Hello,
I want to create a script that will grep syslog for an "expression" such as warning. I want it to repeat this script every 5 minutes and only use the last 5 minutes of the syslog in each scan . Can this be done?
Thanks
So far i can grep the syslog and redirect my output to a tmp folder, from there I have another utility that will send flags to my monitoring engine. I have not figured out how to omit the portion of the syslog that has allready been grepped. I thought of the tail command but because I do not know how much data will be written to the log at anyone time, this will not do. Is there a way that grep can read the time stamp of the lines written in the log file, remember the last time stamp and start from that position the next time the script is run?
why don't you 'cache' the total number of lines [nl] after the initial 'grep' and on the next iteration just get the lines from [nl] to the end of the file, caching a [nl].
I appreciate your reply but what you have suggested is beyond me, I am really a UNIX baby and have been handed this project with out much UNIX training.
I am sure that [nl] means something but i do not know what that is. Sorry for my ignorance.
'nl' is just a name of the variable holding the NumberofLines in a file. I've simply outlined the algorithm for ya.
BEGIN {
NL = 0
getline NL <"loglog"
}
FNR<=NL { next }
/Warning/
END { print FNR > "loglog" }
The file "loglog" is used, per Vlad's suggestion, to keep track of
how many lines of syslog have already been scanned.
Save the code as "scanlog.awk" and run with
awk -f scanlog.awk syslog
My thought is to use the grep -n Error /var/adm/syslog/syslog.log.
With this grep output I get the relative line number. Can I use the -n and have grep get data from the last line number. Can i have the line number write its value to a variable and have the script start grep at that number? If I sound confused or none of this makes sense, I apologize in advance