Grep a pattern & Email from latest logs

vivekn · November 15, 2017, 6:00am

MyLOG:

2017/11/12 17:01:54.600 : Error: LPID: 3104680848  WRONG CRITERIA FOUND. tRealBuilder::Generate

Output Required:

If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us
once mailed wait for 2 hours for second mail.

mail subject like " WRONG CRITERIA FOUND" in Logs.

is it possible through script or any monitoring tool we can use for real time log monitoring.

OS : Red Hat Enterprise Linux Server release 6.8 (Santiago)

i tried script given below:

tail -fn0 logfile | \
while read line ; do
        echo "$line" | grep "pattern"
        if [ $? = 0 ]
        then
                ... do something ...
        fi
done

but it doesnot fullfill my requirement.

rbatte1 · November 15, 2017, 6:22am

Hello vivekn,

I'm sure it is a good start at this, but what actually goes wrong? Does it fail to send mail, fail to detect the line, or something else?

If the log file is updated a lot, you are also firing up multiple sub-process for each line written to it. Could you do something more economical like:-

pattern="WRONG CRITERIA FOUND"

tail -fn0 logfile | \
 grep "$pattern" | \
  while read line
  do
      .... do something ...
  done

In bash you could maybe try the neater:-

pattern="WRONG CRITERIA FOUND"

while read line
do
   ... do something ...
done < <(tail -fn0 logilfe | grep "$pattern")

vivekn · November 15, 2017, 6:36am

there is log file rotation , a new file created in every half n hour with time stamp.

RudiC · November 15, 2017, 7:57am

Did you consider the -F (upper case!) option to tail to deal with the log file rotation?
And, your code snippet - although not too logical nor efficient - doesn't seem "wrong". So please answer rbatte1's question - WHAT doesn't do what you want? Did you try the proposals in the thread from which you borrowed your code?