Re^2: How can one open a filehandle in realtime or current log

Many thanks for all your wonderful solutions. Although a db solution sounds great but I'm trying to do this solo interacting with our log files. Another thing I may not have mentioned is newer entries of ppl making cert changes would be possible. *** So ultimate outcome would be if someone makes a cert change during the current hr, It will look for a match and if found send out email alert. If nobody makes and cert changes during that hour then all is well. But what happens if another change is made by someone during the hour, I'm trying to avoid the previous match and only print out and alert the newest match. Updated code is below

#!/usr/bin/perl -w
use strict;

my $flag = 0;
my $few = shift || 1;
my $id;
my $newline;
my $partyId;
my $userid;
my $tid;
my $infile;
my @Takeraccounts = ('SCN','CX');
my $mail_dest = 'xxxxx@cx.com';

my %TIME;
  (
    $TIME{SEC},  $TIME{MIN},  $TIME{HOUR}, $TIME{MDAY}, $TIME{MON},
    $TIME{YEAR}, $TIME{WDAY}, $TIME{YDAY}, $TIME{ISDST}
  ) = localtime(time);
my $OLD_MIN=$TIME{MIN};
my $OLD_HOUR=$TIME{HOUR};

my $cmd = "cat /raid/logs/`date +%H`";
my $out_file = "/home/resource/certchange.txt";

open FF, "$cmd |";
open (OUT, ">> $out_file") || die "Cannot open $out_file"; # temp file
+ to which to write the formated output

while (<FF>)
{

        my $line = $_;
        #chomp ($now_time);
        $line =~ s/\n/ /;
        if ( /Updating cert/ .. /,permissions/ ) {
        $newline = "$line";

        if ( $line =~ /Updating cert.*updated by (\w+)/ ) {
        $id = $1;
        }

        if ( $newline =~ /UPDATE_STATE.*id:(\w+).*partyId:(\w+),permis
+sions:/ ) {
        $userid = $1 ; $partyId = $2;
        foreach (@Takeraccounts) {
        if ($partyId =~ /$_/) {
        print  OUT "Certificate cert Updated by $id for userid $userid
+, PartyID $partyId\n";
        open ML, "| mutt -e\"set realname='Support'; set use_from=yes;
+ set from='support\@cx.com'; set envelope_from=yes\" -s ' Alert! cert
+ CHANGED' -i $out_file -- $mail_dest";
        close ML;
                }
        }
}
}
}

close FF;
close (OUT);
unlink $out_file;
[download]

Comment on Re^2: How can one open a filehandle in realtime or current log Download Code

Replies are listed 'Best First'.
Re^3: How can one open a filehandle in realtime or current log by poj (Abbot) on Mar 24, 2016 at 17:49 UTC
It will be set to run in a cron job every minute. Is it important to identify changes and send email within this time period of a minute ? Couldn't you just every hour look at the log for the previous hour ? poj	[reply]
Re^3: How can one open a filehandle in realtime or current log by FreeBeerReekingMonk (Deacon) on Mar 25, 2016 at 22:19 UTC
I have cut down my perlmon to the basics, and here are some ideas you can grab: 1. Use a $RUNFILE that holds in its modification time when it was run last. This way you can compare the modification time of the $IN_FILE, and hopefully skip early because there has been no update. 2. Use an $ERRORSTATE file. Here I have made a modification in that the filesize is the same as the hour you have analized. If not, it is the first encountered error in the current $IN_FILE, and thus, we email. 3. There IS this problem, where you miss out on the logging. 09:59:01 your monitor runs 09:59:50 some error is written to ./logs/09 10:00:01 your monitor runs again, but check ./logs/10 (which probably is empty). If you really just have 24 directories (one for each hour), then you should keep state files for each one of them (and check modification times), maybe tie them to a file (provides persistant data, like a DB, just good enough) Assuming you only have one file in the logs directory, you can get all the files like so: `@CHECK_THESE_FILES = </raid/logs/>;` [download] Here is the minimized code: #!/usr/bin/perl use strict; use warnings; my $HOUR = (localtime(time))[2]; # $HOUR = '0'.$HOUR if $HOUR<10; # make it a 09 instead of 9 my $RUNFILE = "/tmp/minimon.run"; my $ERRORSTATE = "/tmp/minimon.error"; my $lastrun = -f $RUNFILE ? (int( (-M $RUNFILE) 606024) \|\| 1) : 0; +# Seconds ago it has run. (or 1 if less than 1) # touch early to avoid bordercases (we rather check double than not) if(open(FF, ">", $RUNFILE)){ close FF; }else{ warn "Could not open $RUNFILE, $!"; } my $IN_FILE = "/tmp/raid/logs/$HOUR"; if (-f $IN_FILE){ my $fileage = -M $IN_FILE; if($lastrun > $fileage){ print "File $IN_FILE has not been updated, no action"; exitOK(); }else{ # loop through file here and determine exitERROR() or exitOK() } }else{ warn "No RAID files? I expected $IN_FILE"; } my $cmd = "cat /raid/logs/`date +%H`"; my $out_file = "/home/resource/certchange.txt"; sub exitOK{ unlink $ERRORSTATE if -f $ERRORSTATE; exit 0; } sub exitERROR{ if(-f $ERRORSTATE && ( -s $ERRORSTATE eq $HOUR) ){ warn "Already reported an error in $IN_FILE"; return 0; } if(open(ERR, ">", $ERRORSTATE)){ print ERR "." x $HOUR; close ERR; }else{ warn "Could not open ERRORSTATE $ERRORSTATE $!"; } # do email thing here exit 0; } [download]	[reply] [d/l] [select]
Re^3: How can one open a filehandle in realtime or current log by rementis (Beadle) on Mar 24, 2016 at 21:27 UTC
Check out Splunk. If there isn't a ton of data you can probably get by with a free license. It can monitor a log file and send you emails based on rules you create. There are also other log watchers written in perl and whatnot.	[reply]