Generate a mail when you add info to a txt file

iga3725 · November 3, 2010, 5:21am

Hi,

I have an application's log file:

/var/log/logfile which is feeded from time to time due to an application. This file contains data, what I want is:

-Whenever some new data is copied to /var/log/logfileI want to generate an email to root BUT only with the new added data in the body. Is it possible?

Thanks.

jim_mcnamara · November 3, 2010, 6:10am

Yes.

You need to provide exact examples of the data and what you expect to end up in the email

iga3725 · November 3, 2010, 6:27am

Hi Jim,

The data added to log file are audit logs on an AIX server, here's an example"

USER_Create user user Wed Nov 03 11:20:17 OK mkuser
israel
USER_Remove user user Wed Nov 03 11:20:20 OK rmuser
israel

The source application is:

/usr/sbin/auditstream | /usr/sbin/auditselect -m -e "event== S_ENVIRON_WRITE || event== USER_Create || event== USER_Remove || event== USER_Change || event== GROUP_Create || event== GROUP_Remove || event== GROUP_Change || event== PASSWORD_Change " | /usr/sbin/auditpr -h elrtRc -t0 -v >> /var/log/logfile

So, the beginning of the file is always any event inside this code.

Thanks
Israel

Chubler_XL · November 3, 2010, 11:42pm

You will need to keep track of the lines already emailed. I nominated /var/log/logfile.notify. Script could be run from cron every Xmins. Note if file is truncated (eg by log rotate) the logfile.notify linecount will need to be updated, otherwise no emails till the log passes the high watermark stored in the notify file.

NOTIFY_FILE=/var/log/logfile.notify
LOGFILE=/var/log/logfile
WHO=root@localhost
LAST=0
[ -f $LOGFILE ] || exit
[ -f $NOTIFY_FILE ] && LAST=$(cat $NOTIFY_FILE)
NOW=$(wc -l $LOGFILE | cut -f1 -d' ')
 
if [ $LAST -lt $NOW ]
then
    ( if [ $LAST -gt 0 ] 
      then
          sed "1,${LAST}d" $LOGFILE
      else
          cat $LOGFILE
      fi ) | mailx -s "New data for $LOGFILE" $WHO
    echo $NOW > $NOTIFY_FILE
fi

iga3725 · November 4, 2010, 5:08am

Hi Chubler,

Look the error it shows when you run the scritp:

user@server: /var/tmp # emailnotify.ksh
emailnotify.ksh[11]: test: 0403-004 Specify a parameter with this command.
Null message body; hope that's ok

If /var/tmp/logfile is empty it always send a blank mail to root. Any idea why?

FYI: I'm running the code on ksh

Really appreciate your help.
Thanks.

---------- Post updated at 04:08 AM ---------- Previous update was at 03:12 AM ----------

well, the issue was logfile.notify needs to have data. I did:

echo 1 >> /var/log/logfile.notify

Now the script is working... thanks a lot!!!

Regards
Israel.

Chubler_XL · November 4, 2010, 9:03pm

Funny the following code should have set LAST to zero if the notify file wasn't there. I tested this before posting. did you modify this part of the code?

LAST=0
[ -f $LOGFILE ] || exit
[ -f $NOTIFY_FILE ] && LAST=$(cat $NOTIFY_FILE)

iga3725 · November 5, 2010, 7:21am

Hi,

No I haven't changed anything.. dis you test your code on ksh? I'm running ksh on AIX.

Thanks