[lug] simple log watching tool?

David Morris lists at morris-clan.net
Mon Jul 22 16:25:09 MDT 2002 

On Mon, Jul 22, 2002 at 03:03:27PM -0600, Bryan Field-Elliot wrote:
> Hi,
> 
> I'm looking for a simple (in other words, up and running in a few
> minutes) log watching tool (or technique) for linux.. Nothing
> complicated.. Ideally, I'd like to "tail" some files, and whenever a
> line appears which matches some "grep" expression (or some similar
> mechanism), shoot me an email with a copy of that line. 
> 
> My needs are that simple and I'd like to avoid any complex log analysis
> tools, etc.

Why not do exactly as you describe above, and use tail/grep?

Create a file, add one regular expression per line, and use tail/egrep:

Filename:  foo.egrep
-------------------- FILE CONTENTS --------------
CONNECT
syslogd.*restart
pptpd
-------------------END FILE --------------------

Then, simply run the command (create an alias):

    sudo tail -f /var/log/messages | egrep -f foo.egrep

As you mention wanting to be emailed a copy of such lines as are above,
this is still trivial to create a shell script that will search the log
files (without using -f), time-limit the matches by grepping against the
time tag, and emailing off the results if there are any.  Then simply
put the script in a cron job for whatever frequency you desire, and
perhaps create a file in /etc that lists the last time that file was
checked (and thus from when new messages should be looked for).  With
only a few more lines in the script, you could also check to see if the
log file has rolled over since the last time you checked, and look also
in <file>.0 for relevant messages.  (note, log-file rollover could also
be a problem in the 'tail -f' solutions, but I believe there is a cron
job for log rotation, or some similar method, that would allow you to
reset the file being tailed whenever the file is rotated).

Of course, you could always get more and more complex, such as using
tail -f | grep > <some_pipe>, then have a program attached to the other
end of that pipe reading data in and sending it out to you...but that
requires a bit more knowledge, though there might be a tool to do that
already.

--David

More information about the LUG mailing list