[SOLVED] Monitoring file and running commands based on content
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
tail -f /var/log/messages | grep IP | awk '{print $4}'
Google suggested this has something to do with the IO buffer so I tried a bunch of buffer controls like adding --line-buffered to grep and running with
Code:
stdbuf -o0 tail ...
but nothing works.
What's the trick? Is there no way to grep and tokenize "tail -f" and then run commands?
I guess I wasn't clear. The log isn't the problem since the messages correctly show up there. The problem is after being piped through several filters that just retrieve the variable I need, the data gets stuck somewhere (likely the i/o buffer) and nothing at all is displayed. You can repeat the same experiment with any other file and get the same results.
'tail -f /var/log/messages | grep --line-buffered something' should just work. Try injecting a line ('man logger') and see if that triggers things. If that's not it try a lame loop:
or try something with a FIFO.
*Note 'grep IP | awk '{print $4}';' may be short for 'awk '/IP:/ {if($3 = IP:) print $4}';'.
*Also note you're re-inventing the wheel: there's already tools that grep a log for strings and perform actions (Swatch, alerttail, etc, etc. See Sourceforge, Freshmeat, etc, etc).
I assume "| xargs echo" is just an example placeholder for another program to be used in real life, since echo'ing something that can be printed out directly from awk is useless.
I would run "man xargs", and look at the -L option and the -n option. xargs can "build up" a command line using multiple inputs, but you have control of that buffering with -L and -n
'tail -f /var/log/messages | grep --line-buffered something' should just work.
That works, it gets stuck when I add the next pipe.
Quote:
Originally Posted by unSpawn
*Also note you're re-inventing the wheel: there's already tools that grep a log for strings and perform actions (Swatch, alerttail, etc, etc. See Sourceforge, Freshmeat, etc, etc).
I was trying to keep it GNU, but I'll probably just use alerttail since it seems to do exactly what I need.
Quote:
Originally Posted by haertig
I assume "| xargs echo" is just an example placeholder for another program to be used in real life, since echo'ing something that can be printed out directly from awk is useless.
Yes, the command will build iptables rules so echo is just an example.
Quote:
Originally Posted by haertig
I would run "man xargs", and look at the -L option and the -n option. xargs can "build up" a command line using multiple inputs, but you have control of that buffering with -L and -n
Yes, the command will build iptables rules so echo is just an example.
Ahhh. Sounds like you might be doing something similar to what I did a few years ago. Based on failed login attempts (by the bad guys), I block their IP's by dynamically configuring against them.
If this is indeed what you're doing, here's a link to a post I did on the script several years ago. Might give you some ideas.
Ideas cool, but there's really no need to use the script as fail2ban can already do all of that including rule management. Since two years before that post was made.
Ideas cool, but there's really no need to use the script as fail2ban can already do all of that including rule management. Since two years before that post was made.
And I also wrote that script long before that post was made. Back in that post in 2006 I was posting what I had done in the past. Anyway, I was not aware of fail2ban at that time I posted that back in 2006. And I don't know if fail2ban even existed when I actually wrote the script, which was before that 2006 post. I would certainly have considered using fail2ban as an alternate, had I known about it. Definitely no need to reinvent the wheel !
Before this thread gets off topic, I'm not building a clone of fail2ban. I'm trying to script a process where a list of specific of hosts are only allowed to connect once so after a successful connection, a firewall rule that blocks them is executed.
I would certainly have considered using fail2ban as an alternate, had I known about it. Definitely no need to reinvent the wheel!
Likewise I don't have anything against your script, it's approach or showing off mad scripting skills, and my reply shouldn't be read as somehow implying you have or have had a wheel re-invention fetish ;-p
I'm trying to script a process where a list of specific of hosts are only allowed to connect once so after a successful connection, a firewall rule that blocks them is executed.
Sounds like a case for Netfilter, maybe something like the "recent" module.
In my case, it is much more efficient to monitor a log file instead of network traffic. Firewalls are not aware of successful authentication, etc. Firewall rules will only be used to block hosts after the first successful connection.
I guess I wasn't clear. The log isn't the problem since the messages correctly show up there. The problem is after being piped through several filters that just retrieve the variable I need, the data gets stuck somewhere (likely the i/o buffer) and nothing at all is displayed. You can repeat the same experiment with any other file and get the same results.
I got it to grep and awk, but not at the same time, the pipe through "xargs echo" never got me any response.
I had no "IP" to grep so I used sda (harddrive) and awk'ed different collumns.
No prob, before that, I was grepping and awking a file that didnot exist and got no response(errors) from the console,
leading me to think it was woking, just no string matches.
That's what I meant, (on my system) Grepping and awking a non-existent file gave no output.
My mistake, I'll read the rest now.
Glenn
You got me, I'm still learning.
I know there are a few reasons why it wouldn't work, but just for instance, there are numerous greps (egrep, rgrep..) that work well at specific lookup ranges. Many variables, ...
Last edited by GlennsPref; 03-01-2013 at 03:20 AM.
Reason: Glad you got it to work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.