Documentation for "expecto"

Download the whole documentation as one plain text file


1. Introduction and License

1.1. What is "expecto"?

Very short answer: Do you get many e-mail messages from cron jobs? Are you tired of reading through them, but you still don't want to miss any important piece of information? Then expecto is for you. See the "Examples" section below.

Short answer: The purpose of expecto is to get rid of messages from cron jobs that don't contain anything important. It works by comparing the cron job's output with a specially formatted template file. If the output matches the template, then expecto doesn't generate any output, so no email message is sent. If the output does not match the template, the message is delivered as usual (in whole or in part, depending on options and template statements).

Long answer ...

FreeBSD has a habit to run a cron job every night that produces roughly 150 lines of output (sometimes much more, depending on what is configured in /etc/periodic.conf). This is called the "daily run output" that is mailed to root.

Basically that's a good thing, because it contains a lot of useful status information, such as network interfaces, file system allocation, mail queues and so on. In particular, it also contains important security information, for example changes in files that have an "s" bit (setuid or setgid). It also includes output from the portaudit tool if it's installed (which is strongly recommended), enumerating all packages that have known security vulnerabilities and that require updating.

However, the problem is that you soon get tired of reading those mails. If you read the same (or similar) 150 lines every day, you won't do that carefully for long. One day you might even drop them into /dev/null right away. And even if you still read them, chances are that you will miss an important difference one day.

This is were expecto comes into play. It works as a filter that reads the output of your cron job and decides which part of the output -- if any -- should be preserved and mailed to you. Of course, it doesn't only work with FreeBSD's daily run output, but basically with every cron job. It can even be used for other types of output that doesn't necessarily come from cron jobs.

Examples

Here's a real life example of how expecto is working. This example demonstrates how expecto can be used to reduce or even eliminiate the output from the "daily run" periodic cronjob.

Of course, it's up to you to decide which reports you want to see and which things you're not interested in. For example, if you don't care about "BAD SU" messages, you can easily change the expecto template to get rid of them.

Limits and Restrictions

The expecto utility always reads its input (i.e. your cron job's output) completely into memory before starting to process it. This has two implications:



[Valid XHTML 1.0]