LinuxQuestions.org - linuc shell scripting

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - linuc shell scripting (https://www.linuxquestions.org/questions/linux-newbie-8/linuc-shell-scripting-930450/)

vaw	02-21-2012 03:15 AM

linuc shell scripting

Hi,

There are a few log files from which my shell script picks up errors messages and sends alerts. This script runs every half hour.
But the logs are created say one a day and sometimes one per week. In this case my script picks up the errors every half hour which is redundant and not preferred.

Can someone suggest me how I can pick up items(errors) from these logs that only have the timestamp less than half hour ?

Thanks,

catkin

02-21-2012 03:24 AM

The shell script could write the timestamp of when it last looked at the logs to a file. Somewhere under /var/lib might be appropriate according to the Linux Filesystem Hierarchy Standard.

vaw	02-21-2012 03:49 AM

How can we then find the errors having the timestamp greater than this stored timestamp ?

catkin

02-21-2012 04:15 AM

The script could compare the saved timestamp with the timestamps in the log and only pick up errors that happened later.

What does your script look like?

KatrinAlec

02-21-2012 04:36 AM

you could maybe send the data through a pipe, so you only read it once,
or use tail -f, so you only get new output.

vaw	02-21-2012 06:23 AM

currently the script only looks for the file modified in the last half hour, but obviously this will not work as the errors even as old as a day will get picked.

Could you tell me how we can compare the timestamps so that only the error which is not older than, say half hour is picked.

catkin

02-21-2012 06:30 AM

What do the timestamps in the log look like?

vaw	02-21-2012 06:39 AM

The timestamps are like this : 2011-01-12-02:43:52

vaw	02-21-2012 06:42 AM

Some other I am looking for also have timestamps like : 2012-02-12 07:30:20

catkin

02-21-2012 08:26 AM

Something like this (not tested):

Code:

#!/bin/bash



timestamp_file=~/last_run.timestamp

if [[ -f $timestamp_file && -r $timestamp_file ]]; then

    after_timestamp=$( cat $timestamp_file )

else

    after_timestamp=000000000000000000000

fi



while read -r line

do

    msg_timestamp=${line:0:20}

    msg_timestamp=${msg_timestamp//:}

    msg_timestamp=${msg_timestamp//-}

    msg_timestamp=${msg_timestamp// }

    if (( $msg_timestamp > $after_timestamp )); then

        echo "$line"

    fi  

done < test.log



echo "$( date '+%Y%m%d%H%M%S' )" > $timestamp_file

EDIT: it would be safer if the last line was echo "$( $msg_timestamp )" > $timestamp_file but there is still some danger of dropping some messages. A safer technique would be for the script to write the last message it sent (from each log file) in a file.

All times are GMT -5. The time now is 06:24 AM.