Thank you for visiting!
My little window on internet allowing me to share several of my passions
Categories:
- OpenBSD
- High Availability
- vdcron
- My Sysupgrade
- FreeBSD
- Nas
- DragonflyBSD
- fapws
- Alpine Linux
- Openbox
- Desktop
- Security
- nvim
- yabitrot
- nmctl
- Tint2
- Firewall
- VPN
- Project Management
- Hifi
- Alarm
Most Popular Articles:
Last Articles:
Simple way to monitor a logfile
Posted on 2024-08-10 20:57:00 from Vincent in OpenBSD
On an old machine running and old BSD OS, I must trigger an email is some keywords are coming in a log file.
since this is a very old machine, installation of packages is no more possible.
This blog post will show a simple way I've did it with only shell script
Introduction
One of my friend is running OpenBSD 6.2 on a server. He does not want to upgrade is in a short term, but need urgent solution to trigger emails in case some elements are coming in a specific log file (Application log).
I'm sharing this small script because this could be helpful in several cases.
The goal here is not to find the most elegant solution (which will be a full upgrade), neither to shoot at him because this machine is in a very weird situation. But, at the opposite, to find a simple mechanism to allow a rudimentary monitoring of his application.
I'll will not investigate the option to extract the whole ecosystem of OpenBSD 6.2 and recompile on a labo machine so we can "push" on his machine the required new tools. This will take too much time and does not tackle the main task which is to replace this server by a new one running OpenBSD 7.5 (current version in August 2024).
How to catch new lines of a log file ?
Basically we want to trigger an email is we found some keywords in the logfile of this applications.
The problematic will be how to grep only the new lines added since the last check ?
The will come from tail.
Indeed, this command as the "-c" parameter which will perfectly match our needs.
tail -c 10 /var/log/application.log
With such command we will only get the last 10 bytes of this log file.
Watch script
#!/bin/sh
FILE=/var/log/application.log
ERROR=" typical error "
EMAILTO="info@myorganisation.com"
WAITINGTIME=30
size=$(ls -al $FILE | cut -d " " -f 8)
while true
do
newsize=$(ls -al $FILE | cut -d " " -f 8)
if [ "$size" != "$newsize" ]; then
delta=$(expr $newsize - $size)
res=$(tail -c $delta $FILE | grep -v "$ERROR")
if [ -n "$res" ]; then
echo "$res" | mail -s "Application log $(date)" $EMAILTO
fi
fi
size=$newsize
sleep $WAITINGTIME
done
Thanks to "tail -c", we catch the new characters added in the log file, we grep on it to see if there is the ERROR we are looking for. If yes, we send it via email.
We register the new file's size and we sleep for 30 seconds before doing a new check.
If you want to use it, you must adapt the 4 first variables: FILE, ERROR, EMAILTO and WAITINGTIME
Conclusions
I was amazed how simple and yet powerful this small script is.
When the problem was exposed I was looking for packages/applications doing such task.
But was I blocked because it's no more possible to install them on this specific machine.
Finally, after 1 night of reflection, I come back to root needs and discover that a simple shell script can do it ;)