How to grep a log file for the last 5 minutes of contents every 5 minutes in Linux?


Task: Check to see if a particular error message occurs in /var/log/messages and email the contents of the error message every 5 minutes

Lets first break down the task into three parts:

1. Extract contents from the log file for the last 5 minutes.
2. Find the matching error message and email it.
3. Setup a cron task to run this every 5 minutes.

Extract contents from log file for the last 5 minutes

This part is relatively simple. Here’s a one liner that will do that:

awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages

Explanation: Using awk, find messages in the log file that are between the current time and the current time -5 mins.

Find the matching error message and email it

#!/bin/bash
# Usage: checkmessage.sh
# Script that checks for occurrence of error message and email it
#
CHECK=$(awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep -i "Error Message")
CHECKCOUNT=$(awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep -ci "Error Message") 
if [ $CHECKCOUNT -gt 0 ] 
then
   echo $CHECK | /bin/mail -s "$CHECKCOUNT occurrences of the error message has been found in the last 5 minutes" youremail@hotmail.com 
else
   echo "Do nothing" > /dev/null
fi

Explanation: Using script in step 1, define a check that counts the number of occurrences of the error message. If there is more than 0 occurrences, email the contents to designated recipient.

Setup a cron task to run this every 5 minutes

Edit your crontab

crontab -e

Setup a task to run the script every minutes

*/5 * * * * /home/atong/checkmessage.sh

ALL DONE!

Related Posts with Thumbnails