Task: Check to see if a particular error message occurs in /var/log/messages and email the contents of the error message every 5 minutes
Lets first break down the task into three parts:
1. Extract contents from the log file for the last 5 minutes.
2. Find the matching error message and email it.
3. Setup a cron task to run this every 5 minutes.
Extract contents from log file for the last 5 minutes
This part is relatively simple. Here’s a one liner that will do that:
awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages
Explanation: Using awk, find messages in the log file that are between the current time and the current time -5 mins.
Find the matching error message and email it
#!/bin/bash # Usage: checkmessage.sh # Script that checks for occurrence of error message and email it # CHECK=$(awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep -i "Error Message") CHECKCOUNT=$(awk -v d1="$(date --date="-5 min" "+%b %_d %H:%M")" -v d2="$(date "+%b %_d %H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep -ci "Error Message") if [ $CHECKCOUNT -gt 0 ] then echo $CHECK | /bin/mail -s "$CHECKCOUNT occurrences of the error message has been found in the last 5 minutes" youremail@hotmail.com else echo "Do nothing" > /dev/null fi
Explanation: Using script in step 1, define a check that counts the number of occurrences of the error message. If there is more than 0 occurrences, email the contents to designated recipient.
Setup a cron task to run this every 5 minutes
Edit your crontab
crontab -e
Setup a task to run the script every minutes
*/5 * * * * /home/atong/checkmessage.sh
ALL DONE!