Send email alert on log file entry?

Posted on

Send email alert on log file entry? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Send email alert on log file entry? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, email, log-files, alerts, .

Under Linux, what’s a simple way to automatically watch a logfile, and email me if a certain string appears? I have an application that will log certain failures to a logfile, but has no built-in way of sending alerts or executing scripts on failure. I suppose I could rig something up with tail -f and some shell scripts, but I’d rather use an existing maintained tool if it exists.

I checked out several of the options mentioned on this page, and ended up using something far simpler: swatch.

Those other systems are great for dealing with existing system logs, or with software where you don’t have control over the output. I just didn’t want to write a bunch of code to do email notifications just yet. So I just created a swatch file like this:

watchfor /./
    mail addresses=me@example.com:other@example.com,subject=log_alert

And then started it up with

swatch -c send-me-everything.swatch -t /my/app/urgentevents

It’s crude, but since I control the logfile output, I don’t need anything more complicated yet.

Before we went to a heavyweight solution (Zenoss) we used to use logcheck which is a part of Debian but can easily be ported to other distros as well. I was using it on Gentoo. Distros like RHEL come with logwatch, which does something similar.

The best way is to use a log analysis program.

OSSEC, for example, is free/open source and allows you to watch as many log files as you want and to generate email alerts (or even active responses) for certain events.

Link: http://www.ossec.net

I know, hacking a shell script is fun, but way less stable than a mature program being developed for years. Plus, if in the future you need to extend your script or add more triggers, it becomes way more complicated. OSSEC (and other tools) have this framework done for you.

LoFiMo (Log File Monitor) on Sourceforge should get you started or
NuHe might work, but I am less familiar with it.

Incoming search terms:

  • Script to Send Email Alert log file

Leave a Reply

Your email address will not be published.