HPE Community
Operating System - HP-UX
1753802 Members
8026 Online
108805 Solutions
New Discussion юеВ

Re: In need of a script -

 
SOLVED
Go to solution
Rob Johnson_3
Regular Advisor

тАО07-14-2006 05:29 AM

тАО07-14-2006 05:29 AM

In need of a script -

I have a number of CiscoWorks Campus Mgr servers that can send Syslog messages to 1 of 3 Syslog servers. IтАЩm trying to find a way to grep through the /var/log/rtrlog file every hour and email any messages from this file that have :%CISCOWORKS-CampusManager and LINK_TRUNK in the message. Getting something to run every hour is the easy part (just cron it). Having it email me the output is easy as well.

IтАЩm thinking the hard part is going to be not emailing messages that were emailed the previous hour.

Can someone help me put a script together that can do this? Oh yea, my scripting skills are very, very weak.

$ grep -i campus rtrlog|grep -i link_trunk
Jul 13 02:43:13 nmsccm05.kp.org 3124:2006 Jul 13 5:43:13 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcamosc1.oak.ca.kp.org,GigabitEthernet5/48],[10.236.45.4,6/24]
Jul 14 03:43:50 nmsccm06.kp.org 3683:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc133.str.ca.kp.org,GigabitEthernet0/1],[lcastrc1.str.ca.kp.org,3/4]
Jul 14 03:43:50 nmsccm06.kp.org 3685:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc121.str.ca.kp.org,GigabitEthernet0/1],[lcastrc1.str.ca.kp.org,3/3]
Jul 14 03:43:50 nmsccm06.kp.org 3687:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc118.str.ca.kp.org,GigabitEthernet0/2],[lcastrc2.str.ca.kp.org,3/2]
Jul 14 03:43:50 nmsccm06.kp.org 3688:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc151.str.ca.kp.org,GigabitEthernet0/1],[lcastrc1.str.ca.kp.org,3/5]
Jul 14 03:43:50 nmsccm06.kp.org 3690:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc154.str.ca.kp.org,GigabitEthernet0/2],[lcastrc2.str.ca.kp.org,3/5]
Jul 14 03:43:50 nmsccm06.kp.org 3692:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc139.str.ca.kp.org,GigabitEthernet0/2],[lcastrc2.str.ca.kp.org,3/7]
Jul 14 03:43:50 nmsccm06.kp.org 3693:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc124.str.ca.kp.org,GigabitEthernet0/2],[lcastrc2.str.ca.kp.org,3/3]
Jul 14 03:43:50 nmsccm06.kp.org 3694:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc1.str.ca.kp.org,3/8],[lcastrc143.str.ca.kp.org,GigabitEthernet0/1]
Jul 14 03:43:50 nmsccm06.kp.org 3695:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc116.str.ca.kp.org,GigabitEthernet0/1],[lcastrc1.str.ca.kp.org,3/2]
Jul 14 03:43:50 nmsccm06.kp.org 3696:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc135.str.ca.kp.org,GigabitEthernet0/2],[lcastrc2.str.ca.kp.org,3/4]
Jul 14 03:43:50 nmsccm06.kp.org 3700:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc138.str.ca.kp.org,GigabitEthernet0/1],[lcastrc1.str.ca.kp.org,3/7]
Jul 14 03:43:50 nmsccm06.kp.org 3701:2006 Jul 14 6:43:50 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_TRUNK:[lcastrc2.str.ca.kp.org,3/8],[lcastrc142.str.ca.kp.org,GigabitEthernet0/2]
$
0 Kudos
Reply
30 REPLIES 30
Victor Fridyev
Honored Contributor

тАО07-14-2006 06:09 AM

тАО07-14-2006 06:09 AM

Solution

Re: In need of a script -

Hi,

The simplest way, IMHO, is to copy log file onto another file after each cron running, i.e.

LOGF=var/log/rtrlog
BACKLOG=var/log/rtrlog.bck
MAILF=/tmp/$$
grep -e ":%CISCOWORKS-CampusManager -e LINK_TRUNK $LOGF > $MAILF
if [ -s $MAILF ]; then
cat $MAILF | mailx -s subject your@address
fi
cat $LOGF >> $BACKLOG
>$LOGF

By this way you begin with empty file after each the script running

HTH
Entities are not to be multiplied beyond necessity - RTFM
Reply
Mark Fenton
Esteemed Contributor

тАО07-14-2006 07:26 AM

тАО07-14-2006 07:26 AM

Re: In need of a script -

Another approach that doesn't involve copying the logs:

#!/bin/sh

my_mon=`date +%b`
my_day=`date +%d`
my_hr=`date +%H`

if [ $my_day -lt 10 ]
then
my_date="$my_mon $my_day $my_hr"
else
my_date="$my_mon $my_day $my_hr"
fi
grep ^"${my_date}" rtrlog|grep -i cisco|grep -i link_trunk


inelegant, perhaps, but quick and easy to understand.
Reply
Mark Fenton
Esteemed Contributor

тАО07-14-2006 07:46 AM

тАО07-14-2006 07:46 AM

Re: In need of a script -

the pair my_date lines don't look quite right in proportional font -- there should be an extra space where the day of the month is less than 10.

Reply
Rob Johnson_3
Regular Advisor

тАО07-14-2006 07:50 AM

тАО07-14-2006 07:50 AM

Re: In need of a script -

You guys are both awesome!!

I'm not able to get to either of the 3- servers at the moment but will let you know which route I choose to use and if I have any problems.

Again, Thanks so much!!!!!!!!!!!!!!!!!!!!!!!!!!
0 Kudos
Reply
Rob Johnson_3
Regular Advisor

тАО07-14-2006 07:59 AM

тАО07-14-2006 07:59 AM

Re: In need of a script -

I'm not sure I understand what your saying when you say

"the pair my_date lines don't look quite right"

Can you elaborate?
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

тАО07-14-2006 08:22 AM

тАО07-14-2006 08:22 AM

Re: In need of a script -

in the first line with my_date=...
there should be two spaces between ${my_mon} and ${my_day}, whereas in the second there should only be one.

I guess the posting algorhythm on this site removes "extra" spaces in some lines of text.

Reply
Rob Johnson_3
Regular Advisor

тАО07-14-2006 08:30 AM

тАО07-14-2006 08:30 AM

Re: In need of a script -

Gotcha...

Thank you!!

'Not sure I quiet understand it but, like I said, I'm not programmed to be a programmer!

I'll be able to try this out later this afternoon or 1st thing tomorrow.

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО07-14-2006 08:50 AM

тАО07-14-2006 08:50 AM

Re: In need of a script -

I have a better idea and it doesn't involve copying files. Let's create a "watchfile" that consists of one 1 having 2 data values: SYSLOG_PID LAST_LINE

If that file is not found or if the PID of the current executing syslogd daemon doesn't match the stored value then we start the syslog.log scan at line 1 otherwise we start at LAST_LINE + 1.

At the end of our scan, we rewrite the "watchfile" and we are ready for the next invocation.
---------------------------------------
#!/usr/bin/sh

typeset TDIR=${TMPDIR:-/var/tmp}
typeset INFILE="/var/adm/syslog/syslog.log"
typeset WATCHFILE=${TDIR}/Syswatch.dat
typeset A1=${TDIR}/X${$}_1.awk


trap 'eval rm -f ${A1}' 0 1 2 3 15

get_syslogd_pid()
{
typeset -i PSTAT=0
typeset -i SPID=$(UNIX95= ps -Csyslogd -o pid=)
PSTAT=${?}
echo "${SPID}"
return ${PSTAT}
} # get_syslogd_pid

# if syslogd's PID does not match the stored value
# or the watchfile is not found or syslogd is not running
# then read syslog from beginning else start at stored line + 1

cat << !EOF! > ${A1}
{
while (NR < begin_line) next;
if (\$0 ~ "%CISCOWORKS-CampusManager.+LINK_TRUNK")
{
printf("%s\n",\$0)
}
}
END {
printf("%d %d\n",pid,NR) > wfile
}
!EOF!

typeset -i BEGIN_LINE=1

typeset -i OLDPID=-1
typeset -i OLD_LINE=0

typeset -i STAT=0
typeset -i CURRPID=$(get_syslogd_pid)
STAT=${?}
if [[ ${STAT} -eq 0 && ${CURRPID} -gt 0 ]]
then
if [[ -r "${WATCHFILE}" && -s "${WATCHFILE}" ]]
then
read OLDPID OLD_LINE < "${WATCHFILE}"
if [[ ${OLDPID} -eq ${CURRPID} ]]
then
BEGIN_LINE=$((${OLD_LINE} + 1))
fi
fi
fi

awk -v begin_line=${BEGIN_LINE} \
-v pid=${CURRPID} -v "wfile=${WATCHFILE}" -f "${A1}" "${INFILE}"
STAT=${?}
exit ${STAT}
------------------------------------------

All you have to do is capture the stdout of this script and send it to mail and you are done.
If it ain't broke, I can fix that.
Reply
Rob Johnson_3
Regular Advisor

тАО07-14-2006 09:22 AM

тАО07-14-2006 09:22 AM

Re: In need of a script -

I wasn't able to follow what A. Clay Stephenson is talking about. If I have to, I will try his method.

I tried the other method and looks like something is wrong.


*******************************************
$ cat syslogwatch.sh
#!/bin/sh
set -x
my_mon=`date +%b`
my_day=`date +%d`
my_hr=`date +%H`

if [ $my_day -lt 10 ]
then
my_date="$my_mon $my_day $my_hr"
else
my_date="$my_mon $my_day $my_hr"
fi
grep "${my_date}" /var/log/rtrlog|grep -i campus
$


Here's the output with set -x
$./syslogwatch.sh
+ date +%b
my_mon=Jul
+ date +%d
my_day=14
+ date +%H
my_hr=14
+ [ 14 -lt 10 ]
my_date=Jul 14 14
+ + grepgrep Jul 14 14 /var/log/rtrlog
-i campus
$

I know there is something in the file because...

$ grep -i campus /var/log/rtrlog
Jul 12 03:37:48 nmsccm06.kp.org 26:2006 Jul 12 6:37:48 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_MULTI:[10.246.222.50,GigabitEthernet0/2], [lcamanc2.ca.kp.org,8/13]
Jul 12 03:37:48 nmsccm06.kp.org 37:2006 Jul 12 6:37:48 EDT:%CISCOWORKS-CampusManager-5-DCRP_LINK_MULTI:[lcamanc1.ca.kp.org,9/6], [lcamanc38-ter.ca.kp.org,GigabitEthernet0/1]


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.