Help: Program to read from EOR end of last read?

[snoopy_]

Hello,
I am looking for a way to look at a log from the last time I've read
it and look for a specific string. For example, I have a logfile
called /var/adm/messages, and I am looking for an error string like
"ERROR: Loss of sync"

I know how to open the log and search for the error, but I want to
avoid reporting the same error multiple times. For instance, if I find
an error at 01:00 AM and send a page to a support team, when the
program/script runs every 10 minutes, I don't want to page again if I
already alerted for it.

In the past I would catch the error and place it in a temp file, I
would then check for the indeticle line log in a log.page file. If
they were the same I already alerted for it and would do nothing. If
it was differnt I would append this error to the log.page file and
would send out a page/alert.

I know there are logwatcher programs that can read fro EOF (End of
file) or EOR (End of Read). How can I do this in something like Perl,
sh/ksh/csh scripting, or Java? The program will be running on a unix
system.

Any suggestions would be appreciated. Thanks.

 

[ducnbyu]

In Java the DataInputStream class has the skipBytes(int n) method. If
you keep track of how many bytes you read so far (as of the last time)
you can skip them pretty quickly with this method then next time you go
in.

 

[Charles DeRykus]

Hello,
I am looking for a way to look at a log from the last time I've read
it and look for a specific string. For example, I have a logfile
called /var/adm/messages, and I am looking for an error string like
"ERROR: Loss of sync"

I know how to open the log and search for the error, but I want to
avoid reporting the same error multiple times. For instance, if I find
an error at 01:00 AM and send a page to a support team, when the
program/script runs every 10 minutes, I don't want to page again if I
already alerted for it.

In the past I would catch the error and place it in a temp file, I
would then check for the indeticle line log in a log.page file. If
they were the same I already alerted for it and would do nothing. If
it was differnt I would append this error to the log.page file and
would send out a page/alert.

I know there are logwatcher programs that can read fro EOF (End of
file) or EOR (End of Read). How can I do this in something like Perl,
sh/ksh/csh scripting, or Java? The program will be running on a unix
system.

I've done something similar with Perl's File::ReadBackwards to scan the
log entries that were written since my previous read. Every 10 minutes,
your program could read the log backwards, then convert the log entry
timestamps to epoch times to see if they fall in the 10-minute window
since the program started. Assuming log entries are marshalled so no
out-of-sequence timestamps occur, the program can stop reading as soon a
timestamp occurs that isn't within your 10 minute window.

hth,

 

[John W. Krahn]

I am looking for a way to look at a log from the last time I've read
it and look for a specific string. For example, I have a logfile
called /var/adm/messages, and I am looking for an error string like
"ERROR: Loss of sync"

I know how to open the log and search for the error, but I want to
avoid reporting the same error multiple times. For instance, if I find
an error at 01:00 AM and send a page to a support team, when the
program/script runs every 10 minutes, I don't want to page again if I
already alerted for it.

In the past I would catch the error and place it in a temp file, I
would then check for the indeticle line log in a log.page file. If
they were the same I already alerted for it and would do nothing. If
it was differnt I would append this error to the log.page file and
would send out a page/alert.

I know there are logwatcher programs that can read fro EOF (End of
file) or EOR (End of Read). How can I do this in something like Perl,
sh/ksh/csh scripting, or Java? The program will be running on a unix
system.

This may do what you want:

#!/usr/bin/perl
use warnings;
use strict;
use Fcntl ':seek';

( my $prog = $0 ) =~ s!.*/!!;
my $log_file = '/var/adm/messages';
my $config_file = "$ENV{HOME}/.$prog";
my $temp_file = "$ENV{HOME}/$prog.temp";

my $string = 'ERROR: Loss of sync';

# get the previous position
my $position = do {
open my $cfg, '<', $config_file;
fileno $cfg && <$cfg> || 0
};

open my $tmp, '>>', $temp_file or die "Cannot open '$temp_file' $!";
open my $log, '<', $log_file or die "Cannot open '$log_file' $!";

# reset the position if the file is now smaller
$position = 0 if $position > -s $log;

seek $log, $position, SEEK_SET or die "Cannot seek '$log_file' $!";

while ( my $line = <$log> ) {
print $tmp $line if $line =~ /$string/;
}

open my $cfg, '>', $config_file or die "Cannot open '$config_file' $!";
print tell $log;

__END__



John