A script that will only check file if it has been modified since last check

A script that will only check file if it has been modified since last check

Post by LHradow » Thu, 08 May 2003 05:58:06



I have a script that greps the /var/adm/messages file for a pattern, write
it to a file. Then emails me a warning.

The thing is I want to run this regularly, and the messages file is not
rotated regularly. How do I add this to the script that I only want it to
grep the file and email me if there is a new "pattern" not the same
"pattern" from an hour ago, or yesterday.

grep "currently marked as unusable" $ADMSG > $TEMP
grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
if [ -s $TEMP ]
then
        /usr/sbin/pntadm -P 192.168.2 >> $TEMP
fi

#rm -f $TEMP

Yes, a will be installing a logchecker, but for now this is what I have time
for...

 
 
 

A script that will only check file if it has been modified since last check

Post by p.. » Thu, 08 May 2003 06:21:26



Quote:> I have a script that greps the /var/adm/messages file for a pattern, write
> it to a file. Then emails me a warning.
> The thing is I want to run this regularly, and the messages file is not
> rotated regularly. How do I add this to the script that I only want it to
> grep the file and email me if there is a new "pattern" not the same
> "pattern" from an hour ago, or yesterday.
> grep "currently marked as unusable" $ADMSG > $TEMP
> grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
> if [ -s $TEMP ]
> then
>         /usr/sbin/pntadm -P 192.168.2 >> $TEMP
> fi
> #rm -f $TEMP

Install a separate "sink" in syslog.conf, piping to your
pattern-recognition program. Then you don't have to deal
with files at all.

--
Peter H?kanson        
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
           remove "icke-reklam" if you feel for mailing me. Thanx.

 
 
 

A script that will only check file if it has been modified since last check

Post by Derk Gwe » Thu, 08 May 2003 06:29:17


# I have a script that greps the /var/adm/messages file for a pattern, write
# it to a file. Then emails me a warning.
#
# The thing is I want to run this regularly, and the messages file is not
# rotated regularly. How do I add this to the script that I only want it to
# grep the file and email me if there is a new "pattern" not the same
# "pattern" from an hour ago, or yesterday.

One possibility is to capture the length of the file each time, and grep from
there. A script might look like something like this untested code

mv ~/lastLine ~/oldLastLine
        # Where previously read from.
echo N=$(wc -l $ADMSG | awk '{print $1}') > ~/lastLine
        # Save the current file length.
source ~/oldLastLine
        # Get the old file length into a variable
tail -n +$N \
  | egrep 'currently marked as unusable|No more IP addresses on 192.168.2.0 network' \
  > $TEMP
        # Skip the first N lines, and grep for lines from there.
rm ~/oldLastLine
        # Clean up

When the log is rotated, also rest the lastLine file:

echo N=0 >~/lastLine

--
Derk Gwen http://derkgwen.250free.com/html/index.html
We found a loophole; they can't keep us out anymore.

 
 
 

A script that will only check file if it has been modified since last check

Post by Colin McKinno » Thu, 08 May 2003 06:49:39



> The thing is I want to run this regularly, and the messages file is not
> rotated regularly. How do I add this to the script that I only want it
> to grep the file and email me if there is a new "pattern" not the same
> "pattern" from an hour ago, or yesterday.

Go on L, give us a clue; what you running? More specifically - how do
you're logs get rotated - 'cos unless you do something very clever with
serializing log entries or parsing datestamps, the only way you're going
to get what you want is to tie it in to the log rotation (which is by far
the easiest option).

The four products I've used to do this all include facility for pre & post
rotate scripting.

Looking at your blunderbuss posting, I guess you must be running solaris
or SunOS... so that would be newsyslog - which (assuming it's a port of
BSD newsyslog - a shell script) can easily be amended to call your own
code before or after. See
http://www.cert.org/security-improvement/implementations/i041.09.html for
more info.

Alternatively use the wonderful GPL logrotate program on a Linux
distribution source CD near you (RedHat and Debian have it anyway).

Take some time out to read
http://www.catb.org/~esr/faqs/smart-questions.html

HTH

Colin

 
 
 

A script that will only check file if it has been modified since last check

Post by Dr Ow » Thu, 08 May 2003 08:47:27


On Tue, 6 May 2003 15:58:06 -0500, "LHradowy"


>I have a script that greps the /var/adm/messages file for a pattern, write
>it to a file. Then emails me a warning.

>The thing is I want to run this regularly, and the messages file is not
>rotated regularly. How do I add this to the script that I only want it to
>grep the file and email me if there is a new "pattern" not the same
>"pattern" from an hour ago, or yesterday.

>grep "currently marked as unusable" $ADMSG > $TEMP
>grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
>if [ -s $TEMP ]
>then
>        /usr/sbin/pntadm -P 192.168.2 >> $TEMP
>fi

>#rm -f $TEMP

>Yes, a will be installing a logchecker, but for now this is what I have time
>for...

diff $ADMSG ADMSG.OLD | grep > $TEMP
...
cat $ADMSG >  ADMSG.OLD

how about a simple aproch

do a diff of "old version" to new so you only get new lines...
save the new "old version" for next time you do the diff

 
 
 

A script that will only check file if it has been modified since last check

Post by Thomas Inse » Thu, 08 May 2003 08:57:36




>The thing is I want to run this regularly, and the messages file is not
>rotated regularly. How do I add this to the script that I only want it to
>grep the file and email me if there is a new "pattern" not the same
>"pattern" from an hour ago, or yesterday.

Keep track of the line you've last read, and reset it as
part of your log rotate script.

Or, very roughly:

    mv messages.old messages.older
    cp messages messages.old
    diff messages.old messages.older | program_that_checks_stuff

I think this might even automagically deal with log
rotation.

Tom

 
 
 

A script that will only check file if it has been modified since last check

Post by Dr Ow » Thu, 08 May 2003 09:04:47


On Wed, 07 May 2003 00:47:27 +0100, Dr Owl


>On Tue, 6 May 2003 15:58:06 -0500, "LHradowy"

>>I have a script that greps the /var/adm/messages file for a pattern, write
>>it to a file. Then emails me a warning.

>>The thing is I want to run this regularly, and the messages file is not
>>rotated regularly. How do I add this to the script that I only want it to
>>grep the file and email me if there is a new "pattern" not the same
>>"pattern" from an hour ago, or yesterday.

>>grep "currently marked as unusable" $ADMSG > $TEMP
>>grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
>>if [ -s $TEMP ]
>>then
>>        /usr/sbin/pntadm -P 192.168.2 >> $TEMP
>>fi

>>#rm -f $TEMP

>>Yes, a will be installing a logchecker, but for now this is what I have time
>>for...

>diff $ADMSG ADMSG.OLD | grep > $TEMP
>...
>cat $ADMSG >  ADMSG.OLD

>how about a simple aproch

>do a diff of "old version" to new so you only get new lines...
>save the new "old version" for next time you do the diff

sorry make more sence to

...

diff $TEMP $TEMP.OLD | grep > $TEMP2

...
cat $TEMP > $TEMP.OLD

 
 
 

A script that will only check file if it has been modified since last check

Post by John Prathe » Sat, 10 May 2003 08:08:33


Quote:>grep "currently marked as unusable" $ADMSG > $TEMP
>grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
>if [ -s $TEMP ]
>then
>        /usr/sbin/pntadm -P 192.168.2 >> $TEMP
>fi

>#rm -f $TEMP

cp $TEMP $TEMP.last

grep "currently marked as unusable" $ADMSG > $TEMP
grep "No more IP addresses on 192.168.2.0 network" $ADMSG >> $TEMP
if [ -s $TEMP ]
then
  diff $TEMP $TEMP.last > /dev/null 2> /dev/null
  if [ $? != "0" ]
  then

    # or use your pntadm if that was your notification
  fi
fi

or similar should do the trick.

You will always have $TEMP and $TEMP.last (if you delete, you will get a
message about all the messages in your log again and the $TEMP's will be
recreated.)

The diff verifies that files differed from last check or were
nonexistant before a notification is sent out.

 
 
 

1. How to check if a file is modified in the last hour in ksh?

Yusuf> I would like to check if a file has been modified within the last hour
Yusuf> using ksh (any builtin functions) or any external unix commands (find,
Yusuf> ls?) inside a ksh script.

if perl -e 'exit -M $ARGV[0] >= 1/24' $somefile
then
        : yes
else
        : no
fi

print "Just another Perl hacker,"
--
Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095

phrase: "Welcome to Portland, Oregon ... home of the California Raisins!"

2. dumb terminal

3. 2.3 install check script doesn't check

4. How to get maximum performance with UDP

5. Need a script to check & count entires for last 7 days in logs

6. new on Ultrix... need help getting around

7. How do I write a script to check last login??

8. Toshiba monitor refresh rates

9. cvs check out problems..cannot check out files into the repository itself.

10. checking is last file in a listing

11. Last-modify time on directories containing modified files

12. Checking last access time for a file?

13. having apache give the last-modified date?