HPE Community
Operating System - HP-UX
1833012 Members
3197 Online
110048 Solutions
New Discussion

Script to Monitor log for ERROR and mail me

 
SOLVED
Go to solution
Sammy_2
Super Advisor

‎07-02-2002 06:58 AM

‎07-02-2002 06:58 AM

Script to Monitor log for ERROR and mail me

How would I can write a script in UNIX to constantly monitor a (syslog.log) log file for the word "ERROR or WARN" and mail me the line of the error if the script finds the "ERROR" in the log.

I know I can use some combination of these command : "tail -f syslog.log" along with
"egrep -i 'ERROR|WARN' | mail -s "SYSLOG ERROR" myself@domain.com" but do not
know how to put it in a script and to run 24 by 7.
Any other sugges. are welcome
Thanks a lot.
good judgement comes from experience and experience comes from bad judgement.
0 Kudos
Reply
6 REPLIES 6
Kevin Carroll
New Member

‎07-02-2002 07:19 AM

‎07-02-2002 07:19 AM

Re: Script to Monitor log for ERROR and mail me

Try using Swatch.
http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎07-02-2002 07:27 AM

‎07-02-2002 07:27 AM

Re: Script to Monitor log for ERROR and mail me

Ribus,
Running the grep command above will result in a number of bogus pages. The grep command above doesn't track what messages it has sent a page for or not. So if you run that command 24x7, you'll be paged 24x7!!

The best way is to use an application that is set up specifically to accomplish this task so that you are not using that grep command constantly.

HP's IDS and/or ITO handles this as well as 3rd party apps like big brother.
ids: http://www.hp.com/products1/unix/operating/security/

big brother:
http://www.bb4.com

Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Nick Wickens
Respected Contributor

‎07-02-2002 07:32 AM

‎07-02-2002 07:32 AM

Solution

Re: Script to Monitor log for ERROR and mail me

Hi there

I wrote the attached script to check for the words "Performed a switch|POWERFAILED" in the syslog and then email me if it occurs but ensuring that I am only informed once.

Please feel free to borrow it.
Hats ? We don't need no stinkin' hats !!
Reply
Dave Chamberlin
Trusted Contributor

‎07-02-2002 09:43 AM

‎07-02-2002 09:43 AM

Re: Script to Monitor log for ERROR and mail me

You could run something like this script in a cron job, say every 10 minutes. It is only looking at the part of the log created since the last time the script was run and would email you the first error if found. You have to precreate the file newcount (echo 0 > newcount) before starting. I echo statements can be uncommented for debugging

-------------------------
#save the old linecount for syslog...
mv newcount oldcount

#save the new linecount for syslog in our file...
wc /var/adm/syslog/syslog.log | awk {'print $1'} > newcount

#get the new linecount for syslog into a variable...
NEWCOUNT=`wc /var/adm/syslog/syslog.log | awk {'print $1'}`

#echo $NEWCOUNT

#get the old linecount for syslog from our file...
OLDCOUNT=`cat oldcount`

#echo $OLDCOUNT

#subtract the linecounts to get a number for tail...
MM=`expr $NEWCOUNT - $OLDCOUNT`

#echo $MM

#tail the log and get the count of error lines...
ECOUNT=`tail -$MM /var/adm/syslog/syslog.log | grep peer | wc | awk {'print $1'}`
#echo $ECOUNT " errors detected"


#if the number of errors is > 1 then send you email...
if expr $ECOUNT \> 1
then
#get the first message with the error...
EMSG=`tail -$MM /var/adm/syslog/syslog.log | grep peer | head -1`
#echo "first error was " $EMSG
echo $EMSG | mailx -s "error detected" you@your_email_address
fi
0 Kudos
Reply
Dave Chamberlin
Trusted Contributor

‎07-02-2002 11:29 AM

‎07-02-2002 11:29 AM

Re: Script to Monitor log for ERROR and mail me

Oops - a correction - the "grep peer" statement in the above script was a test for my log - you would grep for ERROR or whatever...

Dave
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎07-02-2002 11:37 AM

‎07-02-2002 11:37 AM

Re: Script to Monitor log for ERROR and mail me

HP Openview Operations (aka OVO/VPO/ITO/OpC) can be set up to do this automatically. (This assumes you have OVO installed. :-) )

Marty
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.