HPE Community
Operating System - HP-UX
1834080 Members
2408 Online
110063 Solutions
New Discussion

script to scrap a log file and email when certain messages are received -

 
SOLVED
Go to solution
Rob Johnson_3
Regular Advisor

‎11-23-2007 11:26 AM

‎11-23-2007 11:26 AM

script to scrap a log file and email when certain messages are received -

I realize this is not a scripting forum but I've always came away from the IT resource forum with working solutions.

Here's what I would like to do.

I would like a script I can cron to run every 15 minutes that scrapes a syslog file looking for any new lines received containing the text "%OSPF-5-ADJCH:". If received I would like to use the unix mail command to send an email.

Any suggestions would be greatly appreciated.

0 Kudos
Reply
9 REPLIES 9
skt_skt
Honored Contributor

‎11-23-2007 11:54 AM

‎11-23-2007 11:54 AM

Re: script to scrap a log file and email when certain messages are received -

here is how i do grep from syslog.

just an example.. a afew lines from one of my scripts.


echo "start grepping syslog"
#tail -l 1 -f /var/adm/syslog/syslog.log |grep -q "Accepted keyboard-interactive/pam for kumarts from 146.181.244.31"
echo "syslog grep completed ate `date`" >>/home/kumarts/syslog_grep
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎11-24-2007 03:03 AM

‎11-24-2007 03:03 AM

Solution

Re: script to scrap a log file and email when certain messages are received -

Hi,

if you have HP-Openview, use the logfile encapsulator. For a home grown solution, use that as a template - you'll probably need some error checking added.

#!/usr/bin/sh # or ksh
# remember the last linenumber already processed into a file
# depending on the existence and content of this file start the search for your string
log=/var/adm/syslog/syslog.log
linefile=$log.lf
loglines=$(wc -l <$log)
if [ -s $linefile ]
then
st_line=$(<$linefile)
case $st_line in
*[!0-9]*) st_line=1 # illegal content of linefile
;;
esac
else st_line=1
fi

if [ $st_line -gt $loglines ]
then st_line=1 # logfile has been rewritten
elif [ $st_line -eq $loglines ]
then exit 0 # nothing has changed
fi
# do NOT go to the end of the file - it may have changed while running that script!
awk -v beg=$st_line -v fin=$loglines 'NRNR>fin {exit}
/%OSPF-5-ADJCH:/' $log >$log.newmsg

# Do not send empty mails
if [ -s $log.newmsg ]
then mailx -s LogfileAlert user@dom.ain <$log.newmsg
fi
print $loglines >$linefile

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
Rob Johnson_3
Regular Advisor

‎11-24-2007 04:19 AM

‎11-24-2007 04:19 AM

Re: script to scrap a log file and email when certain messages are received -

I saw a Unix tip on the link below that looks very easy but I must have the syntax or something wrong.

See tip #51 on http://blog.kowalczyk.info/articles/unixTips.html

TIP 51:
Actively Monitor a File and Send Email when Expression Occurs.
This is a way to monitor "/var/log/messages" or any file for certain changes.
The example below actively monitors "stuff" for the work "now" and as soon as
"now" is added to the file, the contents of msg are sent to the user
mikechirico@hotmail.com
$ tail -f stuff | \
awk ' /now/ { system("mail -s \"This is working\" mikechirico@hotmail.com < msg") }'

IS ANYONE ABLE TO MAKE THIS WORK? IF SO, I THINK THIS COULD BE A SOLUTION.
0 Kudos
Reply
Rob Johnson_3
Regular Advisor

‎11-24-2007 04:25 AM

‎11-24-2007 04:25 AM

Re: script to scrap a log file and email when certain messages are received -

Peter,
I don't have OpenView installed.

Could I just use the script you submitted in your posting?

If so, what changes would I need to make it work?

How would the script email a user like user57@hotmail.com when and %OSPF-5-ADJCHG: line appeared in the /var/log/rtrlog file
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-24-2007 04:41 AM

‎11-24-2007 04:41 AM

Re: script to scrap a log file and email when certain messages are received -

>How would the script email a user like user57@hotmail.com when a %OSPF-5-ADJCHG: line appeared in the /var/log/rtrlog file

Change "log=" to your filename.
Change user@dom.ain to your alias.
"%OSPF-5-ADJCHG:" seems to be there.
Reply
Rob Johnson_3
Regular Advisor

‎11-24-2007 05:15 AM

‎11-24-2007 05:15 AM

Re: script to scrap a log file and email when certain messages are received -

So the script below should work?

If the /var/log/rtrlog file receives an %OSPF-5-ADJCHG: message, someuser@somewhere.com would be mailed the contents of the file log.newmsg?

#!/usr/bin/sh
# remember the last linenumber already processed into a file
# depending on the existence and content of this file start the search for your string
log=/var/log/rtrlog.log
linefile=$log.lf
loglines=$(wc -l <$log)
if [ -s $linefile ]
then
st_line=$(<$linefile)
case $st_line in
*[!0-9]*) st_line=1 # illegal content of linefile
;;
esac
else st_line=1
fi

if [ $st_line -gt $loglines ]
then st_line=1 # logfile has been rewritten
elif [ $st_line -eq $loglines ]
then exit 0 # nothing has changed
fi
# do NOT go to the end of the file - it may have changed while running that script!
awk -v beg=$st_line -v fin=$loglines 'NRNR>fin {exit}
/%OSPF-5-ADJCH:/' $log >$log.newmsg

# Do not send empty mails
if [ -s $log.newmsg ]
then mailx -s LogfileAlert someuser@somewhere.com <$log.newmsg
fi
print $loglines >$linefile
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎11-24-2007 06:21 AM

‎11-24-2007 06:21 AM

Re: script to scrap a log file and email when certain messages are received -

Hi Rob,

I think so - just try it!
You need write access in the directory /var/log - so the script will have problems if NOT running under the uid of root.
If you need to run this script as a non-priviled user, change

linefile=$log.lf
to
linefile=/tmp/${log##*/}.lf

mfG Peter

PS: I'm glad you managed to make the required changes :-)
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
Rob Johnson_3
Regular Advisor

‎11-24-2007 06:25 AM

‎11-24-2007 06:25 AM

Re: script to scrap a log file and email when certain messages are received -

'Just got home from work. 'Will try the script on Monday.

Thanks so much for your help Peter and anyone else who replied.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎11-25-2007 07:41 PM

‎11-25-2007 07:41 PM

Re: script to scrap a log file and email when certain messages are received -

Hi,

I just noticed the possibility of a duplicate message being sent, when the search string is found on the last line of a scan. To avoid this:
- change all statements
st_line=1
to
st_line=0

- change the primary condition in the awk from
NRto
NR<=beg {next}

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.