|
|
Log search and mail it if the log is updated before 24 hours from the current time
07-12-2013
.#!/bin/bash
################################################################################
# AUTHOR: Gabriel A. Cánepa / Twitter: @gacanepa
# CREATION DATE: July 11, 2013
# LICENSE: GPL v3 or later. See http://www.gnu.org/licenses/gpl.html
# USAGE:
# - Create a plain text file (THE FILE) with a list of files to be examined.
# For example:
# ls -ld /var/log/* | grep '^-' | grep 'log$' | awk '{print $9}' > mylogs
# [List all regular files (grep '^-' looks for a hyphen at the beginning
# of each line resulting from the output of the ls command) that end in
# .log, then prints the 9th field, which is the absolute pathname of each
# file (see the -d option of the ls command)]
# - Chmod it to 700 (or give it adequate permissions)
# - This script will:
# * search the word ERROR in the last 100 lines of those files.
# * if any of those files doesn't exist, or is not a regular file,
# the script will skip it and continue with the next file.
# * detect whether each file has been updated during the last 24 hours.
# * send the results via email.
# * See example: http://i40.tinypic.com/2e5pnjd.png
# MODIFICATION HISTORY:
# - July 12, 2013:
# * Added email header with host information and job date
# * Added email footer: user executing the script
# * Replaced THE FILE's relative pathname (mylogs) for its absolute
# pathname (/home/gacanepa/stuff/scripts/mylogs), stored in the
# loglist variable, to be able to run the script through cron as well.
################################################################################
mailcontents=mailbody # Auxiliary file that is used to store the contents of the email's body
loglist=/home/gacanepa/stuff/scripts/mylogs # Absolute path to the file that contains the
# list of files to be examined. This way, the script
# can be run through cron as well.
# Email header
echo "*****************************************************************" > $mailcontents
echo "* LOG CHECK - HOST: $HOSTNAME - DATE: $(date +'%A %B %d, %Y') *" >> $mailcontents
echo "*****************************************************************" >> $mailcontents
echo "" >> $mailcontents
# End email header
while read line
do
if [ ! -f $line ]; then
echo "$line doesn't exist or is not a regular file. Continuing with the next file in the list..." >> $mailcontents
echo "============" >> $mailcontents
continue
else
last_mod_time=$(stat -c '%Y' $line) # Check the log's last modification time and converts it to Unix epoch
last_24_hours=$(date +%s -d "24 hours ago") # Return the epoch of (the current timestamp minus 24 hours)
if [ $last_mod_time -lt $last_24_hours ]; then
echo "$line has NOT been updated in the last 24 hours" >> $mailcontents
else
echo "$line was updated during the last 24 hours" >> $mailcontents
fi
tail -100 $line > checklog
error=$(grep ERROR checklog | wc -l) # We look for the lines containing the word "ERROR" in the checklog file.
# Then we redirect the output to the wc -l command to count the number
# of lines where the word ERROR appears.
if [ $error -gt 0 ]; then # If this condition is satisfied, that means the word ERROR appeared at least once in
# the log that's being examined in the current loop.
echo "ERROR found in $line" >> $mailcontents
echo -e "\t" $(grep ERROR checklog) >> $mailcontents
else
echo "No errors found in $line" >> $mailcontents
fi
fi
echo "============" >> $mailcontents
done < $loglist
# Email footer
echo "" >> $mailcontents
echo "This script was executed by $USER on $(date +'%A %B %d, %Y') at $(date +'%H:%M:%S')" >> $mailcontents
# End email footer
if [ -s $mailcontents ]; then
mail -s "Errors and last modification times - $(date +'%A %B %d, %Y')" myemail@mydomain.com < $mailcontents
fi
rm $mailcontents checklog # Delete auxiliary files when we're done.
07-13-2013
.
. But take a look at this post or this post and see if it helps. It looks like in AIX there is an istat command. Alternatively you can google something like "Linux stat equivalent in AIX" or the like.date +%s -d "24 hours ago"
gacanepa@Gabriel-PC ~ $ date Sat Jul 13 21:52:20 WARST 2013
+%s
-d, --date=STRING
display time described by STRING, not `now'
07-16-2013
last_mod_time=$(date +%s $line) # this line checks the log's last modification time and converts it to Unix's epoch last_24_hours=$(date "+%Y %m %d_%H %M %S" "24 hours ago") # this line returns the epoch for the current timestamp minus 24 hours
. What I can tell by looking at your script is that you're trying to perform a date conversion using wrong parameters..last_24_hours=$(date +%s -d "24 hours ago")
last_24_hours=$(perl -e 'print time-86400')
last_mod_time=$(stat -c '%Y' $line)
last_mod_time=$(perl -MFile::stat -e "print stat('$line')->mtime")
07-16-2013
|
|
|
|