script to pull string from log file and email it only once
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
script to pull string from log file and email it only once
Hello All,
this is my first post here and I am new to scripting so please forgive the ignorance.
So i'm trying to write a simple script to send me an error message from a log file.
I have searched on this site and did find something that may work but since i'm so new to scripting I don't quite understand exactly what I need to do.
This is the script that someone posted here before
#!/bin/bash
string=fail
tail -n0 -F /pat/to/file | \
while read LINE
do
if echo "$LINE" | grep "$string" 1>/dev/null 2>&1
then
echo "String found on $HOSTNAME" | mail -s "Subject" dummy@iam.com
fi
done
my problem is I don't understand some of the info/arguments here.
I just need a simple script that is looking at a log file when it is kicked off.
once the line comes up that I am looking for it will send that line in an email to me.
I also don't want to get the same info over and over again, so once the line is emailed to me, I don't want it to send me the same error again, only new errors.
Here is the actual paths file and string i'm looking for
path=/opt/IBM/WebSphere/AppServer/profiles/Custom01/logs/WCProd*/
LogFile= SystemOut.log
string= "authorization is declined by the back-end system, the response reason code is {0}"
if anyone can help me it would be huge! I really do appreciate it.
It helps if you post in [code] [/code] tags so that the indentations are kept:
Code:
#!/bin/bash
string="fail";
tail -n0 -F /path/to/file | \
while read LINE
do
if echo "$LINE" | grep -q "$string" 2>/dev/null
then
echo "String found on $HOSTNAME" | mail -s "Subject" dummy@iam.com
fi
done
Well you can look at the manual pages for tail, grep, and mail to see an explanation of the specific options.
The -n 0 for tail means that only the lines added to the file after tail is up and running will be passed on to read via the pipe.
Then also look at the manual page for bash to see about "while" and "read". However, that manual is quite daunting and you'll have to remember that it is a reference document to be navigated and not a tutorial to be walked through one line at a time.
Last edited by Turbocapitalist; 09-11-2017 at 10:27 AM.
I also don't want to get the same info over and over again, so once the line is emailed to me, I don't want it to send me the same error again, only new errors.
Using while to read a file and grep line by line is not really suggested/recommanded. I would say this is a common error, grep can itself scan the whole file, there is no reason to grep each line one by one.
Actually
Code:
if tail -n0 -F /path/to/file | grep -q "$string" 2>/dev/null; then
then
echo "String found on $HOSTNAME" | mail -s "Subject" dummy@iam.com
fi
Using while to read a file and grep line by line is not really suggested/recommanded. I would say this is a common error, grep can itself scan the whole file, there is no reason to grep each line one by one.
Actually
Code:
if tail -n0 -F /path/to/file | grep -q "$string" 2>/dev/null; then
then
echo "String found on $HOSTNAME" | mail -s "Subject" dummy@iam.com
fi
may work and will find $string only once.
So this works once, but what if I needed it to run 24x7 to catch any new errors?
ideally it would be great to constantly read the last line of the log file looking for the error, once it finds it send an email out, but the script should still continue to read the log file looking for the error in case it occurs again.
Have you tried using rsyslog directly, it actually reads every log in your OS as it's generated, and with the ommail module you can send an email whenever a certain condition is met. Take a look:
In the loop, check if error exists in db (or similar eg hash), if it exists its already been emailed, do next iteration.
If not, email error, add to db, then next iteration.
Last edited by chrism01; 09-18-2017 at 12:58 AM.
Reason: typo
I've had to do this before and these are the high level steps I took.
Create the script and touch /var/log/raisedalerts
The script should:
Create a temporary file in /tmp
grep the whole log file for the error conditions and store them in the temporary file.
diff the temporary file against /var/log/raisedalerts
If there is a difference then it means that either there's a new alert or the log file has rotated, send the mail with all the lines in the diff that begin with + as these are NEW
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
