Use Atomic power to list your syslog messages!


You want to stay up to date with your syslog messages, but are to busy looking into your logs every 5 minutes.


I wrote a small python script that transforms your syslog-ng formatted messages from your logfile into an atom feed. So now you can use you favorite feed reader to keep up with your logs!

Mind you, you'll have to use syslog-ng. I don't know what will happen if you still use syslog.

First, you have to define a logfile in the syslog-ng.conf which will list all the messages you want to get. A complete syslog-ng tutorial should follow now, but I will supply you only with my configuration. Sorry.

I want all the messages with the levels warning, error, critical, alert and emergency to be listed:

filter f_feed { level(warn, err, crit, alert, emerg); };
destination feed { file("/var/log/messagefeed"); };
log { source(src); filter(f_feed); destination(feed); };

Now you need to configure the script to fit your environment. You'll find the configuration in the script itself (between the <--- configuration ---> tags):

The logfile your entry in syslog-ng.conf points to:


The file to be created. This has to be in a directory accessible through a web browser:


How many lines from the bottom of the logfile should the script look at:


What is the title of the feed:

FEEDTITLE="Syslog feed"

What is the subtitle of the feed (it will append the version number to this):

FEEDSUBTITLE="My first syslog feed"

The link of the feed:


The guy who manages the feed:


The email of the guy who manages the feed:


The UUID of the feed:


Your domain. This will be appended to the hostnames from the messages and form the link behind the feed entrys:


Now you just have to place the script in a convenient place (e.g. /usr/sbin/) and add it into your crontab:

crontab -e 

My crontab looks like this:

*/5 * * * * /usr/sbin/ 2>&1

So the script gets started every 5 minutes, and refreshes the feedfile.

The feedfile must be in a webroot of a webserver. I use apache2.

If you access the file from an feedreader or an feed enabled browser (like Firefox 2.0, Opera 9, IE7), you should see your last syslog messages.

You should be aware that putting the feed on an unsecured webserver is insecure: everyone can read your syslog messages. I propose an apache2 vhost with an acl.


This is tested on python 2.4 and 2.5. It will not work on python 2.2.

The script gets itself the last few lines from the specified logfile, computes from the UUIDs and reformats the strings to xml. Not much in it.

The UUID computing uses the most CPU time, the rest is just putting together some strings.

Duplicate messages are truncated into one with the tag "[multiple listings]" attached.

For a serious logserver, this system is a bit weak. I use php-syslog-ng for that. But to steadily list new errors in my Google Deskbar, it's great!

The difference between syslog and syslog-ng messages are the format of the timestamp and host information. Implementation of syslog support is on my ToDo list...

There is a known bug: The timestamp in the entry always contains the current year. This too is on my ToDo list.


Comment List