log2mail 0.0.1.pre2

data/lib/log2mail/report.rb

@@ -0,0 +1,92 @@
+module Log2mail
+
+  class ReportFactory
+
+    def initialize( config )
+      @config = config
+    end
+
+    def reports_from_hit( hit )
+      reps = []
+      mailtos = @config.mailtos_for_pattern( hit.file, hit.pattern )
+      mailtos.each do |mailto|
+        settings           = @config.settings_for_mailto( hit.file, hit.pattern, mailto )
+        r                  = Report.new
+        r.recipients       = mailto
+        r.from             = settings[:fromaddr] if settings[:fromaddr]
+        r.template         = settings[:template] if settings[:template]
+        r.sendmail_command = settings[:sendmail] if settings[:sendmail]
+        r.hit              = hit
+        reps << r
+      end
+      reps
+    end
+
+  end
+
+
+  class Report
+
+    attr_accessor :recipients, :from, :subject, :template
+    attr_accessor :hit
+
+    attr_reader :sendmail_location, :sendmail_arguments
+
+    def initialize
+      @recipients = []
+      @from       = "log2mail"
+      @subject    = "[Log2mail]"
+    end
+
+    def deliver
+      m = Mail.new
+      m.to      = Array(@recipients).join(',')
+      m.from    = @from
+      m.subject = @subject
+      m.body    = body_from_template
+      if @sendmail_location
+        m.delivery_method :sendmail, :location => @sendmail_location, :arguments => String(@sendmail_arguments)
+      end
+      m.deliver!
+      $logger.info "Delivered report to #{m.to}."
+      # FIXME: state message id instead full report
+      $logger.debug m.to_s
+    rescue
+      # FIXME: state message id instead full report
+      $logger.warn "Failed to deliver report: #{m}. Reason: #{$!.inspect}"
+    end
+
+    def sendmail_command=(txt)
+      return unless txt
+      s = txt.split(/^(\S+)\s*(.*)$/)
+      @sendmail_location  = s[1]
+      @sendmail_arguments = s[2]
+      self
+    end
+
+    private
+
+    def body_from_template
+      if @template
+        template = IO.read(@template)
+      else
+        template = <<-TEMPLATE
+Hello!
+
+We have matched your pattern "%m" in "%F" %n times:
+
+%l
+
+Yours,
+log2mail.
+        TEMPLATE
+      end
+      template.gsub!('%f', @from)
+      template.gsub!('%t', Array(@recipients).join(', '))
+      template.gsub!('%m', String(@hit.pattern) )
+      template.gsub!('%F', @hit.file)
+      template.gsub!('%l', @hit.matched_text.chomp)
+    end
+
+  end
+end

data/lib/log2mail/version.rb

@@ -0,0 +1,6 @@
+module Log2mail
+  PROGNAME    = 'log2mail.rb'
+  VERSION     = "0.0.1.pre2"
+  AUTHOR      = "Markus Strauss"
+  AUTHOR_MAIL = "log2mail@dev.sieb.mx"
+end

data/lib/log2mail/watcher.rb

@@ -0,0 +1,61 @@
+require_relative 'file'
+
+module Log2mail
+  class Watcher
+
+    # class <<self
+    #   attr_accessor :logfile, :maxbufsize
+    #   attr_reader :pattern
+    # end
+
+    def initialize( config, sleeptime )
+      fail Error, 'Invalid configuration.' unless config.instance_of?(Log2mail::Config)
+      @file_patterns = config.file_patterns
+      @files = @file_patterns.keys.map {|f| Log2mail::File.new(f, @file_patterns[f] ) }
+      @sleeptime = sleeptime
+
+      @report_queue = []
+      @factory = ReportFactory.new(config)
+    end
+
+    def run
+      open_and_seek_files
+      loop do
+        return unless running?
+        @files.each do |file|
+          if file.eof?
+            file.open if file.rotated?
+          end
+          hits = file.parse(file.read_to_end)
+          report hits unless hits.empty?
+        end
+        sleep @sleeptime
+      end
+    end
+
+    private
+
+    def running?
+      true
+    end
+
+    def open_and_seek_files
+      @files.each do |file|
+        file.open and file.seek_to_end
+      end
+    end
+
+    def log(msg, sev = ::Logger::DEBUG)
+      $logger.log sev, '%s%s  [%s]' % [msg, $/, caller.first]
+    end
+
+    def report(hits)
+      reports = hits.map { |hit| @factory.reports_from_hit( hit ) }.flatten
+      reports.each do |report|
+        log("Sending report: #{report.inspect}")
+        report.deliver
+      end
+    end
+
+  end
+end

data/lib/log2mail.rb

@@ -0,0 +1,8 @@
+%w{ main mail terminal-table }.each {|r| require r}
+%w{ kernel string main }.each {|r| require_relative "ext/#{r}"}
+begin
+  require 'syslog/logger'
+rescue LoadError
+  require_relative 'ext/syslog_logger'
+end
+%w{ version error logger_formatter config watcher hit report }.each {|r| require_relative "log2mail/#{r}"}

data/log2mail.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'log2mail/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'log2mail'
+  spec.version       = Log2mail::VERSION
+  spec.authors       = Log2mail::AUTHOR
+  spec.email         = Log2mail::AUTHOR_MAIL
+  spec.summary       = %q{monitors (log) files for patterns and reports hits by mail}
+  spec.description   = %q{A regular expression based log file monitoring tool.}
+  spec.homepage      = 'https://github.com/mstrauss/log2mail.rb/'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+  spec.extra_rdoc_files = Dir.glob('man/*.html')
+
+  spec.required_ruby_version = '>= 1.9.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'factory_girl'
+  spec.add_development_dependency 'ronn'
+  spec.add_development_dependency 'cucumber'
+  spec.add_development_dependency 'rake-notes'
+  spec.add_runtime_dependency 'mail', '~> 2.6', '>= 2.6.3'
+  spec.add_runtime_dependency 'gem-man', '~> 0.3', '>= 0.3.0'
+  spec.add_runtime_dependency 'main', '~> 6.1.0'
+  spec.add_runtime_dependency 'terminal-table'
+end

data/man/log2mail.1

@@ -0,0 +1,121 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "LOG2MAIL\.RB" "1" "December 2014" "" ""
+.
+.SH "NAME"
+\fBlog2mail\.rb\fR \- monitors (log) files for patterns and reports hits by mail
+.
+.SH "SYNOPSIS"
+\fBlog2mail\.rb\fR (start|stop|status|configtest) [\fIoptions\fR]:
+.
+.SH "DESCRIPTION"
+\fBlog2mail\.rb\fR helps having an eye on your systems\' log files\. It efficiently monitors multiple files and reports as soon as specified (regular expression) patterns match\.
+.
+.P
+On startup, \fBlog2mail\.rb\fR opens all files on the \'watch list\' and seeks to EOF\. All new data are parsed about once a minute (see \fB\-\-sleeptime\fR)\.  Matched patterns are reported to the configured mail address(es) (see \fBmailto\fR configuration option)\.
+.
+.P
+Log files are reopened automatically when rotated\.
+.
+.P
+\fBlog2mail\.rb\fR is a pure ruby clone of log2mail \fIhttps://packages\.debian\.org/squeeze/log2mail\fR which supports most of the original\'s features and configuration syntax and adds multiline regular expression matching\. Actually it should be possible to use \fBlog2mail\.rb\fR with your existing configuration you may have for log2mail(8)\.
+.
+.SH "OPTIONS"
+.
+.TP
+\fB\-\-config\fR=\fIpath\fR, \fB\-c\fR \fIpath\fR
+Specifies the configuration file or directory path\. If \fIpath\fR is a directory, all files (except such ending in \fB~\fR or \fB#\fR) are parsed in sorted order\. Sorting is by character code, i\.e\. 0\-9 before A\-Z followed by a\-z\. Default value: \fB/etc/log2mail/conf\fR\. This can also be set by environment variable \fBLOG2MAIL_CONF\fR\.
+.
+.TP
+\fB\-\-sleeptime\fR=\fIseconds\fR
+Specifies at which interval (in seconds) the log files are parsed\. Default value: 60\.
+.
+.SH "ENVIRONMENT"
+\fBlog2mail\.rb\fR uses the environment variable \fBLOG2MAIL_CONF\fR, if present (see option \fB\-\-config\fR)\. The value supplied by option takes precedence\.
+.
+.SH "CONFIGURATION (OLD\-STYLE)"
+The old\-style configuration syntax is directly cloned from log2mail(8)\'s behavior and should be mostly compatible\. It may seem a bit awkward first, but this is how it works: There are two possible top\-level \'sections\', \fBdefaults\fR and \fBfile=\fR\fIpath\-to\-log\-file\fR sections\. The only statement allowed after a \fBfile=\.\.\.\fR section are one or more \fBpattern=\fR\fIpattern\fR entries\. After the \fBpattern=\.\.\.\fR there may be one or more \fBmailto=\fR\fIsingle\-mail\-recipient\fR entries\. After each \fBmailto=\.\.\.\fR there may be options for that recipient\. Also, these options are set from the special \fBdefaults\fR section, if present (usually it is)\.
+.
+.P
+The basic layout looks like follows:
+.
+.IP "" 4
+.
+.nf
+
+# comments start with pound sign (aka hash or number sign)
+
+defaults
+  fromaddr   = DEFAULT FROMADDR
+  sendtime   = DEFAULT SENDTIME   # seconds
+  resendtime = DEFAULT RESENDTIME # seconds
+  maxlines   = DEFAULT MAXLINES   # number of lines
+  template   = DEFAULT TEMPLATE   # filename or path
+  sendmail   = DEFAULT SENDMAIL   # path to executable with arguments
+  mailto     = DEFAULT RECIPIENT  # new to log2mail\.rb
+  # awkward, not recommended, but possible:
+  pattern    = DEFAULT PATTERN    # this pattern would be applied to every file
+  mailto     = DEFAULT RECIPIENT for previous DEFAULT PATTERN
+
+# one or more file sections follow
+file = FILENAME
+
+  # each file can have one or more patterns
+  pattern = PATTERN
+
+    # each pattern can have one or more mailto recipients
+    # each recipient gets its own mailto=\.\.\. statement
+    mailto = MAIL
+
+      # every option NOT stated here is supplied from defaults
+      fromaddr   = \.\.\.
+      sendtime   = \.\.\.
+      resendtime = \.\.\.
+      maxlines   = \.\.\.
+      template   = \.\.\.
+      sendmail   = \.\.\.
+
+# "include" includes the contents of file at the exact place of the
+# include statement
+include = PATH TO FILE
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Note that indentation is done for readability purposes only\. It serves no role syntactically\.
+.
+.P
+Splitting the configuration into multiple files is possible, and convenient when using automation tools to distribute settings\. In opposition to classic log2mail, with \fBlog2mail\.rb\fR it does not matter at which place the \fBdefaults\fR section is parsed\. Keep in mind though, that later definitions may override earlier ones\. In that case a warning is logged\.
+.
+.SH "CONFIGURATION (NEW\-STYLE)"
+None (yet)\. More features might warrant a new configuration syntax\.
+.
+.SH "SECURITY CONSIDERATIONS"
+It is neither necessary nor recommended to run this software as root\.
+.
+.SH "BUGS"
+Configuration options \fBsendtime\fR, \fBresendtime\fR, \fBmaxlines\fR not implemented yet\. Every match produces a single mail which is sent out immediately \- which could produce a lot of mails\.
+.
+.SH "HISTORY"
+December 2014: This software is not feature\-complete and in pre\-release testing\.
+.
+.SH "AUTHOR"
+Markus Strauss <\fIlog2mail@dev\.sieb\.mx\fR>
+.
+.SH "THANKS"
+Many thanks to Michael Krax for writing the classic \fBlog2mail\fR in the first place\.
+.
+.SH "SEE ALSO"
+Documentation for the classic log2mail software by Michael Krax:
+.
+.IP "\(bu" 4
+log2mail(8), log2mail\.conf(5)
+.
+.IP "\(bu" 4
+Configuration notice from the Debian project \fIhttps://raw\.githubusercontent\.com/lordlamer/log2mail/e6beb36644ce74639cbc453e664a08ed15f138b9/Configuration\fR
+.
+.IP "" 0
+

data/man/log2mail.1.html

@@ -0,0 +1,207 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv='content-type' value='text/html;charset=utf8'>
+  <meta name='generator' value='Ronn/v0.7.3 (http://github.com/rtomayko/ronn/tree/0.7.3)'>
+  <title>log2mail.rb(1) - monitors (log) files for patterns and reports hits by mail</title>
+  <style type='text/css' media='all'>
+  /* style: man */
+  body#manpage {margin:0}
+  .mp {max-width:100ex;padding:0 9ex 1ex 4ex}
+  .mp p,.mp pre,.mp ul,.mp ol,.mp dl {margin:0 0 20px 0}
+  .mp h2 {margin:10px 0 0 0}
+  .mp > p,.mp > pre,.mp > ul,.mp > ol,.mp > dl {margin-left:8ex}
+  .mp h3 {margin:0 0 0 4ex}
+  .mp dt {margin:0;clear:left}
+  .mp dt.flush {float:left;width:8ex}
+  .mp dd {margin:0 0 0 9ex}
+  .mp h1,.mp h2,.mp h3,.mp h4 {clear:left}
+  .mp pre {margin-bottom:20px}
+  .mp pre+h2,.mp pre+h3 {margin-top:22px}
+  .mp h2+pre,.mp h3+pre {margin-top:5px}
+  .mp img {display:block;margin:auto}
+  .mp h1.man-title {display:none}
+  .mp,.mp code,.mp pre,.mp tt,.mp kbd,.mp samp,.mp h3,.mp h4 {font-family:monospace;font-size:14px;line-height:1.42857142857143}
+  .mp h2 {font-size:16px;line-height:1.25}
+  .mp h1 {font-size:20px;line-height:2}
+  .mp {text-align:justify;background:#fff}
+  .mp,.mp code,.mp pre,.mp pre code,.mp tt,.mp kbd,.mp samp {color:#131211}
+  .mp h1,.mp h2,.mp h3,.mp h4 {color:#030201}
+  .mp u {text-decoration:underline}
+  .mp code,.mp strong,.mp b {font-weight:bold;color:#131211}
+  .mp em,.mp var {font-style:italic;color:#232221;text-decoration:none}
+  .mp a,.mp a:link,.mp a:hover,.mp a code,.mp a pre,.mp a tt,.mp a kbd,.mp a samp {color:#0000ff}
+  .mp b.man-ref {font-weight:normal;color:#434241}
+  .mp pre {padding:0 4ex}
+  .mp pre code {font-weight:normal;color:#434241}
+  .mp h2+pre,h3+pre {padding-left:0}
+  ol.man-decor,ol.man-decor li {margin:3px 0 10px 0;padding:0;float:left;width:33%;list-style-type:none;text-transform:uppercase;color:#999;letter-spacing:1px}
+  ol.man-decor {width:100%}
+  ol.man-decor li.tl {text-align:left}
+  ol.man-decor li.tc {text-align:center;letter-spacing:4px}
+  ol.man-decor li.tr {text-align:right;float:right}
+  </style>
+  <style type='text/css' media='all'>
+  /* style: toc */
+  .man-navigation {display:block !important;position:fixed;top:0;left:113ex;height:100%;width:100%;padding:48px 0 0 0;border-left:1px solid #dbdbdb;background:#eee}
+  .man-navigation a,.man-navigation a:hover,.man-navigation a:link,.man-navigation a:visited {display:block;margin:0;padding:5px 2px 5px 30px;color:#999;text-decoration:none}
+  .man-navigation a:hover {color:#111;text-decoration:underline}
+  </style>
+</head>
+<!--
+  The following styles are deprecated and will be removed at some point:
+  div#man, div#man ol.man, div#man ol.head, div#man ol.man.
+
+  The .man-page, .man-decor, .man-head, .man-foot, .man-title, and
+  .man-navigation should be used instead.
+-->
+<body id='manpage'>
+  <div class='mp' id='man'>
+
+  <div class='man-navigation' style='display:none'>
+    <a href="#NAME">NAME</a>
+    <a href="#SYNOPSIS">SYNOPSIS</a>
+    <a href="#DESCRIPTION">DESCRIPTION</a>
+    <a href="#OPTIONS">OPTIONS</a>
+    <a href="#ENVIRONMENT">ENVIRONMENT</a>
+    <a href="#CONFIGURATION-OLD-STYLE-">CONFIGURATION (OLD-STYLE)</a>
+    <a href="#CONFIGURATION-NEW-STYLE-">CONFIGURATION (NEW-STYLE)</a>
+    <a href="#SECURITY-CONSIDERATIONS">SECURITY CONSIDERATIONS</a>
+    <a href="#BUGS">BUGS</a>
+    <a href="#HISTORY">HISTORY</a>
+    <a href="#AUTHOR">AUTHOR</a>
+    <a href="#THANKS">THANKS</a>
+    <a href="#SEE-ALSO">SEE ALSO</a>
+  </div>
+
+  <ol class='man-decor man-head man head'>
+    <li class='tl'>log2mail.rb(1)</li>
+    <li class='tc'></li>
+    <li class='tr'>log2mail.rb(1)</li>
+  </ol>
+
+  <h2 id="NAME">NAME</h2>
+<p class="man-name">
+  <code>log2mail.rb</code> - <span class="man-whatis">monitors (log) files for patterns and reports hits by mail</span>
+</p>
+
+<h2 id="SYNOPSIS">SYNOPSIS</h2>
+
+<p><code>log2mail.rb</code> (start|stop|status|configtest) [<var>options</var>]:</p>
+
+<h2 id="DESCRIPTION">DESCRIPTION</h2>
+
+<p><code>log2mail.rb</code> helps having an eye on your systems' log files.  It efficiently monitors multiple files and reports as soon as specified (regular expression) patterns match.</p>
+
+<p>On startup, <code>log2mail.rb</code> opens all files on the 'watch list' and seeks to EOF.  All new data are parsed about once a minute (see <code>--sleeptime</code>). <!-- If necessary, i.e. when multiline patterns are set for the file, every new data is put into a fixed-size buffer.  The buffer is rolled over when it gets full. --> Matched patterns are reported to the configured mail address(es) (see <code>mailto</code> configuration option).</p>
+
+<p>Log files are reopened automatically when rotated.</p>
+
+<p><code>log2mail.rb</code> is a pure ruby clone of <a href="https://packages.debian.org/squeeze/log2mail">log2mail</a> which supports most of the original's features and configuration syntax and adds multiline regular expression matching.  Actually it should be possible to use <code>log2mail.rb</code> with your existing configuration you may have for <span class="man-ref">log2mail<span class="s">(8)</span></span>.</p>
+
+<h2 id="OPTIONS">OPTIONS</h2>
+
+<dl>
+<dt><code>--config</code>=<var>path</var>, <code>-c</code> <var>path</var></dt><dd><p>Specifies the configuration file or directory path.  If <var>path</var> is a directory, all files (except such ending in <code>~</code> or <code>#</code>) are parsed in sorted order. Sorting is by character code, i.e. 0-9 before A-Z followed by a-z.
+Default value: <code>/etc/log2mail/conf</code>.
+This can also be set by environment variable <code>LOG2MAIL_CONF</code>.</p></dd>
+<dt><code>--sleeptime</code>=<var>seconds</var></dt><dd><p>Specifies at which interval (in seconds) the log files are parsed.  Default value: 60.</p></dd>
+</dl>
+
+
+<h2 id="ENVIRONMENT">ENVIRONMENT</h2>
+
+<p><code>log2mail.rb</code> uses the environment variable <code>LOG2MAIL_CONF</code>, if present (see option <code>--config</code>).  The value supplied by option takes precedence.</p>
+
+<h2 id="CONFIGURATION-OLD-STYLE-">CONFIGURATION (OLD-STYLE)</h2>
+
+<p>The old-style configuration syntax is directly cloned from <span class="man-ref">log2mail<span class="s">(8)</span></span>'s behavior and should be mostly compatible.  It may seem a bit awkward first, but this is how it works:  There are two possible top-level 'sections', <code>defaults</code> and <code>file=</code><var>path-to-log-file</var> sections. The only statement allowed after a <code>file=...</code> section are one or more <code>pattern=</code><var>pattern</var> entries.  After the <code>pattern=...</code> there may be one or more <code>mailto=</code><var>single-mail-recipient</var> entries.  After each <code>mailto=...</code> there may be options for that recipient.  Also, these options are set from the special <code>defaults</code> section, if present (usually it is).</p>
+
+<p>The basic layout looks like follows:</p>
+
+<pre><code># comments start with pound sign (aka hash or number sign)
+
+defaults
+  fromaddr   = DEFAULT FROMADDR
+  sendtime   = DEFAULT SENDTIME   # seconds
+  resendtime = DEFAULT RESENDTIME # seconds
+  maxlines   = DEFAULT MAXLINES   # number of lines
+  template   = DEFAULT TEMPLATE   # filename or path
+  sendmail   = DEFAULT SENDMAIL   # path to executable with arguments
+  mailto     = DEFAULT RECIPIENT  # new to log2mail.rb
+  # awkward, not recommended, but possible:
+  pattern    = DEFAULT PATTERN    # this pattern would be applied to every file
+  mailto     = DEFAULT RECIPIENT for previous DEFAULT PATTERN
+
+# one or more file sections follow
+file = FILENAME
+
+  # each file can have one or more patterns
+  pattern = PATTERN
+
+    # each pattern can have one or more mailto recipients
+    # each recipient gets its own mailto=... statement
+    mailto = MAIL
+
+      # every option NOT stated here is supplied from defaults
+      fromaddr   = ...
+      sendtime   = ...
+      resendtime = ...
+      maxlines   = ...
+      template   = ...
+      sendmail   = ...
+
+# "include" includes the contents of file at the exact place of the
+# include statement
+include = PATH TO FILE
+</code></pre>
+
+<p>Note that indentation is done for readability purposes only.  It serves no role syntactically.</p>
+
+<p>Splitting the configuration into multiple files is possible, and convenient when using automation tools to distribute settings.  In opposition to classic log2mail, with <code>log2mail.rb</code> it does not matter at which place the <code>defaults</code> section is parsed.  Keep in mind though, that later definitions may override earlier ones. In that case a warning is logged.</p>
+
+<h2 id="CONFIGURATION-NEW-STYLE-">CONFIGURATION (NEW-STYLE)</h2>
+
+<p>None (yet).  More features might warrant a new configuration syntax.</p>
+
+<h2 id="SECURITY-CONSIDERATIONS">SECURITY CONSIDERATIONS</h2>
+
+<p>It is neither necessary nor recommended to run this software as root.</p>
+
+<h2 id="BUGS">BUGS</h2>
+
+<p>Configuration options <code>sendtime</code>, <code>resendtime</code>, <code>maxlines</code> not implemented yet.  Every match produces a single mail which is sent out immediately - which could produce a lot of mails.</p>
+
+<h2 id="HISTORY">HISTORY</h2>
+
+<p>December 2014:
+This software is not feature-complete and in pre-release testing.</p>
+
+<h2 id="AUTHOR">AUTHOR</h2>
+
+<p>Markus Strauss &lt;<a href="&#109;&#97;&#x69;&#108;&#116;&#111;&#x3a;&#108;&#111;&#x67;&#x32;&#x6d;&#x61;&#105;&#x6c;&#x40;&#x64;&#101;&#118;&#x2e;&#115;&#x69;&#x65;&#x62;&#46;&#x6d;&#120;" data-bare-link="true">&#108;&#111;&#103;&#50;&#109;&#x61;&#x69;&#108;&#x40;&#100;&#x65;&#118;&#46;&#x73;&#x69;&#101;&#98;&#x2e;&#x6d;&#x78;</a>></p>
+
+<h2 id="THANKS">THANKS</h2>
+
+<p>Many thanks to Michael Krax for writing the classic <strong>log2mail</strong> in the first place.</p>
+
+<h2 id="SEE-ALSO">SEE ALSO</h2>
+
+<p>Documentation for the classic log2mail software by Michael Krax:</p>
+
+<ul>
+<li><span class="man-ref">log2mail<span class="s">(8)</span></span>, <span class="man-ref">log2mail.conf<span class="s">(5)</span></span></li>
+<li><a href="https://raw.githubusercontent.com/lordlamer/log2mail/e6beb36644ce74639cbc453e664a08ed15f138b9/Configuration">Configuration notice from the Debian project</a></li>
+</ul>
+
+
+
+  <ol class='man-decor man-foot man foot'>
+    <li class='tl'></li>
+    <li class='tc'>December 2014</li>
+    <li class='tr'>log2mail.rb(1)</li>
+  </ol>
+
+  </div>
+</body>
+</html>

data/man/log2mail.1.ronn

@@ -0,0 +1,108 @@
+log2mail.rb(1) -- monitors (log) files for patterns and reports hits by mail
+============================================================================
+
+## SYNOPSIS
+
+`log2mail.rb` (start|stop|status|configtest) [<options>]:
+
+## DESCRIPTION
+
+`log2mail.rb` helps having an eye on your systems' log files.  It efficiently monitors multiple files and reports as soon as specified (regular expression) patterns match.
+
+On startup, `log2mail.rb` opens all files on the 'watch list' and seeks to EOF.  All new data are parsed about once a minute (see `--sleeptime`). <!-- If necessary, i.e. when multiline patterns are set for the file, every new data is put into a fixed-size buffer.  The buffer is rolled over when it gets full. --> Matched patterns are reported to the configured mail address(es) (see `mailto` configuration option).
+
+Log files are reopened automatically when rotated.
+
+`log2mail.rb` is a pure ruby clone of [log2mail](https://packages.debian.org/squeeze/log2mail) which supports most of the original's features and configuration syntax and adds multiline regular expression matching.  Actually it should be possible to use `log2mail.rb` with your existing configuration you may have for log2mail(8).
+
+## OPTIONS
+
+  * `--config`=<path>, `-c` <path>:
+    Specifies the configuration file or directory path.  If <path> is a directory, all files (except such ending in `~` or `#`) are parsed in sorted order. Sorting is by character code, i.e. 0-9 before A-Z followed by a-z.
+    Default value: `/etc/log2mail/conf`.
+    This can also be set by environment variable `LOG2MAIL_CONF`.
+
+  * `--sleeptime`=<seconds>:
+    Specifies at which interval (in seconds) the log files are parsed.  Default value: 60.
+
+## ENVIRONMENT
+
+`log2mail.rb` uses the environment variable `LOG2MAIL_CONF`, if present (see option `--config`).  The value supplied by option takes precedence.
+
+## CONFIGURATION (OLD-STYLE)
+
+The old-style configuration syntax is directly cloned from log2mail(8)'s behavior and should be mostly compatible.  It may seem a bit awkward first, but this is how it works:  There are two possible top-level 'sections', `defaults` and `file=`<path-to-log-file> sections. The only statement allowed after a `file=...` section are one or more `pattern=`<pattern> entries.  After the `pattern=...` there may be one or more `mailto=`<single-mail-recipient> entries.  After each `mailto=...` there may be options for that recipient.  Also, these options are set from the special `defaults` section, if present (usually it is).
+
+The basic layout looks like follows:
+
+    # comments start with pound sign (aka hash or number sign)
+
+    defaults
+      fromaddr   = DEFAULT FROMADDR
+      sendtime   = DEFAULT SENDTIME   # seconds
+      resendtime = DEFAULT RESENDTIME # seconds
+      maxlines   = DEFAULT MAXLINES   # number of lines
+      template   = DEFAULT TEMPLATE   # filename or path
+      sendmail   = DEFAULT SENDMAIL   # path to executable with arguments
+      mailto     = DEFAULT RECIPIENT  # new to log2mail.rb
+      # awkward, not recommended, but possible:
+      pattern    = DEFAULT PATTERN    # this pattern would be applied to every file
+      mailto     = DEFAULT RECIPIENT for previous DEFAULT PATTERN
+
+    # one or more file sections follow
+    file = FILENAME
+
+      # each file can have one or more patterns
+      pattern = PATTERN
+
+        # each pattern can have one or more mailto recipients
+        # each recipient gets its own mailto=... statement
+        mailto = MAIL
+
+          # every option NOT stated here is supplied from defaults
+          fromaddr   = ...
+          sendtime   = ...
+          resendtime = ...
+          maxlines   = ...
+          template   = ...
+          sendmail   = ...
+
+    # "include" includes the contents of file at the exact place of the
+    # include statement
+    include = PATH TO FILE
+
+Note that indentation is done for readability purposes only.  It serves no role syntactically.
+
+Splitting the configuration into multiple files is possible, and convenient when using automation tools to distribute settings.  In opposition to classic log2mail, with `log2mail.rb` it does not matter at which place the `defaults` section is parsed.  Keep in mind though, that later definitions may override earlier ones. In that case a warning is logged.
+
+## CONFIGURATION (NEW-STYLE)
+
+None (yet).  More features might warrant a new configuration syntax.
+
+## SECURITY CONSIDERATIONS
+
+It is neither necessary nor recommended to run this software as root.
+
+## BUGS
+
+Configuration options `sendtime`, `resendtime`, `maxlines` not implemented yet.  Every match produces a single mail which is sent out immediately - which could produce a lot of mails.
+
+## HISTORY
+
+December 2014:
+This software is not feature-complete and in pre-release testing.
+
+## AUTHOR
+
+Markus Strauss <<log2mail@dev.sieb.mx>>
+
+## THANKS
+
+Many thanks to Michael Krax for writing the classic **log2mail** in the first place.
+
+## SEE ALSO
+
+Documentation for the classic log2mail software by Michael Krax:
+
+  * log2mail(8), log2mail.conf(5)
+  * [Configuration notice from the Debian project]( https://raw.githubusercontent.com/lordlamer/log2mail/e6beb36644ce74639cbc453e664a08ed15f138b9/Configuration)