HI
I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work.
if [ $(grep -e "unable to start service" /var/log/spamd.log) = 1 ] ; then mail -s " pls check server IP 203.185.XXX>XXX" agnello.dsouza@gmail.com fi
Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases.
Your inputs will be of great help
On Tue, Mar 4, 2008 at 3:39 AM, Agnello George agnello.dsouza@gmail.com wrote:
HI
I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work.
if [ $(grep -e "unable to start service" /var/log/spamd.log) = 1 ] ; then mail -s " pls check server IP 203.185.XXX>XXX" agnello.dsouza@gmail.com fi
You are almost there. For synchronous emailing you will need to un the script as a daemon. Have a look at this blog post for more details
http://www.johnandcailin.com/blog/john/how-setup-real-time-email-notificatio...
regards VK
Hey Agnello, Why dont you compile all your quires you got resolved at the lug mailing list, i am sure it would make a good system administrators FAQ :) Maybe a wiki even...
On 3/4/08, gaurav chaturvedi gaurav.p.chaturvedi@gmail.com wrote:
Hey Agnello, Why dont you compile all your quires you got resolved at the lug mailing list, i am sure it would make a good system administrators FAQ :) Maybe a wiki even...
i add what ever i can to my blog !! :-) www.linux-vashi.blogspot.com
On 3/4/08, vivek khurana mailing.vivek@gmail.com wrote:
On Tue, Mar 4, 2008 at 3:39 AM, Agnello George agnello.dsouza@gmail.com wrote:
HI
I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work.
if [ $(grep -e "unable to start service" /var/log/spamd.log) = 1 ] ;
then
mail -s " pls check server IP 203.185.XXX>XXX" agnello.dsouza@gmail.com fi
You are almost there. For synchronous emailing you will need to un the script as a daemon. Have a look at this blog post for more details
http://www.johnandcailin.com/blog/john/how-setup-real-time-email-notificatio...
I finally came up with my own script to do this
#!/bin/sh -x
if [ $(tac /var/log |grep -e "error: syswrite()" | wc -l ) = 0 ] ; then exit 1 else echo "your mailserver is down" |mail -s " pls check server ip 216.185.xxx.xxx " agnello.dsouza@gmail.com fi then i add a crontab to run for ever 10 min
crontab -e 10 * * * * /your/location/of/script
if there is an easier way.... kindly tell me !!!
Thanks for all the help
A small correction from my previous mail
the script will be as follows !!
#!/bin/sh -x if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ; then exit 1 else echo "your mailserver is down" |mail -s " pls check server ip 216.185.xxx.xxx " agnello.dsouza@gmail.com fi
then i add a crontab to run for ever 10 min crontab -e */10 * * * * /your/location/of/script "
On Fri, Mar 7, 2008 at 5:25 PM, Agnello George agnello.dsouza@gmail.com wrote:
if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ; then
You might lots of false alarms because of that. Dont grep for "error" in general. Grep for a more specific expression that is unique to the error you are looking for.
[ grep "unique expression" /tmp/agnello .....
Regards, NMK.
On 3/7/08, Nadeem M. Khan nadeem.m.khan@gmail.com wrote:
On Fri, Mar 7, 2008 at 5:25 PM, Agnello George agnello.dsouza@gmail.com wrote:
if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ; then
You might lots of false alarms because of that. Dont grep for "error" in general. Grep for a more specific expression that is unique to the error you are looking for.
[ grep "unique expression" /tmp/agnello .....
Thanks for the tip!!
On Fri, Mar 7, 2008 at 7:07 PM, Agnello George agnello.dsouza@gmail.com wrote:
On 3/7/08, Nadeem M. Khan nadeem.m.khan@gmail.com wrote:
On Fri, Mar 7, 2008 at 5:25 PM, Agnello George <agnello.dsouza@gmail.com
wrote:
if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ;
then
You might lots of false alarms because of that. Dont grep for "error" in general. Grep for a more specific expression that is unique to the error you are looking for.
[ grep "unique expression" /tmp/agnello .....
Thanks for the tip!!
Actually, if I can start from the first mail, then there is something called 'event correlation', which I believe you are actually looking out for. There are opensource tools like logsurfer and SEC (Simple-Event Correlator) (ofcourse there are other Enterprise versions like splunk etc..), which are basically implemented in perl .
I like logsurfer for its simplicity but SEC has few advantages over SEC in few contexts. Try it if you are looking for more than extending your scripts . (My policy: Never reinvent the wheel)
Regards, Nikhil
On Fri, Mar 7, 2008 at 7:32 PM, Nikhil mnikhil@gmail.com wrote:
On Fri, Mar 7, 2008 at 7:07 PM, Agnello George agnello.dsouza@gmail.com wrote:
On 3/7/08, Nadeem M. Khan nadeem.m.khan@gmail.com wrote:
On Fri, Mar 7, 2008 at 5:25 PM, Agnello George <
agnello.dsouza@gmail.com>
wrote:
if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ;
then
You might lots of false alarms because of that. Dont grep for "error" in general. Grep for a more specific expression that is unique to the error you are looking for.
[ grep "unique expression" /tmp/agnello .....
Thanks for the tip!!
Actually, if I can start from the first mail, then there is something called 'event correlation', which I believe you are actually looking out for. There are opensource tools like logsurfer and SEC (Simple-Event Correlator) (ofcourse there are other Enterprise versions like splunk etc..), which are basically implemented in perl .
I like logsurfer for its simplicity but SEC has few advantages over SEC in few contexts. Try it if you are looking for more than extending your scripts . (My policy: Never reinvent the wheel)
Regards, Nikhil
let me know if you need any startup help with the sec or the logsurfer...
-
Agnello George -
gaurav chaturvedi -
Nadeem M. Khan -
Nikhil -
vivek khurana