I would like to monitor logfile for specific keyword and send email once detected. I'm trying out the code here, the script is scheduled to run every minute. Everytime it runs, the same log will be detected and send email. Anyway it can be improved to detect only new logs?
tail -f /logfile | while read line ; do
if [[ `echo $line | grep "keyword"` ]]
then
a="`echo $line | grep "keyword"`"
echo $a "detected"
email alert
fi
done
Yes.
The technique is to use:
grep "keyword" /logfile > selection.txt
Then on the next iteration compare the number of occurances of "keyword" in this file with the previous version of the file.
Ps: There is no unix/Linux commad called email .
In the below example when a new record is inserted into "logile" and it contains the "search_for" string then the code between the if/fi will be executed:
search_for="blue"
tail -f /logfile | while read line
do
if [[ $line = @(${search_for}) ]]; then
echo "detected ${search_for}"
email alert
fi
done