Bash – how to write a script that only acts on new log entries

apache-2.2bashloggingmonitoringscripting

I feel like this should be a simple thing but I am having a hard time figuring it out.

I am trying to write a script that will monitor one of the apache log files and take some specific action. But how should I go about monitoring the log file?

Everytime a new line is written to log, I want that entry to be checked to see if it matches what I am looking for and if so x happens. When I am doing this manually I used cat or tail -f. I dont want to run the script every 30 seconds via cron and go through the whole log (or even the last 5 lines), figure out which of those lines are new since the last time the script ran and then so some things.

Is there a way only check the single new entry in the log?

Best Answer

Running your script via cron but using logtail or logtail2 to read the file will avoid reading the whole file every minute. Logtail keeps track of where it last read to and jumps to that point the next time you use it.

If you want to act on new log lines immediately rather than waiting up to 59 seconds between cron invocations, you will have to use tail -f or some equivalent.

Janne's and Khaled's answers both look to solve this problem well.

Related Solutions

Php – Why is this apache php piped log script not working properly

Your script doesn't exactly match what is expected for an Apache piped log script so what exactly is output is likely undefined. A minimal PHP example is:

#!/usr/local/bin/php

<?php
$stdin = fopen ('php://stdin', 'r');
ob_implicit_flush (true); // Use unbuffered output
while ($line = fgets ($stdin))
{
    print $line;
}
?>

See http://www.sudleyplace.com/pipederrorlogs.html for more details. First get it working so it simply outputs everything it receives and then add features to it as needed.

Httpd – How to find out why a request takes long to appear in apache access log

This is because the access log is written at he end of the request, not the beginning. So if you make the request at 12:00, and it takes a minute to complete, the entry will not be written until 12:01. The fact that it can include things like the number of bytes transferred is a sure indicator of this.

You can also perform a traceroute from one host to the other to see if its actually getting the request--if you're seeing delays during the routing, you have the source of your problem.

Best Answer

Related Solutions

Php – Why is this apache php piped log script not working properly

Httpd – How to find out why a request takes long to appear in apache access log

Related Topic