Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Monitor log entries in log files with no Date format? - Efficient logcheck?
Top Forums Shell Programming and Scripting Monitor log entries in log files with no Date format? - Efficient logcheck? Post 302747431 by SkySmart on Friday 21st of December 2012 09:25:48 AM
Old 12-21-2012
Monitor log entries in log files with no Date format? - Efficient logcheck?
is there a way to efficiently monitor logfiles that do not have a date or time format? i have several logs on several different servers that need to be monitored. but i realized writing a script for this would be very complex and time consuming giving the variety of things i need to check for i.e. check if log file exist, check if log has read permissions, check strings, etc.

i know log file monitoring is essential on basically all UNIX systems. my question is, what method are some of you using, and which ones are the easiest to set up and use? and to go back to my first question, how do you monitor the logs that simply do not have a date and time in them?

OS: linux, sunos, hpux, aix
bash/sh
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

convert date format to mysql date format in log file

I have a comma delimited log file which has the date as MM/DD/YY in the 2nd column, and HH:MM:SS in the 3rd column. I need to change the date format to YYYY-MM-DD and merge it with the the time HH:MM:SS. How will I got about this? Sample input 02/27/09,23:52:31 02/27/09,23:52:52... (3 Replies)
Discussion started by: hazno
3 Replies

2. Shell Programming and Scripting

monitor log files

Hello, I want something like this tail -f /a/b/c/*.log | grep -i "STRING1|STRING2 " > a.txt I want to check all the log files in a particular directory then grep if any of the log files have "STRING1" and "STRING2" string and then have to send email to the group. Platform is HP-UX it... (8 Replies)
Discussion started by: RTY
8 Replies

3. Emergency UNIX and Linux Support

monitor log entries and send e-mail

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! I am stuck and worried. My assignment was due a day ago and I was too busy completing other assignments due during the same time. I worry that not completing this assignment... (1 Reply)
Discussion started by: vin8465
1 Replies

4. Homework & Coursework Questions

monitor log entries and send e-mail

I am stuck and worried. My assignment was due a day ago and I was too busy completing other assignments due during the same time. I worry that not completing this assignment will fail me. Need urgent help in completing the script asap. I dont want to sound pushy to get the answer but just wanted to... (10 Replies)
Discussion started by: vin8465
10 Replies

5. Shell Programming and Scripting

Write an automated shell program(s) that can create, monitor the log files and report the issues for

Hi , Please help me getting this done. Write an automated shell program(s) that can create, monitor the log files and report the issues for matching pattern. (i) Conditions for creating log files. Log file is created with date (example 2010_03_27.log). If the log file size is 10 Mb for... (1 Reply)
Discussion started by: itian2010
1 Replies

6. Shell Programming and Scripting

Tomcat log file in date format

Hi, I was asked to write a new logrotate file for tomcat logs..in which one of the requirement is to have date and time appended at the end of the file name. I have tried dateext and dateformat-%Y-%m-%d-%s but these directives didn't have the option for HH:MM. I am very new to this... (2 Replies)
Discussion started by: sdspawankumar
2 Replies

7. HP-UX

Script to monitor /var/opt/resmon/log/event.log file

AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" . Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required . But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies

8. Shell Programming and Scripting

Delete log files content older than 30 days and append the lastest date log file date

To delete log files content older than 30 days and append the lastest date log file date in the respective logs I want to write a shell script that deletes all log files content older than 30 days and append the lastest log file date in the respective logs This is my script cd... (2 Replies)
Discussion started by: sreekumarhari
2 Replies

9. UNIX for Dummies Questions & Answers

Rename all Files in a UNIX Directory from one date format to another date format

Hi Unix Gurus, I would like to rename several files in a Unix Directory . The filenames can have more than 1 underscore ( _ ) and the last underscore is always followed by a date in the format mmddyyyy. The Extension of the files can be .txt or .pdf or .xls etc and is case insensitive ie... (1 Reply)
Discussion started by: pchegoor
1 Replies

10. Solaris

Changing Date format for su log

Need to view su log with year in the time stamp. Only mm/dd format is showing up in the logs. Any help please ..:( (2 Replies)
Discussion started by: Chandru1
2 Replies

LEARN ABOUT DEBIAN

client-local.cfg

CLIENT-LOCAL.CFG(5)						File Formats Manual					       CLIENT-LOCAL.CFG(5)

NAME

       client-local.cfg - Local configuration settings for Xymon clients

SYNOPSIS

       ~xymon/server/etc/client-local.cfg

DESCRIPTION

       The  client-local.cfg  file contains settings that are used by each Xymon client when it runs on a monitored host. It provides a convenient
       way of configuring clients from a central location without having to setup special configuration maintenance tools on all clients.

       The client-local.cfg file is currently used to configure what logfiles the client should fetch data from, to be used as the basis  for  the
       "msgs" status column; and to configure which files and directories are being monitored in the "files" status column.

       Note  that  there is a dependency between the client-local.cfg file and the hobbit-clients.cfg(5) file. When monitoring e.g. a logfile, you
       must first enter it into the client-local.cfg file, to trigger the Xymon client into reporting any data about the logfile. Next,  you  must
       configure  hobbit-clients.cfg  so the Xymon server knows what to look for in the file data sent by the client. So: client-local.cfg defines
       what raw data is collected by the client, and hobbit-clients.cfg defines how to analyze them.

PROPAGATION TO CLIENTS

       The client-local.cfg file resides on the Xymon server.

       When clients connect to the Xymon server to send in their client data, they will receive part of this file back from the Xymon server.  The
       configuration received by the client is then used the next time the client runs.

       This  method of propagating the configuration means that there is a delay of up to two poll cycles (i.e. 5-10 minutes) from a configuration
       change is entered into the client-local.cfg file, and until you see the result in the status messages reported by the client.

FILE FORMAT

       The file is divided into sections, delimited by "[name]" lines.	A section name can be either  an  operating  system  identifier  -  linux,
       solaris,  hp-ux,  aix,  freebsd, openbsd, netbsd, darwin - or a hostname. When deciding which section to send to a client, Xymon will first
       look for a section named after the hostname of the client; if such a section does not exist, it will look for a section named by the  oper-
       ating  system  of  the  client.	So you can configure special configurations for individual hosts, and have a default configuration for all
       other hosts of a certain type.

       Apart from the section delimiter, the file format is free-form, or rather it is defined by the tools that make use of the configuration.

LOGFILE CONFIGURATION ENTRIES

       A logfile configuration entry looks like this:

	   log:/var/log/messages:10240
	   ignore MARK
	   trigger Oops

       The log:FILENAME:SIZE line defines the filename of the log, and the maximum amount of data (in bytes) to send to the Xymon server. FILENAME
       is  usually  an	explicit full-path filename on the client. If it is enclosed in backticks, it is a command which the Xymon client runs and
       each line of output from this command is then used as a filename. This allows scripting which files to monitor, e.g. if you  have  logfiles
       that are named with some sort of timestamp.

       The  ignore  PATTERN  line (optional) defines lines in the logfile which are ignored entirely, i.e. they are stripped from the logfile data
       before sending it to the Xymon server. It is used to remove completely unwanted "noise" entries from the logdata processed by Xymon.  "PAT-
       TERN" is a regular expression.

       The  trigger  PATTERN  line (optional) is used only when there is more data in the log than the maximum size set in the "log:FILENAME:SIZE"
       line.  The "trigger" pattern is then used to find particularly interesting lines in the logfile - these will always be sent  to	the  Xymon
       server.	After  picking	out the "trigger" lines, any remaining space up to the maximum size is filled in with the most recent entries from
       the logfile. "PATTERN" is a regular expression.

COUNTING LOGENTRIES

       A special type of log-handling is possible, where the number  of  lines	matching  a  regular  expressions  are	merely	counted.  This	is
       linecount:FILENAME, followed by a number of lines of the form ID:PATTERN. E.g.

	   linecount:/var/log/messages
	   diskerrors:I/O error.*device.*hd
	   badlogins:Failed login

FILE CONFIGURATION ENTRIES

       A file monitoring entry is used to watch the meta-data of a file: Owner, group, size, permissions, checksum etc. It looks like this:

	   file:/var/log/messages[:HASH]

       The  file:FILENAME  line defines the filename of the file to monitor.  As with the "log:" entries, a filename enclosed in backticks means a
       command which will generate the filenames dynamically. The optional [:HASH] setting defines what type of hash to compute for the file: md5,
       sha1 or rmd160. By default, no hash is calculated.
       NOTE:  If  you  want to check multiple files using a wildcard, you must use a command to generate the filenames. Putting wildcards directly
       into the file: entry will not work.

DIRECTORY CONFIGURATION ENTRIES

       A directory monitoring entry is used to watch the size of a directory and any sub-directories. It looks like this:

	   dir:DIRECTORYNAME

       The dir:DIRECTORYNAME line defines the filename of the file to monitor.	As with the "log:" entries, a filename enclosed in backticks means
       a  command  which will generate the filenames dynamically. The Xymon client will run the du(1) command with the directoryname as parameter,
       and send the output back to the Xymon server.
       NOTE: If you want to check multiple directories using a wildcard, you must use a command to generate the directory names. Putting wildcards
       directly into the dir: entry will not work. E.g. use something like
	    dir:`find /var/log -maxdepth 1 -type d`

       The  "du"  command  used  can be configured through the DU environment variable. On some systems, by default du reports data in disk blocks
       instead of KB (e.g. Solaris). So you may want to configure the Xymon client to use a du command which reports data in KB, e.g. by setting
	   DU="du -k"
       in the hobbitclient.cfg file.

NOTES

       The ability of the Xymon client to calculate file hashes and monitor those can be used for file integrity validation on a small scale. How-
       ever,  there is a significant processing overhead in calculating these every time the Xymon client runs, so this should not be considered a
       replacement for host-based intrusion detection systems such as Tripwire or AIDE.

       Use of the directory monitoring on directory structures with a large number of files and/or sub-directories can be  quite  ressource-inten-
       sive.

SEE ALSO

       hobbit-clients.cfg(5), hobbitd_client(8), hobbitd(8), xymon(7)

Xymon							    Version 4.2.3:  4 Feb 2009					       CLIENT-LOCAL.CFG(5)
All times are GMT -4. The time now is 11:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy