grep only last occurred error in error.log,

Shell Programming and Scripting
1

hi folk i need your help to find one logic....

i have error log same as any other error logs which get populated by no of events and errors...

but i need to grep the last occured errors.. which cant be duplicate.

here is my script.

#!/usr/bin/ksh
grep -i "STOP" $BATE/err.log > /tmp/bbs.lst   --capture error into tmp 
checkFile=/tmp/bbs.lst               
if [ -e $checkFile ]; then        ----if file is not empty 
mailx -s  'errors' XYZ@gmail.com < $checkFile
else
echo "dont worry process is fine" > /tmp/bbr.log   ---throwing into dump 
fi
rm -rf /tmp/bbs.lst       -----removing tmp

====================================

now problem is if i wake up this script every 2 min ,,
i need to check last 2 min errors which is in $BATE/err.log and sending to
/tmp/bbs.lst

suppose if it capture one error at 9:30 pm
after sometime if the script is wakup at 9:32 pm
and find again that same error which occured at 9:30 pm

so i want to capture the errors but dont want to duplicate it..

my err.log format will be something like this one

====================================================

2010-07-09 10:11:07  bb ERROR  250   XX.rm:  PROCESS STOP
2010-07-09 10:12:48  bb ERROR  250   XX.rm:  PROCESS STOP
2010-07-09 12:38:33  bb ERROR  250   XX.rm:  PROCESS STOP
2010-07-09 17:05:02  bb ERROR  250   XX.rm:  PROCESS STOP

can you guys help me in this ???

2

If you're working with Linux, try:

tac err.log | grep -m 1 ERROR

---------- Post updated at 17:30 ---------- Previous update was at 17:28 ----------

I'm not sure if this is what you wanted :wink:

3

No my friend i m just using solaris 9 ,,,,,

4

Hi Tapia, i have done some changes in the script. have not run it, just have given scrached on it. You can made some changes and compile it and it should work

let me explan you the logic. put a dummy time stamp in a temp file as
TIMESTAMPF=/tmp/timestamperr.log //put a dummt time like 00:00:00
next search the erro string from your file, get the last line and the time stamp from it and compare with the time stamp in /tmp/timestamperr.log.
if it matches, then there is no error and if it does not then there is error has occured recently.

I hope you got what i am trying to say.

#!/usr/bin/ksh
TIMESTAMPF=/tmp/timestamperr.log //put a dummt time like 00:00:00
grep -i "STOP" $BATE/err.log > /tmp/bbs.lst --capture error into tmp
checkFile=/tmp/bbs.lst
if [ -e $checkFile ]; then ----if file is not empty
ctimeerr=`tail -1 $checkFile | awk '{ print $2 }'` //get the time stamp for the last occured err string
ptimeerr=`head -1 $TIMESTAMPF` //contain the time stamp , dummy one, once only
if [ $timeerr = $ptimeerr ]
then
echo "dont worry process is fine, no errors occured" > /tmp/bbr.log ---throwing into dump
else
tail -1 $checkFile | awk '{ print $2 }' > $TIMESTAMPF
mailx -s 'errors' XYZ@gmail.com
fi
fi
rm -rf /tmp/bbs.lst -----removing tmp