
README/INSTALL for log_analysis

log_analysis works with perl5.6,1 to perl5.8.0.  If you're running
anything much older, either upgrade or don't run log_analysis.  :)
Similarly, log_analysis was written for Linux and Solaris 2.6-7, and
is known to work under OpenBSD 2.4-2.9 and HP-UX B.10.20 A 9000/800.
If you run it on another OS, please let me know how it goes.  Base
functionality requires no additional perl modules.  If you want gui
mode, you'll need Tk, preferably 800.024 or later to avoid a known
bug.

To install, run the usual:
./configure && make
su -c 'make install'

For documentation, see the sample configs and tutorial in doc, read the 
manpage, run log_analysis -h, and run log_analysis -I internal_config.

You can subscribe/unsubscribe to the mailing list by sending a message
with the body "subscribe" or "unsubscribe" to:
log_analysis-request@frakir.org

The "INCOMPAT" file lists differences incompatible with previous 
public releases.

Notes (important):

- The default config for log_analysis reflects what my logs usually
  have.  Your logs are likely to be a different.  In particular,
  you'll probably want to have a local config file
  (ie. /usr/local/etc/log_analysis.conf) with appropriate logtype:,
  pattern:, format:, and dest: statements.  The -U option is intended
  to make this step easier, by only outputting the log messages that
  are unknown to the current config.

- On some systems, you have to be root to read some log files.  If you
  don't have permission to read some of the logs that are read implicitly,
  log_analysis will silently skip them.  To be sure that all the logfiles
  are read, specify them on the command line (ie. log_analysis
  /var/log/syslog*) or set required_log_files in the config.

- It is customary to regularly "rollover" log files.  Many log file
  formats don't include year infomation; among other benefits, rollover
  makes the dates in such logfiles unambiguous.  log_analysis by
  default looks for log lines that match a particular day of the year,
  but does not even try to guess the year.  If the OS you're using
  doesn't rollover some logfiles by default (ie. Solaris doesn't
  rollover /var/adm/wtmpx, /var/adm/wtmp, or /var/adm/sulog), you will
  need to rollover these files yourself to get valid output from this
  program.

