HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

tail -f file | mailx the output to me

 
SOLVED
Go to solution
Sammy_2
Super Advisor

tail -f file | mailx the output to me

I need to monitor sulog and email me when someone (samuel) switches to another user.


This does not work
==================

tail -f /var/adm/sulog | \awk ' /samuel/ { system ("mailx -s \"This works\" subir01@dom.com")}'


from sulog below
=========
SU 11/12 15:31 + pts/1 samuel-escript
good judgement comes from experience and experience comes from bad judgement.
10 REPLIES
OldSchool
Honored Contributor

Re: tail -f file | mailx the output to me

I think you're going to need another approach.

The "-f" option of tail "follows" the file. As far as I know, that means one of that the "tail" never completes, and thus can't pipe the output to the awk stuff

one other way to accomplish is is to do something along the lines of the following:

a) find / copy all of the relevant SU's for samuel to a file (fileB)

b) periodically repeat the above, but to a different file (fileB)

c) remove all entries from fileB that appear in fileA to yet another file (fileC).

d) if fileC is not blank, e-mail it.

e) copy fileB over fileA

f) repeat at whatever interval you need via cron....
OldSchool
Honored Contributor

Re: tail -f file | mailx the output to me

actual in (a) above, that should be "fileA"...

Michael Steele_2
Honored Contributor

Re: tail -f file | mailx the output to me

Hi

tail -f will never succeed with a pipe because it needs operator intervention before completing, and not command following an uncompleted command will ever execute.

Think about a script with a series of 10 commands. The 2nd will not execute until the 1st has completed, nor will the 3rd until the 2nd has completed and so on.
Support Fatherhood - Stop Family Law
Sammy_2
Super Advisor

Re: tail -f file | mailx the output to me

Hmmh !!
Ok, Michael, I guess, I have to put something of a script like Oldschool mentioned. thanks Oldschool.

Some of my co-workers are using this perl script along with tail for other purposes which works great. Basically, it looks for patter "ERROR" and then prints and email last 3 lines before ERROR. you would run the command from cammand line as follows.
I am trying to work it to my likings.

Or maybe, just send me an email everytime something gets logged in sulog

#tail -f sulog | mon.pl &

#!/usr/bin/perl
## This is mon.pl script
while( <> ) {
push @bufferedline, $_;
shift @bufferedline if @bufferedline > 3;
next unless /ERROR/i;
open MAILER, "|mailx -s ' ERROR' abc\@xyx.com";
print MAILER @bufferedline;
print MAILER $_;
close MAILER;
}
good judgement comes from experience and experience comes from bad judgement.
James R. Ferguson
Acclaimed Contributor
Solution

Re: tail -f file | mailx the output to me

Hi Sammy:

You can do this with a bit of Perl along these lines. The idea is that we read until the end-of-file is reached, but then we cleare the EOF flag to allow reading again:

# cat ./mywatch
#!/usr/bin/perl
use strict;
use warnings;
use IO::Handle;
my $fh;
my $log = '/var/adm/sulog';
open( $fh, "<", $log ) or die "Can't open '$log': $!\n";
while (1) {
while (<$fh>) {
m/samuel/
&& system
qq(mailx -s "Event happened!" subir01\@dom.com /dev/null);
sleep 1;
$fh->clearerr();
}
}
1;

The script runs until killed.

Regards!

...JRF...
Sammy_2
Super Advisor

Re: tail -f file | mailx the output to me

JRF, seems like that is exactly what I want . But I tested like this but did not get email.
Is thsi how you are suppose to test it. ?

Called the script mon.pl and ran
#./mon.pl

#echo "this is samuel" >> sulog

# tail sulog
SU 11/10 10:40 + pts/5 hueycj5-escript
SU 11/12 15:31 + pts/1 vern003-escript
this is samuel
good judgement comes from experience and experience comes from bad judgement.
Michael Steele_2
Honored Contributor

Re: tail -f file | mailx the output to me

Hi

Lets see what the error is in /var/adm/syslog/mail.log

What happens with other emails? Do they work? For example

echo test | mailx -s "TEST" your@email
Support Fatherhood - Stop Family Law
Sammy_2
Super Advisor

Re: tail -f file | mailx the output to me

Thanks JRF ,
I got exactly what I need from you. Thanks To Mr. Steele as well letting me test the mailing.. I must have been doing something wrong not to get email but now I do. My apologies.

However, when I run mon.pl, it instantly sends me one email each based on # of lines consisting of "samuel" in /var/adm/sulog (like 3 emails in this case). I dont care about old entries.

How can I fix that ?

Also, I want the last line to be in the subject of email. I tried below,

so will this work in perl ( I am just cracking perl book) ?

$last_line=`tail -1 /var/adm/sulog`'
qq(mailx -s "$last_line" subir01\@dom.com /dev/null);



#grep samuel /var/adm/sulog

SU 1/11 15:31 + pts/1 samuel-escript
SU 2/6 15:31 + pts/1 samuel-escript
SU 11/16 6:31 + pts/1 samuel-escript
good judgement comes from experience and experience comes from bad judgement.
James R. Ferguson
Acclaimed Contributor

Re: tail -f file | mailx the output to me

Hi (again) Sammy:

> However, when I run mon.pl, it instantly sends me one email each based on # of lines consisting of "samuel" in /var/adm/sulog (like 3 emails in this case). I dont care about old entries. How can I fix that ? Also, I want the last line to be in the subject of email.

Both of these are easy to accommodate. After we open the file, we simply seek() to its end before beginning to read. As for adding the line read to the email subject that's done too, below. The line is in '$_':

# cat ./mywatch
#!/usr/bin/perl
use strict;
use warnings;
use IO::Handle;
my $fh;
my $log = '/var/adm/sulog';
open( $fh, "<", $log ) or die "Can't open '$log': $!\n";
seek( $fh, 0, 2 );
while (1) {
while (<$fh>) {
chomp;
m/samuel/
and system
qq(mailx -s "Event: $_" subir01\@dom.com /dev/null);
sleep 1;
$fh->clearerr();
}
}
1;

Regards!

...JRF...
Sammy_2
Super Advisor

Re: tail -f file | mailx the output to me

Very helpful as easy to understand suggestion. JRF.
your last suggestion works great as well. Now, I am trying to decipher your code with "O Reilly" perl book so I can tweak it for other purposes.

Thanks Sir.
good judgement comes from experience and experience comes from bad judgement.