NAME

HTTPD::WatchLog - watching Apache AccessLog simply in realtime

SYNOPSIS

  use HTTPD::WatchLog;

  # ready..
  my $log = new HTTPD::WatchLog;

  $log->file('/usr/local/apache/logs/combined_log');
  $log->addr2host(1);    # convert ip address to hostname

  # set some options
  $log->quote(1);
  $log->ignore('localhost', '192.168.0.');
  $log->ignore('/cgi-bin/');
  $log->highlight('POST ');
  $log->highlight(' 404 ', ' 500 ');

  $log->pack(1);
  $log->align_width or $log->width(120);
  $log->epoch2date(1);
  $log->fd($fh);

  # regist triggers
  $log->trigger( sub {
      my $line = shift;
      print STDERR "*** worm detected! \n" if $line =~ m|/root\.exe|;
    } );

  # go!
  $log->watch;

DESCRIPTION

HTTPD::WatchLog is designed for watching Apache webserver's (or Squid's) AccessLog in realtime. This module provides unix command tail(1) like environment with more enhancement.

At least on FreeBSD, this doesn't work properly,

  shell> tail -F access_log | grep -v foo | grep -v bar | grep -v buz ...

so I need other facile solutions.

METHOD

new()

        Construct a object. Some values (provided as accessors)
        can be set here.

        my $log = HTTPD::WatchLog->new(
            file => '/usr/local/apache/logs/access_log',
            addr2host => 1,
          );

file()

        File path of what you want to watch. The default path is
        '/usr/local/apache/logs/access_log'.

        $log->file('/var/httpd/logs/combined_log');

addr2host()

        Turn on ip address to hostnam DNS lookup switch. boolean value.

        $log->addr2host(1);    # on
        $log->addr2host(0);    # off (default)

quote()

        If true, meta characters in your regex patterns may be quoted
        using built-in quotemeta() function,

        $log->quote(1);   # on
        $log->quote(0);   # off (default)

        means these lines are ..

        $log->quote(0);
        $log->ignore('192\.168\.0\.');

        the same as below. You can set it when you don't want to put regex
        into 'ignore' or 'highlight' list.

        $log->quote(1);
        $log->ignore('192.168.0.');

ignore()

        Set pattern(s) as scalar or array. The module ignores lines
        that cotains at least one of the pattern(s).

        $log->ignore( 'localhost', '192\.168\.0\.' );
        $log->ignore( 'Mon' );    # i hate monday of course .. ;-)

highlight()

        Set pattern(s) as scalar or array. highlight()ed term is
        highlightly showed if you use proper terminal.

        $log->highlight( 'HEAD ', 'POST ' );
        $log->highlight( 'root\.exe' );

trigger()

        Regist trigger subroutines as scalar or array.

        my $sub = sub {  ...  };
        my $sub2 = sub {  ...  };
        $log->trigger( $sub, $sub2 );

pack()

        Pack MIME-encoded multibyte charactors to plain text. boolean value.

        $log->pack(1);    # on
        $log->pack(0);    # off (default)

width()

        Truncate the tail of each lines. The chars after 'width' butes will
        be deleted. This means you don't need to see folded lines.

        $log->width(80);    # showed only 80 chars from line head.
        $log->width(0);    # off (default)

align_width()

        Autoset the terminal columns to width by using Term::Size.

        $log->align_width;
        $log->align_width or $log->width(120);

epoch2date()

        Replace epoch-like digits to human-readable string. boolean value.
        This may be useful in squid log.

        e.g. 1068056885.612 -> 6 03:28:05

        $log->epoch2date(1);    # on
        $log->epoch2date(0);    # off (default)

fh()

        Set filehandle object. 'STDOUT' is default.

        my $fh = new FileHandle $logfile, 'w';
        $log->fh($fh);

watch()

        Now you can get it ! That's all.

        $log->watch;

DEPENDENCY

File::Tail, Class::Accessor

AUTHOR

ryochin <ryochin@cpan.org>

SEE ALSO

perl(1), tail(1), File::Tail, Socket, Class::Accessor, Term::Size