How can one open a filehandle in realtime or current log

new2perl2016 has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: How can one open a filehandle in realtime or current log by BrowserUk (Patriarch) on Mar 16, 2016 at 19:53 UTC
avoid getting repeated emails until the hour changes. To meet those requirements: To avoid "getting repeat emails", you need to avoid asking for files that will include repeat emails. And to do that, that is, to get nothing "until the hour changes", you would need to know what the last hour you processed was. In order to do that you would need to store the hour that you last processed. There are several ways you might do that: Store it in the filesystem: In a file. Create a file containing the hour that you last processed before your script exits; and re-read that file at the start of each run of the script, and use that in place of your backticked call to date. Store it as a filename. Ie. Create a file in a known place with a name (say) '%hour%.last', that you can use to obtain the last hour processed; and use that in place of your backticked call to date. Store the hour in an environment variable. And use that in place of your backticked call to date. Update:Thinking about it, the latter won't work unless you can arrange for the next instantiation of the script to get the modified environment rather its predecessor's inherited environment; which probably isn't the case. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :) In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]
Re^2: How can one open a filehandle in realtime or current log by Laurent_R (Canon) on Mar 16, 2016 at 23:33 UTC
It could also be stored in a database (which is in a way just another way of storing it in the file system). I sort of hate to say that, because I am often getting a bit angry when I see other monks suggesting a database approach for cases where I think it would not work properly (for example, database access is often 2 to 3 (or more) orders of magnitude slower than hashes, so that suggestion to use databases instead of hashes are often ill-advised IMHO), but, here, this is something completely different, it is just a matter of making one single piece of data available to a program. As for environment variables, yes, it would probably not work if the Perl program environment is abandoned, but there might be some ways of doing thing where you could keep the current environment, for example if the next instance of the script is launched by the last one (with a proper delay, sleep time, or some other way to control launch time). This may seem not very robust, but we are using something like that on a group of 7 VMS platforms. VMS does not have a cron tab, but has a queue system on which you can submit a job on a given future date. We have a crucial daily process to update our replicated databases with the production data every night. The process does the required update work and then submits the next execution for the next day, passing appropriate parameters. This actually works fairly well. We just need not to forget to update the whole shebang when we fiddle with the process or when a reboot occurs. Our use case is quite different from the OP's, but it might still be the idea of a possible solution.	[reply]
Re^3: How can one open a filehandle in realtime or current log by BrowserUk (Patriarch) on Mar 17, 2016 at 00:02 UTC
yes, it would probably not work if the Perl program environment is abandoned ... He did say: "It will be set to run in a cron job every minute.". It could also be stored in a database ... Agreed. (Though I did say "There are several ways" and mentioned 3, then dismissed one; not 'there are only 3 ways".) He might also (for example): Create a shared memory segment; Or a registry key; Or a registry value; Or any other persistent namespace that applies to whatever OS he is running under. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :) In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]
Re: How can one open a filehandle in realtime or current log by 1nickt (Canon) on Mar 17, 2016 at 00:31 UTC
forgot to mention i can't use any cpan mods like File::Tail Yes you can: see local::lib, Perlbrew, CPAN install guide, etc. Or you can just copy and paste code into your own files, for example `perl-email-sendonce` from this public archive ... The way forward always starts with a minimal test.	[reply] [d/l]
Re^2: How can one open a filehandle in realtime or current log by new2perl2016 (Novice) on Mar 24, 2016 at 17:27 UTC
Many thanks for all your wonderful solutions. Although a db solution sounds great but I'm trying to do this solo interacting with our log files. Another thing I may not have mentioned is newer entries of ppl making cert changes would be possible. *** So ultimate outcome would be if someone makes a cert change during the current hr, It will look for a match and if found send out email alert. If nobody makes and cert changes during that hour then all is well. But what happens if another change is made by someone during the hour, I'm trying to avoid the previous match and only print out and alert the newest match. Updated code is below #!/usr/bin/perl -w use strict; my $flag = 0; my $few = shift \|\| 1; my $id; my $newline; my $partyId; my $userid; my $tid; my $infile; my @Takeraccounts = ('SCN','CX'); my $mail_dest = 'xxxxx@cx.com'; my %TIME; ( $TIME{SEC}, $TIME{MIN}, $TIME{HOUR}, $TIME{MDAY}, $TIME{MON}, $TIME{YEAR}, $TIME{WDAY}, $TIME{YDAY}, $TIME{ISDST} ) = localtime(time); my $OLD_MIN=$TIME{MIN}; my $OLD_HOUR=$TIME{HOUR}; my $cmd = "cat /raid/logs/`date +%H`"; my $out_file = "/home/resource/certchange.txt"; open FF, "$cmd \|"; open (OUT, ">> $out_file") \|\| die "Cannot open $out_file"; # temp file + to which to write the formated output while (<FF>) { my $line = $_; #chomp ($now_time); $line =~ s/\n/ /; if ( /Updating cert/ .. /,permissions/ ) { $newline = "$line"; if ( $line =~ /Updating cert.updated by (\w+)/ ) { $id = $1; } if ( $newline =~ /UPDATE_STATE.id:(\w+).*partyId:(\w+),permis +sions:/ ) { $userid = $1 ; $partyId = $2; foreach (@Takeraccounts) { if ($partyId =~ /$_/) { print OUT "Certificate cert Updated by $id for userid $userid +, PartyID $partyId\n"; open ML, "\| mutt -e\"set realname='Support'; set use_from=yes; + set from='support\@cx.com'; set envelope_from=yes\" -s ' Alert! cert + CHANGED' -i $out_file -- $mail_dest"; close ML; } } } } } close FF; close (OUT); unlink $out_file; [download]	[reply] [d/l]
Re^3: How can one open a filehandle in realtime or current log by poj (Abbot) on Mar 24, 2016 at 17:49 UTC
It will be set to run in a cron job every minute. Is it important to identify changes and send email within this time period of a minute ? Couldn't you just every hour look at the log for the previous hour ? poj	[reply]
Re^3: How can one open a filehandle in realtime or current log by FreeBeerReekingMonk (Deacon) on Mar 25, 2016 at 22:19 UTC
I have cut down my perlmon to the basics, and here are some ideas you can grab: 1. Use a $RUNFILE that holds in its modification time when it was run last. This way you can compare the modification time of the $IN_FILE, and hopefully skip early because there has been no update. 2. Use an $ERRORSTATE file. Here I have made a modification in that the filesize is the same as the hour you have analized. If not, it is the first encountered error in the current $IN_FILE, and thus, we email. 3. There IS this problem, where you miss out on the logging. 09:59:01 your monitor runs 09:59:50 some error is written to ./logs/09 10:00:01 your monitor runs again, but check ./logs/10 (which probably is empty). If you really just have 24 directories (one for each hour), then you should keep state files for each one of them (and check modification times), maybe tie them to a file (provides persistant data, like a DB, just good enough) Assuming you only have one file in the logs directory, you can get all the files like so: `@CHECK_THESE_FILES = </raid/logs/>;` [download] Here is the minimized code: #!/usr/bin/perl use strict; use warnings; my $HOUR = (localtime(time))[2]; # $HOUR = '0'.$HOUR if $HOUR<10; # make it a 09 instead of 9 my $RUNFILE = "/tmp/minimon.run"; my $ERRORSTATE = "/tmp/minimon.error"; my $lastrun = -f $RUNFILE ? (int( (-M $RUNFILE) 606024) \|\| 1) : 0; +# Seconds ago it has run. (or 1 if less than 1) # touch early to avoid bordercases (we rather check double than not) if(open(FF, ">", $RUNFILE)){ close FF; }else{ warn "Could not open $RUNFILE, $!"; } my $IN_FILE = "/tmp/raid/logs/$HOUR"; if (-f $IN_FILE){ my $fileage = -M $IN_FILE; if($lastrun > $fileage){ print "File $IN_FILE has not been updated, no action"; exitOK(); }else{ # loop through file here and determine exitERROR() or exitOK() } }else{ warn "No RAID files? I expected $IN_FILE"; } my $cmd = "cat /raid/logs/`date +%H`"; my $out_file = "/home/resource/certchange.txt"; sub exitOK{ unlink $ERRORSTATE if -f $ERRORSTATE; exit 0; } sub exitERROR{ if(-f $ERRORSTATE && ( -s $ERRORSTATE eq $HOUR) ){ warn "Already reported an error in $IN_FILE"; return 0; } if(open(ERR, ">", $ERRORSTATE)){ print ERR "." x $HOUR; close ERR; }else{ warn "Could not open ERRORSTATE $ERRORSTATE $!"; } # do email thing here exit 0; } [download]	[reply] [d/l] [select]
Re^3: How can one open a filehandle in realtime or current log by rementis (Beadle) on Mar 24, 2016 at 21:27 UTC
Check out Splunk. If there isn't a ton of data you can probably get by with a free license. It can monitor a log file and send you emails based on rules you create. There are also other log watchers written in perl and whatnot.	[reply]