Monitor Asterisk with Logwatch

Mark Berry February 18, 2012

How can I be notified when Asterisk reports issues in its logs, e.g. if a connection is lagged? One way is to include the Asterisk logs in the logs that are monitored by Linux’s daily logwatch.

Setting up a logwatch on a new log can be a lot of work. Fortunately, Sebastian Szary has done most of the heavy lifting for us, publishing his script and configuration files in this thread.

I’ve taken those files and added a few enhancements (see comments in the files marked “MCB”). You can download my modified version here:

To deploy, copy the contents of asterisk_logwatch.zip to /etc/logwatch on your Linux machine. When you are done, your folder structure should look like this:

 

etc
| logwatch
|-- conf
|---- logfiles
|       asterisk.conf
|----
services
|       asterisk.conf
|--
scripts
|---- services
|       asterisk

 

Assumptions and Caveats

Changes to conf/logfiles/asterisk.conf

My version of Asterisk writes logs to /var/log/asterisk. The logs are named “full” and are rotated each morning around 4am. Each line bears a timestamp surrounded by [brackets]. This is apparently a non-standard format; the default logwatch date filtering (which should allow reading multiple logs and showing entries from Yesterday or Today) did not work. So the conf/logfiles/asterisk.conf is hard-coded to pull data from the most recent complete log, full.1.

If your Asterisk uses a different log name or rollover scheme, you’ll need to customize /conf/logfiles/asterisk.conf.

Update February 23, 2012 It turns out that anacron was running the daily logwatch script before rotating the logs, which meant I was getting Asterisk logs from two days ago. This is because the symlink to the logwatch script is named /etc/cron.daily/0logwatch. The leading “0” causes it to run before all other daily jobs. So I changed /etc/logwatch/conf/logfiles/asterisk.conf to pull the “full” file instead of “full.1”. I’ve updated the file in asterisk_logwatch.zip accordingly.

Changes to scripts/services/asterisk

With the help of a Perl guru (*), I made several changes to the Perl script that selects lines to be included in the report. The script is named scripts/services/asterisk. One of my changes sorts the lines in each report category. Usually this will put lines in chronological order, but because the lines have textual dates, when the month changes, you may see days out of order, e.g. “Apr 01” will be listed before “Feb 29”.

When you restart Asterisk, including by rebooting the server, Asterisk generates lots of warnings, all of which will arrive in the next logwatch email. You could go in to the scripts/services/asterisk script and add each warning to the list of messages to ignore, but I figured since I rarely restart Asterisk, it’s not worth the effort.

One change that is intentional but not immediately intuitive is that I added “is now Reachable” to the list of messages that are included in the “Unreachable or Lagged” report section. I like this because once a connection is lagged or unreachable, I want to know when it becomes reachable again.

Feel free to add to or delete from the /scripts/services/asterisk script to customize it for your installation. You should at least look through the script to see all the Asterisk stuff it does and doesn’t trap for logwatch.

Testing

To test the logwatch including sending the email, run this command:

/etc/cron.daily/0logwatch

Another Example

For another logwatch example, see this post:

Linux Daily Delete Job with Logwatch

(*) My brother Craig Berry has a Perl “commit bit” which means he can make changes to the language itself. He’s made 2368 changes as of this morning!


Please use the lower comment form while we work out a formatting issue.





Leave a Reply

Your email address will not be published. Required fields are marked *

*

Notify me of followup comments via e-mail. You can also subscribe without commenting.