Monitor the logs Continuously and triggers the output if keyword matches and continue the monitoring

Vignesh Radhakrishnan · 11-08-2018, 03:26 AM

Hi All,

I want to monitor the logs continuously and sends a error if keyword/pattern matches and continues the monitoring

I tried below script

tail -F /data/log/test.log |

egrep -io 'got signal 15 | now exiting' |

while read -r line ; do

case "$line" in
"got signal 15")
echo "hi"
;;
"now exiting")
echo "hi2"
;;
*)

esac
done

The problem is tail is not working here , whenever the new log details added its not going to the case statement and echos the output

I could get the output if i use cat/less/more

Could you someone please tell what mistake i have done here ?

Thanks in advance

Habitual · 11-08-2018, 06:47 AM

Welcome to LQ!
I have no idea why your code isn't working.
If tail -{f,F} is interactive and defaults to 10 lines...
I'd try

Code:

tail -FN0...

But I found a link that may help you onto the path to a solution.
Monitor Log File for Pattern Match and Trigger Action
Looks to be thorough, however they are going an "extra step" by killing tail "when it dies".
Why use it if you have to kill it? (asking the first link)

cat/less/no more all day long.
Is this a bash script?
Are the logs multiline like tomcat/java?

Monitoring a file until a string is found
and yet another: Shellscript to monitor a log file if keyword triggers then execute a command?

Have fun!

TB0ne · 11-08-2018, 07:04 AM

Quote:

Originally Posted by Vignesh Radhakrishnan

Hi All,
I want to monitor the logs continuously and sends a error if keyword/pattern matches and continues the monitoringI tried below script

Code:

tail -F /data/log/test.log |

egrep -io 'got signal 15 | now exiting' |

while read -r line ; do

case "$line" in
   "got signal 15")
    echo "hi"
        ;;
    "now exiting")
    echo "hi2"
         ;;
    *)
esac
done

The problem is tail is not working here , whenever the new log details added its not going to the case statement and echos the output I could get the output if i use cat/less/more Could you someone please tell what mistake i have done here ?

The tail issue that habitual pointed out would be a good start, but using logwatch or another such utility would be the best bet here. It's written/designed specifically to look at log files for patterns. Also, do you have any systems monitoring in place now? Because things like zabbix/nagios can ALSO be used to watch log files, and act accordingly.

There are also LOTS of already-written shell scripts to watch a log..you can find these with a brief Google search. I'd suspect there's an issue with your case statements/code there, but given the many options that already exist to do this, I'd use those.

MadeInGermany · 11-14-2018, 03:08 PM

I would skip the grep and search the string anywhere in the line i.e. *string*

Code:

tail -F /data/log/test.log |
while read -r line
do
  case "$line" in
  *"got signal 15"*)
    echo "hi"
  ;;
  *"now exiting"*)
    echo "hi2"
  ;;
  *)
  esac
done

chrism01 · 11-14-2018, 10:55 PM

You might want to consider using a Perl module designed to do just that https://metacpan.org/pod/File::Tail