in reply to How can one open a filehandle in realtime or current log

forgot to mention i can't use any cpan mods like File::Tail

Yes you can: see local::lib, Perlbrew, CPAN install guide, etc. Or you can just copy and paste code into your own files, for example perl-email-sendonce from this public archive ...


The way forward always starts with a minimal test.

Replies are listed 'Best First'.
Re^2: How can one open a filehandle in realtime or current log
by new2perl2016 (Novice) on Mar 24, 2016 at 17:27 UTC

    Many thanks for all your wonderful solutions. Although a db solution sounds great but I'm trying to do this solo interacting with our log files. Another thing I may not have mentioned is newer entries of ppl making cert changes would be possible. *** So ultimate outcome would be if someone makes a cert change during the current hr, It will look for a match and if found send out email alert. If nobody makes and cert changes during that hour then all is well. But what happens if another change is made by someone during the hour, I'm trying to avoid the previous match and only print out and alert the newest match. Updated code is below

    #!/usr/bin/perl -w
use strict;

my $flag = 0;
my $few = shift || 1;
my $id;
my $newline;
my $partyId;
my $userid;
my $tid;
my $infile;
my @Takeraccounts = ('SCN','CX');
my $mail_dest = 'xxxxx@cx.com';

my %TIME;
  (
    $TIME{SEC},  $TIME{MIN},  $TIME{HOUR}, $TIME{MDAY}, $TIME{MON},
    $TIME{YEAR}, $TIME{WDAY}, $TIME{YDAY}, $TIME{ISDST}
  ) = localtime(time);
my $OLD_MIN=$TIME{MIN};
my $OLD_HOUR=$TIME{HOUR};

my $cmd = "cat /raid/logs/`date +%H`";
my $out_file = "/home/resource/certchange.txt";

open FF, "$cmd |";
open (OUT, ">> $out_file") || die "Cannot open $out_file"; # temp file
+ to which to write the formated output

while (<FF>)
{

        my $line = $_;
        #chomp ($now_time);
        $line =~ s/\n/ /;
        if ( /Updating cert/ .. /,permissions/ ) {
        $newline = "$line";

        if ( $line =~ /Updating cert.*updated by (\w+)/ ) {
        $id = $1;
        }

        if ( $newline =~ /UPDATE_STATE.*id:(\w+).*partyId:(\w+),permis
+sions:/ ) {
        $userid = $1 ; $partyId = $2;
        foreach (@Takeraccounts) {
        if ($partyId =~ /$_/) {
        print  OUT "Certificate cert Updated by $id for userid $userid
+, PartyID $partyId\n";
        open ML, "| mutt -e\"set realname='Support'; set use_from=yes;
+ set from='support\@cx.com'; set envelope_from=yes\" -s ' Alert! cert
+ CHANGED' -i $out_file -- $mail_dest";
        close ML;
                }
        }
}
}
}

close FF;
close (OUT);
unlink $out_file;

    [download]
[reply]
[d/l]
      It will be set to run in a cron job every minute.

      Is it important to identify changes and send email within this time period of a minute ? Couldn't you just every hour look at the log for the previous hour ?

      poj
[reply]
      I have cut down my perlmon to the basics, and here are some ideas you can grab:

      1. Use a $RUNFILE that holds in its modification time when it was run last. This way you can compare the modification time of the $IN_FILE, and hopefully skip early because there has been no update.

      2. Use an $ERRORSTATE file. Here I have made a modification in that the filesize is the same as the hour you have analized. If not, it is the first encountered error in the current $IN_FILE, and thus, we email.

      3. There IS this problem, where you miss out on the logging.

      09:59:01 your monitor runs
      09:59:50 some error is written to ./logs/09
      10:00:01 your monitor runs again, but check ./logs/10 (which probably is empty).

      If you really just have 24 directories (one for each hour), then you should keep state files for each one of them (and check modification times), maybe tie them to a file (provides persistant data, like a DB, just good enough)

      Assuming you only have one file in the logs directory, you can get all the files like so: 

      @CHECK_THESE_FILES = </raid/logs/*>;

      [download]

      Here is the minimized code:

      #!/usr/bin/perl
use strict;
use warnings;


my $HOUR = (localtime(time))[2];
# $HOUR = '0'.$HOUR if $HOUR<10; # make it a 09 instead of 9

my $RUNFILE = "/tmp/minimon.run";
my $ERRORSTATE = "/tmp/minimon.error";

 
my $lastrun = -f $RUNFILE ? (int( (-M $RUNFILE) *60*60*24) || 1) : 0; 
+# Seconds ago it has run. (or 1 if less than 1) 

# touch early to avoid bordercases (we rather check double than not)
if(open(FF, ">", $RUNFILE)){
    close FF;
}else{
    warn "Could not open $RUNFILE, $!";
}

my $IN_FILE = "/tmp/raid/logs/$HOUR";

if (-f $IN_FILE){
    my $fileage = -M $IN_FILE;
    if($lastrun > $fileage){
        print "File $IN_FILE has not been updated, no action";
        exitOK();
    }else{
        # loop through file here and determine exitERROR() or exitOK()
    }
}else{
    warn "No RAID files? I expected $IN_FILE";
}

my $cmd = "cat /raid/logs/`date +%H`";
my $out_file = "/home/resource/certchange.txt";

sub exitOK{
    unlink $ERRORSTATE if -f $ERRORSTATE;
    exit 0;
}

sub exitERROR{
    if(-f $ERRORSTATE && ( -s $ERRORSTATE eq $HOUR) ){
        warn "Already reported an error in $IN_FILE";
        return 0;
    }
    if(open(ERR, ">", $ERRORSTATE)){
        print ERR "." x $HOUR;
        close ERR;
    }else{
        warn "Could not open ERRORSTATE $ERRORSTATE $!";
    }
    # do email thing here 
    exit 0;
}

      [download]
[reply]
[d/l]
[select]
      Check out Splunk. If there isn't a ton of data you can probably get by with a free license. It can monitor a log file and send you emails based on rules you create. There are also other log watchers written in perl and whatnot.
[reply]

In Section Seekers of Perl Wisdom