2

I have a log file that occasionally has critical errors. Each time a critical error occurs, I'd like to have an email sent to myself notifying me of the change. Is there a unix tool / set of unix tools I can adapt for this purpose?

What I thought of doing was

tail -f logfile | grep CRITICAL > critical.errors
watch tail critical.errors   # And somehow, email on changes. 

However, the watch command doesn't take an action. So ... is there something like 'watch' that does. Or perhaps a good existing script that will do this? I can homebrew a bash/python solution, but I'd rather reuse existing tools for cleaner error handling, etc.

bsdfish
  • 123
  • 4

1 Answers1

5

Try IWatch - it's a perl script based on inotify that does just what you need:

http://sourceforge.net/projects/iwatch/

You can also roll your own with inotify-tools, in particular inotifywait. Modifying example #2 from that page (untested):

#!/bin/sh
file=logfile
cp $file $file.last
while true; do
  EVENT=$(inotifywait --format '%e' $file)
  [ $? != 0 ] && exit
  [ "$EVENT" = "MODIFY" ] && ( diff $file $file.last | mail ... ) && cp $file $file.last
done

You could also keep a byte/line counter and only mail the new bytes/lines, but using diff is simpler. It could cause performance issues if the file gets big and changes constantly though.

Eduardo Ivanec
  • 14,531
  • 1
  • 35
  • 42