About
=====
The ceelog project provides libceelog, a library for receiving, filtering and
searching a stream or log of CEE/Lumberjack syslog records, and an associated
command-line tool, named ceelog.

The goal is to abstract the user from the backend storage (files, some kind
of local indexed storage, a remote database) and to provide efficient log
processing tools that can be used in applications and scripts for automated
log processing.

The project's home page is at https://fedorahosted.org/ceelog/ .

To get you started
==================
The ceelog(1) tool reads the "default" event source and outputs events matching
a filter.  Currently, the "default" event source is hardcoded to
/var/log/messages.

Example filters:
* A regex (matches the unstructured event text, or the "msg" field for
  CEE/Lumberjack structured events)
	ceelog '/DHCP/'
* A field comparison (matches a CEE/Lumberjack field)
	ceelog 'uid == "0"'
	ceelog 'uid != "0"'
	ceelog 'trusted!uid == "0"'
	ceelog 'username ~ /^guest-/'
	ceelog 'username !~ /^guest-/'
* A combination of the above
	ceelog 'trusted!uid == "0" && username ~ /^guest-/'

See the source code in src/ceelog.c for an example of a subset of the API.

Roadmap
=======
* Support best-effort saving/restoring the current position in a source.
* Add better support for JSON types.
* Implement MongoDB input source.
* Support searching directly in the input source (e.g. to evaluate the filter
  server-side).
* ceelog(1) improvements:
  - Input processing (e.g. output only the last N recent events)
  - Output formatting (e.g. only output some structured fields)
  - Statistics/table output (group matching events by one field, output counts)

Bugs
====
Please consider reporting the bug to your distribution's bug tracking system.

Otherwise, please report bugs at https://fedorahosted.org/ceelog/ .  Bug
reports with patches are especially welcome.
