]  [--daemon]  [--omit-rc]  [--help]