Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Log watch and alert only once
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Log watch and alert only once

nfnnfn Veteran
edited November 2022 in Help

Hi

I run a simple bash command using grep and curl to notify me via telegram bot of any errors in nginx logs (and others too).

My problem is that this command runs with cron every 10 min and if I don't stop it after detecting some error, I keep receiving alerts.

Any ideias on how can I stop running this curl command after finding an error errors.and then stops?

Note, the comand just calls:
curl https://telegramurl/sendMessage?text=$(grep error in my logs)

Thanks

Comments

  • qtwrkqtwrk Member

    What about add a

    exit

    After it...?

    Thanked by 1nfn
  • nfnnfn Veteran
    edited November 2022

    @qtwrk said:
    What about add a

    exit

    After it...?

    The grep command looks for 500 http errors in nginx logs, after I get any errors, it will start sending message each 10 minutes until I delete the log.

    Where would you place exit?

    Note: This is just a safeguard in case I've made something wrong, a couple days ago doing an update I made a mistake and I had some errors during some minutes that I would like to avoid.

  • LisoLiso Member
    edited November 2022

    @nfn said: curl https://telegramurl/sendMessage?text=$(grep error in my logs)

    You place this command on cron ? I mean literally just like below ?

    */10 * * * * curl https://telegramurl/sendMessage?text=$(grep error in my logs)
  • jmgcaguiclajmgcaguicla Member
    1. Extract timestamp of most recent error
    2. Check if timestamp is newer than the last encountered error
      a. Obviously you need some place to store this (e.g. echo $extracted_timestamp >/tmp/last_error)
    3. If yes, send alert and update last error timestamp

    No?

    Thanked by 1nfn
  • nfnnfn Veteran

    @Liso said:

    @nfn said: curl https://telegramurl/sendMessage?text=$(grep error in my logs)

    You place this command on cron ? I mean literally just like below ?

    */10 * * * * curl https://telegramurl/sendMessage?text=$(grep error in my logs)

    That's not exactly the complete comand. I filter the error and only send the log file name where it occurs, but that's what I was planning.

    After testing with some 404 error I just stop it because I was receiving alerts evey 10 minutes , but I'm opened to suggestions to a better way to archive this.

  • nfnnfn Veteran

    @jmgcaguicla said:
    1. Extract timestamp of most recent error
    2. Check if timestamp is newer than the last encountered error
    a. Obviously you need some place to store this (e.g. echo $extracted_timestamp >/tmp/last_error)
    3. If yes, send alert and update last error timestamp

    No?

    Well, you gave me an idea, i could eventually just grep the previous 10 minutes... How could I do this with grep?

  • rincewindrincewind Member

    grep error in logs > present_error.txt
    touch past_error.txt # Create, if not exists
    delta=sdiff -s present_error.txt past_error.txt
    mv present_error.txt past_error.txt
    telegram_send $delta

  • skorousskorous Member

    Don't use cron.

    https://linux.die.net/man/1/swatch

    Thanked by 10xbkt
  • jarjar Patron Provider, Top Host, Veteran
    edited November 2022

    I run sed to replace the offending string with something indicating that I had already been alerted over it, then the string isn't in the log on next cron.

    https://paste.mxrouteapps.com/?bfac5b03b76248e0#FpYPJa7LeExvYtYHyB7vKxdAm99iasr8yDReJEeJ1qGE

Sign In or Register to comment.