	First thing you should do after install, is type "logtool -h" to see
the help on command line options.  I've included it below for your viewing
pleasure.
Command line options:
 -c [/path/config.file] = specify a config file other than 
	the default /usr/local/etc/logtool/logtool.conf
 -o [ ANSI | ASCII | CSV | HTML | RAW ]
  Output Format: ANSI (default), ASCII, CSV, HTML, RAW
 -t [ long | short ]
        Time display Format: (Long [default]) Mon Dy HH:MM:SS or (Short) HH:MM
 -b = beep on RED events (ANSI output only)
 -s = do not display the syslog "source" field
 -p = do not display the "program" field
 -i includefile
        File containing regex's for inclusion [default=/usr/local/etc/logtool/include]
 -e excludefile
        File containing regex's for exclusion [default=/usr/local/etc/logtool/exclude]
 -y yellowfile
        File containing regex's for yellow colorization [default=/usr/local/etc/logtool/yellow]
 -g greenfile
        File containing regex's for green colorization [default=/usr/local/etc/logtool/green]
 -v = verbose (does nothing currently)
 -V = print version and exit 

 -h = this help message


	Please take note, that on many non-Linux distributions of logtool, the
default paths of the various config files in places other than /usr/local/etc/logtool
(such as /usr/local/etc/).  However, since I don't think it appropriate to
type half a dozen possible paths each time I refer to one of the config files,
I shall use /usr/local/etc/logtool in this documentation.  You are responsible for
translating this notation to whatever the reality may be. :)

	Now, give it a try, and see what it does.  At the command prompt, type

tail /var/log/messages | logtool # or some other syslog generated file

	By default, logtool will ignore no messages, so you should have some
output on your screen in pretty ANSI colors (if your terminal does not support
the (mostly) standard escape sequences to alter colors, then you should switch
to one that does).  Also note, that unless it already exists, the logtool
binary (.exe to you DOS/Windows users who recently converted to UNIX), will be
symlinked to "lt".  So you can probably get the exact same results as above by
typing:

tail /var/log/messages | lt

	You may also need to specify a different logfile if your system does
not dump it's syslog files to /var/log/messages (it's in the /var/adm tree on
most *BSD's as I recall).

	You can experiment with the output options by typing:

tail /var/log/messages | logtool -o csv

	The output options are not case sensitive, so "-o CSV" should yield
the same result.  Try the other options as well (listed at the beginning of
this file).  Try some of the other options until you feel comfortable that
you know what to expect from the logtool program.

	Once you have a good grasp of the options, and what they do, open up
/usr/local/etc/logtool/logtool.conf in your favorite text editor, and set your
preferences to be the defaults.


        NOTE: If you're like me, and like to use 'less' to view your logtool
output, you probably want to use the -R switch to keep it from clobbering the
color escape sequences.  <thanks to Robert Huff for suggesting that I point
this out in the documentation>.


	Now, the color definition and regular expression files are something
you will want to customize as well.  An example of a color file is listed
below.

--cut--
# This file takes plain ole POSIX regex's, one per line (just like grep)

FTP session (opened|closed)
\(su\).*session (opened|closed)
--cut--

	NOTE: The strings you put in this file are _CASE SENSITIVE_.  Keep that
in mind as you build your own lists.

	Unlike the color definition files which only define certain strings of
text to be defined as a certain color/severity of log message, the include and
exclude files define log messages to include or exclude.  By default, nothing
is included, or excluded.  The logic of these two things can best be explained
by the following:

	include file = only include these log messages
	exclude file = include all log messages except for these

	You can use this logic go build your own boolean searches.  An example
script is listed below:

--cut--
#!/bin/sh

# mail a report to john_doe@somedomain.com
logtail /var/log/messages /var/log/secure |\
lt -o ascii -c /home/john/report.cfg -i /home/john/report.inc |\
mail -s "Your report" john_doe@somedomain.com

# mail a report as a CSV file to me@mydomain.com
tmpfile=/tmp/$RANDOM.$$.tempfile
logtail /var/log/messages |\
lt -o csv -e /home/me/report.exc > $tmpfile
mutt -a $tmpfile -s "Your report" me@mydomain.com


# EOF
--cut--

	In these examples, there are include and exclude files which have been
set up prior to running this script which contain the events relevant to the
user the report is being mailed to.  

	John's include file specify's that he only views events generated by 
(host1|host2), which contain the strings (error|warning).  He also has a
customized configuration file which alters the system-wide default behavior.

	Me's include file specifies that I only look at messages generated by
(host1), and that Me excludes events that contain (notice).

	You'll also notice, that the report is formated to each users 
preference.  John just likes a flat ASCII dump of the logfiles, whereas Me
likes a CSV file as an attachment so I can import it into my favorite
spreadsheet for easy manipulation/viewing.

	If you wrote a simple shell script similar to the one above, and put
it in /etc/cron.daily (or whatever your flavor of UNIX uses for such things),
you would have an instant daily report based on your logfiles show up in Me
and John's INBOX every day.

	Another example use would be something like the following:

--cut--
#!/bin/sh

# Generate a webpage of the logfiles
cat /var/log/messages | lt > /home/httpd/html/logs/index.html
 
# EOF
--cut--

	This will use the system defaults to generate a webpage for viewing
anytime you get in the mood to go look at your logfiles (assuming you have a
webserver configured to have access to /home/httpd/html/logs/).


	Pretty simple stuff, eh?  You can peruse the scripts in the ./examples/
subdirectory for more examples on uses of logtool.


	I'll also include some quick notes about the logtail program you saw
me using above.  It was written by Craig H. Rowland <crowland@psionic.com>, 
and comes with the Psionic Logcheck package (a very nice package by the way,
you should check it out).  It's a GNU program, so I snagged it for inclusion
in my logfile managment package, since it makes a nice companion to logtool.

	Logtail will read the specified file(s), and output their contents to
stdout.  It will also create a record of where the file ended, and will pick
up again at that point later when re-run.  Long story short, it's a lot like
"tail", with a memory.  :)  It's use is simple enough, I expect you'll get the
hang of it without me having to spell it out for you in this documentation.


	More documentation stuff will be written later, but this should be 
enough to get you going, and suffice to call "documentation" for these early
days of the logtool package.



