Re: Monitor log file thru shell script

> I am attempting to look for a pattern in the continuously growing log file
> and mail me if match is found. (on Linux). But I am having problem.
> This is the part of the shell script
> export err1=down
> tail -f testlogfile | egrep -n "${err1}" | mail -s "Found warning"
> shivaswamykr_at_gmail.com
> As you see I am using tail -f and egrep. When I run only tail -f & egrep
> part on the prompt on my testlogfile, I am able to see the output from
> egrep.
> But when I pipe it to mail, and run it on nohup on a shell script, nothing
> happens. I can see that mail process is in T state, meaning it is stopped.
> If I kill my shell script running in the background, I get the email
> notification, as expected.
> What happens here? How I can get the notification, without killing the
> process?
> If you could please help, I appreciate it.
> Thanks,
> Shiva

Using tail, either tail -f or tail -[number], to check a specific string in a log file for notification purposes offers some advantages over scanning the file scheduled as a job (as most people do). Unless the file is recycled frequently, the file could become huge and so scanning the file from the beginning takes significant CPU and I/O (recording the last read line makes no difference). In addition, "tail -f" has the advantage that no scheduling is needed. By default, the interval it checks the file tail is 1 second. So notification is instantaneous. (On Linux you can change it with -s, but Solaris tail has 1 second hardcoded in source.)

Shiva's command can be rewritten as:
export err1=down
tail -f testlogfile | perl -nle '$err1=$ENV{err1}; system("echo \"$_\" | mail -s "Found warning" shivaswamykr\@gmail.com") if (/$err1/)'

There may be easier ways to do it. I can't get other suggested commands to work. But it may well be just me. My command is taken from my old note: http://yong321.freeshell.org/computer/logfile.html

Yong Huang       

--
http://www.freelists.org/webpage/oracle-l