0

I'm looking for a way to watch multiple logfiles on linux and look for words or phrases inside and if found, trigger a script or action, this will need to be constant.

I know this can be done with some grep, tail hack but I want to know if there is something premade for this with config options, for instance, I think logtail can monitor files but can't trigger actions.

Any ideas?

Anton Krall
  • 45
  • 7
  • http://stackoverflow.com/questions/4331309/shellscript-to-monitor-a-log-file-if-keyword-triggers-then-execute-a-command but instead of 'f' try using 'F' to handle log rotating – jaroslawj Nov 07 '15 at 07:38
  • I'm looking for something that can run continuously and can auto start with the server (cron based or init.d based) – Anton Krall Nov 07 '15 at 14:25

2 Answers2

1

You can set the output of the grep to a variable and then evaluate if its empty to run your script/actions.

Example:

Convert command output to string with $( whatever command ) 
line=$(  grep -m 1 YourKeyWord <( exec tail -f /directory/of/log.out ); kill $! 2> /dev/null)
Then you can start evaluating each log, and determine the following actions. 
if [ "$line"!="" ]
then
echo "Found $line"
service something start
line=""
echo "Now we can look for ABC"
fi

line=$(  grep -m 1 ABC <( exec tail -f /your/otherdir/of/log.out ); kill $! 2> /dev/null)
if [ "$linea!="" ]
then
echo "Found the other $linea"
ntpstat (or whatever command you need)
line=""
echo "And we can keep doing this"
fi

You can do this with two functions (one to reset $line, and other to do the grep, using a $Dir var) but for the sake of the detailed answer , let's leave this way.

The line,

grep -m 1 WhateverWord <( exec tail -f /your/otherdir/of/log.out ); kill $! 2> /dev/null

was taken from the answer https://superuser.com/questions/275827/how-to-read-one-line-from-tail-f-through-a-pipeline-and-then-terminate with the following explanation, and it does avoid logical issues in your server.

"kill will kill leftover tail -f process, and we hide errors, because it's possible that the tail will be gone by the time kill will be invoked."

Community
  • 1
  • 1
nDCasT
  • 71
  • 2
  • Thank you for your suggestion, I have added it to my code library but in the meantime I want to let everybody know that I found something that does exactly what I needed. It's called SEC (on CentOS you can just run yum install sec). – Anton Krall Nov 12 '15 at 03:56
  • Some more discussion here also: http://superuser.com/questions/270529/monitoring-a-file-until-a-string-is-found – John Rix Nov 12 '15 at 13:11
  • Great, and I'll give SEC a try. My answer works pretty well in environments where you cannot or are not allowed to install anything. – nDCasT Nov 16 '15 at 06:39
0

The answer is SEC (yum install sec). What it does is that it monitors any log file and uses rules to scan the files using regex and then you can run shell scripts, insert logs, and some other stuff.

It runs as a service so no problem with machine reboots, crons, etc.

Hope this helps anybody trying to do what I wanted.

Anton Krall
  • 45
  • 7
  • I'm very happy that you found the answer you were looking for. however, as far as answers go, it doesn't do anything to explain WHY it's the correct answer. Why is this solution better than the one that @nDCasT provided? Why is this a better solution than `monit`? How did you use sec? – Jim Mar 21 '22 at 21:25