HPE Community
Operating System - HP-UX
1833873 Members
2149 Online
110063 Solutions
New Discussion

Log file new message monitoring

 
SOLVED
Go to solution
Allanm
Super Advisor

‎09-06-2007 05:44 AM

‎09-06-2007 05:44 AM

Log file new message monitoring


I need to look into a log file for this messages "file system full" and it should alert me if this message is seen which can be achieved rather easily but the problem is if this message has been posted to the log for a long time and I want to be alerted for any new message and not old ones which are already residing in the log file.

How do I achieve this.

Thanks,
Allan.
0 Kudos
Reply
8 REPLIES 8
Court Campbell
Honored Contributor

‎09-06-2007 05:52 AM

‎09-06-2007 05:52 AM

Re: Log file new message monitoring

I think it would make more sense to either setup esm to send you alerts on file system usage, or to write a script that is run via cron to check the file system usage and send alerts.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎09-06-2007 06:11 AM

‎09-06-2007 06:11 AM

Solution

Re: Log file new message monitoring

A simple log tracking script will work.
Here is the main idea of a simple script.

count lines in syslog.log
save this in a file for next time
check current line count with last line count
if different then use tail "-difference of above" syslog.log

If run through cron every 5,10 or 15 minutes it will give you all log entries since the last interval.

You can then be creative on what you want to alert for by using egrep with -vf and a exclude search file.

Reply
Allanm
Super Advisor

‎09-07-2007 02:45 AM

‎09-07-2007 02:45 AM

Re: Log file new message monitoring

Would this be a gud script for this or can u suggest improvements :

#!/usr/bin/ksh
. $HOME/.profile > /dev/null

grep "file system full" /var/adm/syslog/syslog.log > ~allanm/1
echo "Sleeping for 500 seconds"
sleep 500
grep "file system full" /var/adm/syslog/syslog.log > ~allanm/2

VAR1=`diff ~allanm/1 ~allanm/2|wc -l`

if [ ${VAR1} -gt 0 ]
then
mailx -s "check file system on b-box for space problems" allanm@tt.com < /dev/null
fi
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-07-2007 02:59 AM

‎09-07-2007 02:59 AM

Re: Log file new message monitoring

Hi Allan:

You script, as written, will run for one pass (of 500 seconds) only. Eliminate the 'echo' and you could create a cron job with something like:

#/usr/bin/sh
while true
do
...
if [ ${VAR1} -gt 0 ]; then
mailx -s "check file system on b-box for space problems" allanm@tt.com < /dev/null
sleep 500
done

Regards!

...JRF...
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎09-07-2007 03:06 AM

‎09-07-2007 03:06 AM

Re: Log file new message monitoring

Allan,

I appreciate your desire to tackle this yourself, and am pleased to see you post your own attempts vs asking 'the world' to solve your problem.

But as Court implies, this particular problem has been solved, and so much better so.

When the message 'File system full' appears, it is too late already!

There are several existing tools, freeware and formalware, which monitor disk space and a host of other conditions and will give early warning as well as alerts.

Unless your main goal is to learn scripting, be sure not to re-invent the wheel!

fwiw,
Hein.


0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-07-2007 03:07 AM

‎09-07-2007 03:07 AM

Re: Log file new message monitoring

Hi (again) Allan:

Sorry, I meant to suggest a startup script, not a cron job, since the amended script runs "forever".

Regards!

...JRF...
0 Kudos
Reply
Allanm
Super Advisor

‎09-07-2007 04:56 AM

‎09-07-2007 04:56 AM

Re: Log file new message monitoring


Yes Hein I am learning shell scripting so any help is welcome , I want to move to df -k solution where if the threshold is greater than 85% then I need to get notified ( but only ONCE as soon as any file system becomes more than 85% ) ... I want to achieve this through a shell script .
0 Kudos
Reply
Sandman!
Honored Contributor

‎09-07-2007 06:05 AM

‎09-07-2007 06:05 AM

Re: Log file new message monitoring

The bdf solution is better than scanning a logfile which is wrought w/ problems apart from being not proactive. With the script you can define warning, alert and critical stages when the email should be sent. See the script below if it'll do or change it.

bdf |
awk '{NF==1?getline n:n="";print $0n}' |
awk 'z[split($5,z,"%")-1] > 90' |
mailx -s "Filesystem > 90%" abc@xyz.com

Bill Hassell has a great script which might be exactly what you're looking for.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1124262&admit=-682735245+1189187355844+28353475
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.