LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   shell script for logging (https://www.linuxquestions.org/questions/linux-general-1/shell-script-for-logging-39444/)

threadhead 12-26-2002 04:14 PM
shell script for logging
 
hello there.

i wrote a shellscript to view and log all my TCP
connections.

heres the code:
Code:
#!/bin/sh

tail -f /var/log/syslog | grep "PROTO=TCP" > /root/connections.log
tail -f monitors all things being actually written to the file specified. with grep i filter out the desired lines.
with > /root/connections.log i want to keep a clear
log file with all the TCP connections.
when i run the script, i can see the filtered output.
even the file /root/connections.log creates itself.
BUT nothing is written to file!

whats wrong with that?

thanks threadhead

stickman 12-26-2002 04:57 PM
Couldn't you just modify syslog.conf so that syslog logs that facility to a separate file?

bulliver 12-26-2002 05:09 PM
Just an idea: tail only reads the last 10 entries, so if there are no TCP connections in the last 10 lines of syslog, then your script correctly writes nothing to connections.log

You can add "--lines=N" to your tail command to read the last N lines instead of the default.

stickman 12-26-2002 08:20 PM
He's using "-f" to follow the logfile.

bulliver 12-27-2002 01:09 AM
OK, excuse my ignorance. -f monitors syslog as it's written then?

SlickWilly 12-27-2002 08:56 AM
-f will display the results of the tail as it's written yes.

So, if you tail -f <somefile> it'll sit and display your file. As more is added to your file it'll display that too. Useful for realtime monitoring of logfiles and the like. It's not specific to a syslog - you can tail -f anything.

You can also :

tail -100 <somefile> for the last 100 lines. The default is 10, but you can specify any number of lines you ilke.

To address the problem :

when i run the script, i can see the filtered output.

you shouldn't see anything. The redirector '>" should redirect the output from the tail to your file. What you should see is a blank, flashing cursor, and any output from the tail will be redirected from being displayed on screen (stdout) to your file. ctrl-c will kill it and you'll get your prompt back.

That you are seeing output corresponds to your lack of output in your file. You only have one output stream and it's going to your screen and not your file.

What you want is this :

tee - read from standard input and write to standard output and files

And your script should look like this :

tail -f /var/log/syslog | grep "PROTO=TCP" | tee /root/connections.log

man tee. :)

Slick.

threadhead 12-27-2002 01:09 PM
thanks for the help but i found another solution to do it. :D

Code:
#!/bin/sh

tail -f /var/log/syslog | while read LOG_LINE
    do
          if echo $LOG_LINE | grep -q "PROTO=TCP"
              then echo $LOG_LINE >> /root/connections.log
          fi
done

SlickWilly 12-27-2002 01:54 PM
Yikes.. that's a pretty nasty way of writing 'tee'

Oh, and I messed up, just in case anyone else is reading this.

I missed out a > before the filename.

tail -f /var/log/syslog | grep "PROTO=TCP" | tee >/root/connections.log

Slick.

merana 12-27-2002 03:59 PM
As always theres more than one way to skin a cat. That tee func seem neat. Will ahve to man it. thnks! ;)


All times are GMT -5. The time now is 07:33 AM.