Page 1 of 1

Log file monitoring

Posted: Sat May 05, 2018 8:18 pm
by dcaccount
Hello,
Is there a way to continuously monitor a log file and to trigger an action, for instance send an email, upon detecting any change?

Thnaks,
Dan

Re: Log file monitoring

Posted: Sun May 06, 2018 2:54 am
by droleary
There are many ways to do that. If you want some pre-packaged software to do something specific, please say exactly what it is you wish to accomplish. For example, you might use fail2ban if you want to keep out attackers.

Re: Log file monitoring

Posted: Sun May 06, 2018 1:19 pm
by maurice1
Hi Dan,

Script below checks if a file time stamp has updated in the last 10 minutes and sends an email if it hasn't
Script is called by cron
Is that the sort of thing you are looking for?

Code: Select all

#!/usr/bin/python

import os
from datetime import datetime, timedelta


file_name = "/var/1w_files/test"
file_mod_time = datetime.fromtimestamp(os.stat(file_name).st_mtime)  # This is a datetime.datetime object!
print"file_mod_time", file_mod_time
now = datetime.today()
print"now", now
max_delay = timedelta(minutes=10)
print"max_delay", max_delay
if now-file_mod_time > max_delay:
    print "CRITICAL: {} last modified on {}. Threshold set to {} minutes.".format(file_name, file_mod_time, max_delay.seconds/60)
    os.system ( "echo 1w_Update Problem | mail -s CS450 me@gmail.com" )
else:
    print "OK. Command completed successfully {} minutes ago.".format((now-file_mod_time).seconds/60)

print "########DONE   ##############-"

Re: Log file monitoring

Posted: Mon May 07, 2018 11:06 am
by dcaccount
maurice1 wrote:
Sun May 06, 2018 1:19 pm
Hi Dan,

Script below checks if a file time stamp has updated in the last 10 minutes and sends an email if it hasn't
Script is called by cron
Is that the sort of thing you are looking for?

Code: Select all

#!/usr/bin/python

import os
from datetime import datetime, timedelta


file_name = "/var/1w_files/test"
file_mod_time = datetime.fromtimestamp(os.stat(file_name).st_mtime)  # This is a datetime.datetime object!
print"file_mod_time", file_mod_time
now = datetime.today()
print"now", now
max_delay = timedelta(minutes=10)
print"max_delay", max_delay
if now-file_mod_time > max_delay:
    print "CRITICAL: {} last modified on {}. Threshold set to {} minutes.".format(file_name, file_mod_time, max_delay.seconds/60)
    os.system ( "echo 1w_Update Problem | mail -s CS450 me@gmail.com" )
else:
    print "OK. Command completed successfully {} minutes ago.".format((now-file_mod_time).seconds/60)

print "########DONE   ##############-"
YES!
Thanks a lot,
dan