HPE Community
Operating System - HP-UX
1834496 Members
2781 Online
110067 Solutions
New Discussion

Re: script to monitor syslog.log

 
Philip J. Priest_1
Frequent Advisor

‎01-27-2004 07:49 AM

‎01-27-2004 07:49 AM

script to monitor syslog.log

my 1 liner isnt working like it should:
cat syslog.log | grep -i "err|warn|unable|panic|crit|fail|lbolt"

not finding lbolt and its in syslog.

any hints to what im doing wrong?
0 Kudos
Reply
8 REPLIES 8
Olivier Drouin
Trusted Contributor

‎01-27-2004 07:56 AM

‎01-27-2004 07:56 AM

Re: script to monitor syslog.log

I've been able to grep for "registrar" or "lvlnboot" by :

cat syslog.log | awk '/registrar|lvlnboot/ { print $0 }'

You will have to add something to ignore case or use awk's toupper() function.
0 Kudos
Reply
Helen French
Honored Contributor

‎01-27-2004 07:56 AM

‎01-27-2004 07:56 AM

Re: script to monitor syslog.log

Try this:

# cat syslog.log | grep -i -e err -e warn -e unable -e panic -e crit -e fail -e lbolt

This will list all lines contains any of these given words.
Life is a promise, fulfill it!
0 Kudos
Reply
Elena Leontieva
Esteemed Contributor

‎01-27-2004 09:01 AM

‎01-27-2004 09:01 AM

Re: script to monitor syslog.log

You should use egrep:

cat syslog.log | egrep -i "err|warn|unable|panic|crit|fail|lbolt"

Elena
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎01-27-2004 09:14 AM

‎01-27-2004 09:14 AM

Re: script to monitor syslog.log

Have a look at this thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=398447

The author is doing something very similar. The difference you will have is that you will want to omit the '-q' option to grep in your script.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-27-2004 09:43 AM

‎01-27-2004 09:43 AM

Re: script to monitor syslog.log

Hi,

This is extended expression and you can use -E to get it. You can also use -e and specify each word seperately but -E is my personal preference.

Try

grep -E -i "err|warn|unable|panic|crit|fail|lbolt" syslog.log

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Tim Medford
Valued Contributor

‎01-27-2004 09:47 AM

‎01-27-2004 09:47 AM

Re: script to monitor syslog.log

I just grep for vmnuix which always accompanies any warning or error from the O/S. The only problem is that after a reboot there's a couple hundred lines of vmunix messages. If you can ignore them for the day, it works ok after that.

Here's a script I use. It only looks at the errors from today forward:

#
# Initialize the variables that are to be used in this script.
#
C_DATE=`date +"%b %e"`
NOTIFY='youremail@yourdomain.com'
ux_errors="/tmp/ux_errors.lis"
tempfile="/tmp/tmp$$"

# Xtract current date records from alert file & scan it for ORA-errors.
sed -n "/^$C_DATE/,$ p" /var/adm/syslog/syslog.log > $tempfile
#
cat $tempfile | grep vmunix: > $ux_errors
#
# Variable LN_CNT initialized to the no. of lines in the ora_errors file.
#
LN_CNT=`wc -l < $ux_errors`
#
# If ora_errors file has lines in it, then mail is sent.
#
if [[ $LN_CNT -ge 1 ]]
then
echo "Importance: High\nTo: $NOTIFY\nSubject: vmunix Alert!! - saifprod \n\n <
` cat $ux_errors` " | /usr/sbin/sendmail $NOTIFY
fi

trap 'rm $tempfile' 0 2 3 15

Regards, Tim
0 Kudos
Reply
Philip J. Priest_1
Frequent Advisor

‎01-28-2004 08:41 AM

‎01-28-2004 08:41 AM

Re: script to monitor syslog.log

to improve the script, what kinda of logic would i need to make the script after i got > 3 notification to not notifiy me again?
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-28-2004 10:35 AM

‎01-28-2004 10:35 AM

Re: script to monitor syslog.log

Hi,

It's going to be a bit of interesting logic.

1. Move the existing new_file as old_file. Create a new file new_file from your grep command.
2. Compare old_file and new_file. You can use 'comm -3 old_file new_file'. If there is a difference, then output the difference to a file called "results". If there is no difference then do none.
3. Update another file say counter. Increment the number in it if there is no difference. If the number is less than three then mail the file 'results'. If the number is greater than 3, then do nothing.
4. If there is a difference between old_file and new_file, overwrite the results file with the output from comm -3. Reset the number in the file counter back to 1.

Repeat the above procedure. You will always see a cumulative file old_file and the new entries in the file results. There may be other things you need to check like if the syslog is zeroed out or if it is not there etc., etc., But the above may get you a basic clue on how to formulate the script.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.