Let me explain better. Lets say the script runs for first time. In that case, all lines from auth.log containing "failure" will be appended to the loginfailures.log. All good. However, when the script runs for a second time, it will append again all the lines with "failure" (and possibly any new ones).
I think the only way to avoid refetching the same lines is with the comparison of the two files (maybe with cmp).
Anyway, I am working on it and will post any findings.
Thanks for you reply.
Originally Posted by twantrd
Use grep/sed/awk. When you say last entry, you mean the very last entry in the log file? If so, use 'tail'.
save the date (year/month/day) to a variable and append that to the filename. So, it would be something like "loginfailures.20090604.gz". If it's multiple compressed files per day, append the min/hour if you want.