Hi,
Have written a script to monitor linux non standard log file based on line numbers, so each check store $otalinenum ..
then in next check after 10 minutes it compre the current_total_line_num > last_total_line_num then it will parse the log file from last_total_line_num to current_total_line_num with sed as below
if [ $current_total_line_num -gt $last_total_line_num ]
then
sed -n ''$oldln','$totl'p;'$totl'q' log-file | grep -i shirish
else
grep -i shirish log-file
fi
But here am facing problem if someone truncate the log file or delete some lines from them .. insted normal log rotation then my script parse the entire log file ((with else above)) insted from new updates ..
Please help me with logic to avoid old log alerts when file truncate happen ...
# cat -n log-file
1 a1 shirish abc anf
2 a2 shukla anf
3 a3 shirish anf fd
## After truncate
# cat -n log-file
1 a1 shirish abc anf
2 a3 shirish anf fd
--Shirish Shukla