LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 12-26-2002, 05:14 PM   #1
threadhead
LQ Newbie
 
Registered: Nov 2002
Location: europe
Distribution: slackware 8.1
Posts: 24

Rep: Reputation: 15
shell script for logging


hello there.

i wrote a shellscript to view and log all my TCP
connections.

heres the code:
Code:
#!/bin/sh

tail -f /var/log/syslog | grep "PROTO=TCP" > /root/connections.log
tail -f monitors all things being actually written to the file specified. with grep i filter out the desired lines.
with > /root/connections.log i want to keep a clear
log file with all the TCP connections.
when i run the script, i can see the filtered output.
even the file /root/connections.log creates itself.
BUT nothing is written to file!

whats wrong with that?

thanks threadhead
 
Old 12-26-2002, 05:57 PM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Couldn't you just modify syslog.conf so that syslog logs that facility to a separate file?
 
Old 12-26-2002, 06:09 PM   #3
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
Just an idea: tail only reads the last 10 entries, so if there are no TCP connections in the last 10 lines of syslog, then your script correctly writes nothing to connections.log

You can add "--lines=N" to your tail command to read the last N lines instead of the default.
 
Old 12-26-2002, 09:20 PM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
He's using "-f" to follow the logfile.
 
Old 12-27-2002, 02:09 AM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
OK, excuse my ignorance. -f monitors syslog as it's written then?
 
Old 12-27-2002, 09:56 AM   #6
SlickWilly
Member
 
Registered: Dec 2002
Posts: 327

Rep: Reputation: 30
-f will display the results of the tail as it's written yes.

So, if you tail -f <somefile> it'll sit and display your file. As more is added to your file it'll display that too. Useful for realtime monitoring of logfiles and the like. It's not specific to a syslog - you can tail -f anything.

You can also :

tail -100 <somefile> for the last 100 lines. The default is 10, but you can specify any number of lines you ilke.

To address the problem :

when i run the script, i can see the filtered output.

you shouldn't see anything. The redirector '>" should redirect the output from the tail to your file. What you should see is a blank, flashing cursor, and any output from the tail will be redirected from being displayed on screen (stdout) to your file. ctrl-c will kill it and you'll get your prompt back.

That you are seeing output corresponds to your lack of output in your file. You only have one output stream and it's going to your screen and not your file.

What you want is this :

tee - read from standard input and write to standard output and files

And your script should look like this :

tail -f /var/log/syslog | grep "PROTO=TCP" | tee /root/connections.log

man tee.

Slick.
 
Old 12-27-2002, 02:09 PM   #7
threadhead
LQ Newbie
 
Registered: Nov 2002
Location: europe
Distribution: slackware 8.1
Posts: 24

Original Poster
Rep: Reputation: 15
thanks for the help but i found another solution to do it.

Code:
#!/bin/sh

tail -f /var/log/syslog | while read LOG_LINE
     do
          if echo $LOG_LINE | grep -q "PROTO=TCP"
               then echo $LOG_LINE >> /root/connections.log
          fi
done
 
Old 12-27-2002, 02:54 PM   #8
SlickWilly
Member
 
Registered: Dec 2002
Posts: 327

Rep: Reputation: 30
Yikes.. that's a pretty nasty way of writing 'tee'

Oh, and I messed up, just in case anyone else is reading this.

I missed out a > before the filename.

tail -f /var/log/syslog | grep "PROTO=TCP" | tee >/root/connections.log

Slick.
 
Old 12-27-2002, 04:59 PM   #9
merana
Member
 
Registered: May 2002
Location: Philly/So. Jersey
Distribution: ESXi CentOS Red-Hat Ubuntuu Solaris Debian
Posts: 80

Rep: Reputation: 15
As always theres more than one way to skin a cat. That tee func seem neat. Will ahve to man it. thnks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 03:14 AM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 06:32 PM
logging a shell/bash session? JustinHoMi Linux - Software 6 04-10-2005 12:34 AM
logging on shell.. kane hart Linux - Newbie 2 10-13-2003 03:41 PM
Ssh or logging from shell script Alek Linux - General 5 09-24-2003 11:30 AM


All times are GMT -5. The time now is 12:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration