UNIX for Dummies Questions & Answers

Hi
..first post !

I have a Unix v445 using solaris 10. I've trolled through various web pages but can't find exactly what I'm looking for.

I have an alert log...or any messages file for that matter I need to check for certain key (error type) phrases - if I find them, they are redirected to a file and emailed to a distribution list. I want to execute this script as a cron job running every hour.

The next time the cron job runs, rather than running from the top again & thus possibly duplicating the same errors, I need a seperate file that shows the linecount from the previous check.....this new check starts its checking from the linecount to the end of the file......the new line count replaces the previous one and so on

Do I need to have a 'collector' that holds the words/phrases I'm looking for ?
_________________

Can anyone help ?

Many thanks

David

It sounds like the algorithm is pretty clear in your head.
Yes you need to write a collector/parse that would have 2 parameters:The parser you read the 'line number' from the 'line number' file and start its parsing of the log file from the next line.
Once the entire file is parsed and the 'offending' records/lines are collected (most likely in another file), the parser will email the collected entries/files to the configured (either in the configuration file OR specified on the command line) list of the email address(es).
Once the emailing is done, the parser will update the 'line number' file with the number of the LAST parsed line in the file.

You should probably make provisions to make sure that there's only ONCE instance of the parser running at the time in order to avoid any collisions.

Now it's a matter of a simple programming....

Thanks for the update.

Does anyone have similar code examples I can use to progress

Thanks

David

Me always going the easy route, I would do this:
Check for errors in the log file, and then move that log file off to a new name. Then the next time around you would just grep the log file again, no need to keep up where you left off. This would work unless others need that log file and wouldn't be able to go look at your backup's.

Davidra, did you ever get an answer for this or samples of script? I'm trying to do the same exact thing for a non-syslog log file.

Is the following the logic flow you desire?

# see if the file exists
if [ -e today.log ]
then
# mail the file
uuencode today.log today.log | mailx -s "logs" somebody@me.com
# append the today.log to the rest of the log file
cat today.log >> all.log
# delete the working log file
rm today.log
fi

Be careful rm'ing or mv'ing log files. If the app that is writting them keeps the file open, you may not get the results you expect. The app could continue writing to the inode of the file and your new file won't be touched.

What I do is keep a running tail on the log and alert when a condition is met. There are utilities out there (logwatch comes to mind) that will save you lots of work.