SLAC ESD Software Engineering Group

 

 

 

SYSLOG Monitor Setup

 

SLAC Detailed

SLAC Computing

Software Home

Software Detailed

Documentation and Web Support

 


         

 

Our syslog server is mccsyslog. 

There is a keywords file: syslogd-keywords

 

cat syslogd-keywords

crit
warn
fail
unknown
fatal
terminate

There is an ignore file with RegExp: syslogd-ignore

 

cat syslogd-ignore

"sshd.*Read from socket failed"
'sshd.*UNKNOWN'
"critical.*BIOS.*initialization"
"kernel.*hub_port_status"
"kernel.*usb"
"size grew during save"

Created a named pipe:  mkfifo /var/log/syslogPIPE

Created a script to read from /var/log/syslogPIPE:

#!/bin/bash
pipe=/var/log/syslogPIPE
SLAC="@slac.stanford.edu"
MAILLIST="brobeck$SLAC"
KEYWORDS="/u/cd/brobeck/scripts/syslogd-keywords"
IGNORE="/u/cd/brobeck/scripts/syslogd-ignore"

#
#I created a named pipe: mkfifo /var/log/syslogPIPE
#A simple tail command will redirect syslog messages to the pipe
#
tail -n2 -F /var/log/messages >> $pipe &

while true
do
if read line <$pipe; then
#
# To stop this script you can perform
# a pkill syslogd-pipeRea or
# use "logger syslogquit"
#
SYSLOGQUIT=`echo $line | grep syslogquit>/dev/null; echo $?`
if [ $SYSLOGQUIT = 0 ]; then
logger "syslogd-pipeReader is quiting"
logger "syslogd-pipeReader is quiting"
break
fi
#-testing
#echo $line
#
# List of keywords to look for in syslog
#
for x in `cat $KEYWORDS`
do
SM=`echo $line | grep -ie $x > /dev/null; echo $?`
if [ $SM = 0 ]; then break; fi
done

#
#Some errors we don't want to see. List of
#key words/RegExp to ignore
#
for y in `cat $IGNORE`
do
CHK=`echo $line | grep -ie $y > /dev/null; echo $?`
if [ $CHK = 0 ]; then break; fi
done

if [ "$SM" = 0 ] && [ "$CHK" != 0 ]; then
echo $line | mailx -s "syslog Alert" "$MAILLIST"
fi
fi
done
echo "Syslogd Pipe Reader exiting"


 

 

 

 

 


Created by Ken Brobeck on Sep 14, 2012.

Modified: September 18, 2012