LinkedIn Sourceforge

Vincent's Blog

Pleasure in the job puts perfection in the work (Aristote)

Simple way to monitor a logfile

Posted on 2024-08-10 20:57:00 from Vincent in OpenBSD

On an old machine running and old BSD OS, I must trigger an email is some keywords are coming in a log file.

since this is a very old machine, installation of packages is no more possible.

This blog post will show a simple way I've did it with only shell script


Introduction

One of my friend is running OpenBSD 6.2 on a server. He does not want to upgrade is in a short term, but need urgent solution to trigger emails in case some elements are coming in a specific log file (Application log).

I'm sharing this small script because this could be helpful in several cases.

The goal here is not to find the most elegant solution (which will be a full upgrade), neither to shoot at him because this machine is in a very weird situation. But, at the opposite, to find a simple mechanism to allow a rudimentary monitoring of his application.

I'll will not investigate the option to extract the whole ecosystem of OpenBSD 6.2 and recompile on a labo machine so we can "push" on his machine the required new tools. This will take too much time and does not tackle the main task which is to replace this server by a new one running OpenBSD 7.5 (current version in August 2024).

How to catch new lines of a log file ?

Basically we want to trigger an email is we found some keywords in the logfile of this applications.
The problematic will be how to grep only the new lines added since the last check ?

The will come from tail.

Indeed, this command as the "-c" parameter which will perfectly match our needs.

tail -c 10 /var/log/application.log

With such command we will only get the last 10 bytes of this log file.

Watch script

#!/bin/sh
FILE=/var/log/application.log
ERROR=" typical error "
EMAILTO="info@myorganisation.com"
WAITINGTIME=30
size=$(ls -al $FILE | cut -d " " -f 8)
while true
do
    newsize=$(ls -al $FILE | cut -d " " -f 8)
    if [ "$size" != "$newsize" ]; then
        delta=$(expr $newsize - $size)
        res=$(tail -c  $delta $FILE | grep -v "$ERROR")
        if [ -n "$res" ]; then
            echo "$res" | mail -s "Application log $(date)" $EMAILTO
        fi
    fi
    size=$newsize
    sleep $WAITINGTIME
done

Thanks to "tail -c", we catch the new characters added in the log file, we grep on it to see if there is the ERROR we are looking for. If yes, we send it via email.
We register the new file's size and we sleep for 30 seconds before doing a new check.

If you want to use it, you must adapt the 4 first variables: FILE, ERROR, EMAILTO and WAITINGTIME

Conclusions

I was amazed how simple and yet powerful this small script is.

When the problem was exposed I was looking for packages/applications doing such task.
But was I blocked because it's no more possible to install them on this specific machine.

Finally, after 1 night of reflection, I come back to root needs and discover that a simple shell script can do it ;)



2, 2
displayed: 668



What is the first letter of the word Moon?