I wrote this script a while back to automate watching our logs.
I don't even know if it still works, but I figured I'd post it here. It may be helpful to someone.
#!/bin/sh
###########################################################
# Log alert file, by Luke MacNeil. 11/09/2005
# This script is meant to be called from cron to monitor
# at whatever interval you like.
# Summary of features.
#
# checklog reports all new log file entries since its last run.
# it uses a tmp file to hold its history. the tmp file is specified
# by an argument.
#
# usage= checklog /path/to/logfile /path/to/tmpfile
# ex. checklog /var/log/syslog /tmp/syslog.tmp
#
# checkdisk reports the status of the disk -
# usage= call with no arguments.
#
###########################################################
#Initalize Variables
###########################################################
# Path and name of the temporary file used to send the system report
REPORTLOG=/tmp/report.log
# Set the hostname
HOSTNAME=`hostname`
# The subject line that will be mailed to you
SUBJECT="Status report for $HOSTNAME"
# The sender that will be mailed to you
FROM="Automated Reporting System"
BREAKER="-------------------------------------------------------------------------"
TODAY=`date` #today's date.
###########################################################
touch $REPORTLOG #Create temporary report file.
###########################################################
#Actual log checking function, works on 3 parameters space delimted
###########################################################
checklog(){
LOGFILE=$1 #Argument 1
TMPFILE=$2 #Argument 2
# Grabs the number of lines from the log
CURRENTCOUNT=`awk 'END { print NR }' $LOGFILE`
echo ""
echo "Preparing System Log Differential Report for $LOGFILE"
# If tmp file doesnt exist create it.
# If it does, get the previous count.
if [ -f $TMPFILE ]
then
TMPCOUNT=`cat $TMPFILE`
else
echo "Creating Temp File $TMPFILE"
echo "$CURRENTCOUNT" > $TMPFILE
TMPCOUNT=`cat $TMPFILE`
fi
###Compare counts.
echo "Comparing...."
echo "Old Count = $TMPCOUNT"
echo "New Count = $CURRENTCOUNT"
if [ $TMPCOUNT -eq $CURRENTCOUNT ]
then
echo "Nothing to report."
echo ""
else
if [ $TMPCOUNT -lt $CURRENTCOUNT ]
then
echo "Old Count is Less than the Current Count"
echo "Reporting new entries"
DIFFERENCE=`expr $CURRENTCOUNT - $TMPCOUNT` # Get the difference between counts.
NEWENTRIES="`tail -$DIFFERENCE $LOGFILE`" # Grab the new lines from the log.
echo "Date: $TODAY" >> $REPORTLOG
echo "Hostname: $HOSTNAME" >> $REPORTLOG
echo $BREAKER >> $REPORTLOG
echo "$LOGFILE Report" >> $REPORTLOG
echo "$NEWENTRIES" | sed G >> $REPORTLOG
echo $BREAKER >> $REPORTLOG
echo $CURRENTCOUNT > $TMPFILE #rewrite the tempfile to reflect the changes.
echo ""
fi
fi
}
checkdisk(){
df -k >> $REPORTLOG
}
############################################################
# Run the function on these different log files. Include 3 parameters.
# ex. chklog /path/to/log /path/to/tmpfile $REPORTLOG
# This is the section you want to modify if your adding/removing
# logs to monitor.
############################################################
checklog /var/log/syslog /tmp/syslog.tmp
checklog /var/adm/messages /tmp/messages.tmp
checklog /opt/SUNWwbsvr/https-bigadmin/logs/access /tmp/webaccess.tmp
checkdisk
#############################################################
# Mail the reported results
#############################################################
### Adjust to send/mail to who is needed (root by default)
cat $REPORTLOG | mailx -r "$FROM" -s "$SUBJECT" root
echo "Report sent to root"
#############################################################
# Clean up report file.
#############################################################
rm $REPORTLOG
Recent Comments