README/INSTALL for log_analysis log_analysis works with perl5.6.1 to perl5.8.8. If you're running anything much older, either upgrade or don't run log_analysis. :) Similarly, log_analysis was written for Linux and Solaris 2.6-7, and is known to work under OpenBSD 2.4-2.9 and HP-UX B.10.20 A 9000/800. If you run it on another OS, please let me know how it goes. Base functionality requires no additional perl modules. If you want gui mode, you'll need Tk, preferably 804.027 or later to avoid known bugs. Note for Fedora Core 5 (FC5) users: there is a problem with Tk 800.027 under FC5. Please reinstall Tk 800.027 from source if you get mysterious segmentation fault errors. To install, run the usual: ./configure && make su -c 'make install' For documentation, see the sample configs and tutorial in doc, read the manpage, run log_analysis -h, and run log_analysis -I internal_config. For GUI mode, run log_analysis -g. You can subscribe/unsubscribe to the mailing list by sending a message with the body "subscribe" or "unsubscribe" to: log_analysis-request@frakir.org The "INCOMPAT" file lists differences incompatible with previous public releases. Notes (important): - The default config for log_analysis reflects what my logs usually have. Your logs are likely to be a different. In particular, you'll probably want to have a local config file (ie. /usr/local/etc/log_analysis.conf) with appropriate logtype:, pattern:, format:, and dest: statements. The -U option is intended to make this step easier, by only outputting the log messages that are unknown to the current config. - On some systems, you have to be root to read some log files. If you don't have permission to read some of the logs that are read implicitly, log_analysis will silently skip them. To be sure that all the logfiles are read, specify them on the command line (ie. log_analysis /var/log/syslog*) or set required_log_files in the config. - It is customary to regularly "rollover" log files. Many log file formats don't include year infomation; among other benefits, rollover makes the dates in such logfiles unambiguous. log_analysis by default looks for log lines that match a particular day of the year, but does not even try to guess the year. If the OS you're using doesn't rollover some logfiles by default (ie. Solaris doesn't rollover /var/adm/wtmpx, /var/adm/wtmp, or /var/adm/sulog), you will need to rollover these files yourself to get valid output from this program.