I am trying to create a log watcher, that watches multiple log files on linux, like /var/log/messages and /var/log/secure and writes any new messages to a file. After the two minute interval it will check again and write to a new file, it will then compare the two files and save any messages that were not there before and check that they are not messages that need to be excluded, from the exclude config files and write them to a third file. This third file will then be displayed in a an xterm console window using less, to notify operators of any outstanding problems that need to be reported. I have been using POE::Wheel::FollowTail to monitor multiple files at any one time. This is what I have so far, but I do not know how to compare the two files and write to a third file to be displayed. There will be an xterm window every two minutes for each separate log file alert, if there are any messages that the operators need to take notice of, which the operators can close, with the 'q' key, because I will be using the less command to display the file. I seem to have reached a dead end with the program. Can anybody help please. 
#!/usr/bin/perl
use POE qw/Wheel::FollowTail/;
use strict;
use warnings;
our $filename;
our $output="output";
open(CONFIG_M, "exempt.messages") || die("Could not open file!");
open(CONFIG_S, "exempt.secure") || die("Could not open file!");
my @exempt_messages=<CONFIG_M>;
close(CONFIG_M);
my @exempt_secure=<CONFIG_S>;
close(CONFIG_S);
open(OUTPUT,">>$output") || die("Cannot Open File");
my %logs_to_watch =
  ( secure => "/var/log/secure",
    msg   => "/var/log/messages",
  );

# Start a session to watch the logs.

POE::Session->create
  ( inline_states =>
      { _start => \&begin_watchers,

        # Handle records from each log differently.
        secure_record  => \&secure_got_record,
        msg_record   => \&msg_got_record,

        # Handle log resets and errors the same way for each file.
        log_reset => \&generic_log_reset,
        log_error => \&generic_log_error,
      }
  );

sub begin_watchers {
    my $heap = $_[HEAP];

    while ( my ( $service, $log_file ) = each %logs_to_watch ) {
        my $log_watcher = POE::Wheel::FollowTail->new
          ( Filename => $log_file,
            PollInterval => 120,
            InputEvent => $service . "_record",
            ResetEvent => "log_reset",
            ErrorEvent => "log_error",
          );

        $heap->{services}->{ $log_watcher->ID } = $service;
        $heap->{watchers}->{ $log_watcher->ID } = $log_watcher;
    }
}

# Handle log resets the same way for each file.  Simply recognize that
# the log file was reset.

sub generic_log_reset {
    my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ];

    my $service = $heap->{services}->{$wheel_id};
    print "--- $service log reset at ", scalar(gmtime), " GMT\n";
}

# Handle log errors the same way for each file.  Recognize that an
# error occurred while watching the file, and shut the watcher down.
# If this were a real log watcher, it would periodically try to resume
# watching the log file.

sub generic_log_error {
    my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
      @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];

    my $service = $heap->{services}->{$wheel_id};
    print "--- $service log $operation error $errno: $error_string\n";
    print "--- Shutting down $service log watcher.\n";

    delete $heap->{services}->{$wheel_id};
    delete $heap->{watchers}->{$wheel_id};
}

# Display some interesting things from the messages log.

sub msg_got_record {
    my $log_record = $_[ARG0];
    print "$log_record\n";
    print OUTPUT " $log_record\n";

#system ("xterm less output");
    foreach my $ignored (@exempt_messages) {
        return if $log_record eq $ignored;
    }
}


sub secure_got_record {
    my $log_record = $_[ARG0];
    print "$log_record\n";
    print OUTPUT " $log_record\n";

#system ("xterm | less output");
    foreach my $ignored (@exempt_secure) {
#Not sure how to ignore messages in exempt_secure
#       system ("/bin/grep -v $ignored $log_record
#       return if $log_record eq $ignored;
    }

}

  POE::Kernel->run();
  exit;

[download]

In reply to Log watcher which outputs alerts in xterm windows by wishartz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.