Re: script to send mail when error detected in log file
Your inputs will be of great help Might I suggest swatch? Why create your own script, when someone's already created a powerful tool to do this. http://swatch.sourceforge.net/ There's lots of good articles on using it out there: http://www.linuxsecurity.com/content/view/117281/50/ http://www.linuxjournal.com/article/4776 I finally came up with my own script to do this #!/bin/sh -x if [ $(tac /var/log |grep -e error: syswrite() | wc -l ) = 0 ] ; then exit 1 else echo your mailserver is down |mail -s pls check server ip 216.185.xxx.xxx [EMAIL PROTECTED] fi then i add a crontab to run for ever 10 min crontab -e 10 * * * * /your/location/of/script if there is an easier way kindly tell me !!! -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: script to send mail when error detected in log file
Hi! You said then i add a crontab to run for ever 10 min crontab -e 10 * * * * /your/location/of/script Please note that your syntax said to execute once per hour at the 10th minute of the hour To execute at interval of 10 minutes, you may use the following line: */10 * * * * /your/location/of/script Cheers, Eddy - Message d'origine - De : Agnello George À : Matt Kettler Cc : Spamassassin Envoyé : 7 mars 2008 07:27 Objet : Re: script to send mail when error detected in log file Your inputs will be of great help Might I suggest swatch? Why create your own script, when someone's already created a powerful tool to do this. http://swatch.sourceforge.net/ There's lots of good articles on using it out there: http://www.linuxsecurity.com/content/view/117281/50/ http://www.linuxjournal.com/article/4776 I finally came up with my own script to do this #!/bin/sh -x if [ $(tac /var/log |grep -e error: syswrite() | wc -l ) = 0 ] ; then exit 1 else echo your mailserver is down |mail -s pls check server ip 216.185.xxx.xxx [EMAIL PROTECTED] fi then i add a crontab to run for ever 10 min crontab -e 10 * * * * /your/location/of/script if there is an easier way kindly tell me !!! -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: script to send mail when error detected in log file
On 3/7/08, Eddy Beliveau [EMAIL PROTECTED] wrote: Hi! You said then i add a crontab to run for ever 10 min crontab -e 10 * * * * /your/location/of/script Please note that your syntax said to execute once per hour at the 10th minute of the hour To execute at interval of 10 minutes, you may use the following line: */10 * * * * /your/location/of/script Cheers, Eddy Thansk a lot :) -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: script to send mail when error detected in log file
Agnello George wrote: #!/bin/sh -x if [ $(tac /var/log |grep -e error: syswrite() | wc -l ) = 0 ] ; then This can be improved. Let's walk through it. On my system /var/log is a directory of log files and not an actual log file. The typical log file is /var/log/syslog one many systems and /var/log/messages on others and yet slightly different paths on different systems. I will assume that you are not getting an error message from that invocation above and on your system it really is a file at /var/log but it would be good to verify this. Didn't you say you wanted to check /var/log/spamd.log? 'tac' is 'cat' in reverse. 'tac' concatenates and prints files in reverse. It does this by reading the file into memory and then walking through the memory image in reverse. If the size of the image is large enough then the file is copied to a temporary file. The /var/log file is usually large enough to need a temporary file. This is very inefficient. In fact since the grep is going to walk through the entire file it doesn't need to do so in reverse. if [ $(tac /var/log |grep -e error: syswrite() | wc -l ) = 0 ] ; then Is the same as the following. This removes an large inefficiency in the check. if [ $(grep -e error: syswrite() /var/log | wc -l ) = 0 ] ; then Next let's look at grep itself. 'grep something file | wc -l' will count the number of lines. But here you only care if it is zero or nonzero. That can be done more efficiently with 'grep -q'. In the case of -q since grep knows that it is a zero or nonzero occurrence it can optimize and stop as soon as it knows the answer. Therefore the above can be improved by using this: if ! grep -q error: syswrite() /var/log; then Let's now move to the collection of lines in the script using this new test. if ! grep -q error: syswrite() /var/log; then exit 1 else echo your mailserver is down |mail -s pls check server ip 216.185.xxx.xxx [EMAIL PROTECTED] fi Using 'exit 1' indicates an error. But actually there is no error in that case. It should be 'exit 0' instead. Also since this is an exit the following parts past that in the script will not be executed. It is considered good programming style to exit in the early part of the 'if' statement and then not use an 'else' part in that case. But usually this is done for error conditions and not for okay conditions. Lets reverse the condition and try that here. Here is a potentially final version of the script. if grep -q error: syswrite() /var/log/spamd.log; then echo your mailserver is down | mail -s pls check server ip 216.185.xxx.xxx [EMAIL PROTECTED] exit 1 fi exit 0 This way the script exits 0 (success) when there are no errors and exits 1 (error) when errors exist in the logfile. This is a typical way to program these checks. You might also consider using 'mailq' to check your mta status. then i add a crontab to run for ever 10 min crontab -e 10 * * * * /your/location/of/script As Eddy Beliveau pointed out this should be */10 using Vixie cron syntax to run every ten minutes. But if your cron is not a Vixie cron but is instead a traditional cron then you would need to list out all of the minutes. 0,10,20,30,40,50 would run every ten minutes using the older cron syntax. if there is an easier way kindly tell me !!! Hope this helps, Bob
Re: script to send mail when error detected in log file
Bob Proulx wrote: if grep -q error: syswrite() /var/log/spamd.log; then echo your mailserver is down | mail -s pls check server ip 216.185.xxx.xxx [EMAIL PROTECTED] exit 1 fi exit 0 Oh, and after I sent that previous message I realized I should have asked another question. I assume you are collecting logs from other machines. Because if the mail server is down then you won't be able to use mail, which uses the mail server, to notify you of the problem. Bob
Re: script to send mail when error detected in log file
On 3/4/08, Matt Kettler [EMAIL PROTECTED] wrote: Agnello George wrote: HI I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. Your inputs will be of great help Might I suggest swatch? Why create your own script, when someone's already created a powerful tool to do this. http://swatch.sourceforge.net/ There's lots of good articles on using it out there: http://www.linuxsecurity.com/content/view/117281/50/ http://www.linuxjournal.com/article/4776 I am not able to download swatch is ther a problem with the download site ?? -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: script to send mail when error detected in log file
this link works just fine :- http://mesh.dl.sourceforge.net/sourceforge/swatch/swatch-3.2.2.tar.gz Regards, -- --[ UxBoD ]-- // PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] - Agnello George [EMAIL PROTECTED] wrote: On 3/4/08, Matt Kettler [EMAIL PROTECTED] wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: script to send mail when error detected in log file
Agnello George wrote: HI I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. sec -- simple event correlator google the full name --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst [EMAIL PROTECTED] --- Erdös 4
script to send mail when error detected in log file
HI I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. Your inputs will be of great help -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: script to send mail when error detected in log file
Agnello George wrote: HI I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. Your inputs will be of great help Might I suggest swatch? Why create your own script, when someone's already created a powerful tool to do this. http://swatch.sourceforge.net/ There's lots of good articles on using it out there: http://www.linuxsecurity.com/content/view/117281/50/ http://www.linuxjournal.com/article/4776 You could also use logwatch, but Swatch is probably the better tool for the job, it's designed to monitor continuously, where as logwatch is more for daily reports, etc. http://www.logwatch.org/
Re: script to send mail when error detected in log file
Agnello George wrote: I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi The 'mail' command reads stdin. In the above if you run it from the command line it will wait for your keyboard. From cron it would have the stdin attached to /dev/null. This is a difference that will lead to confusion. Best to redirect the input from a file or provide it with some input. if [ $(grep -e unable to start service /var/log/spamd.log) = 1 ] ; then echo pls check server IP 203.185.XX | mail -s pls check server IP 203.185.XX [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. There are quite a few. Here are two: http://www.logwatch.org/ http://logcheck.org/ Bob
