New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Log watch and alert only once
Hi
I run a simple bash command using grep and curl to notify me via telegram bot of any errors in nginx logs (and others too).
My problem is that this command runs with cron every 10 min and if I don't stop it after detecting some error, I keep receiving alerts.
Any ideias on how can I stop running this curl command after finding an error errors.and then stops?
Note, the comand just calls:
curl https://telegramurl/sendMessage?text=$(grep error in my logs)
Thanks
Comments
What about add a
exit
After it...?
The grep command looks for 500 http errors in nginx logs, after I get any errors, it will start sending message each 10 minutes until I delete the log.
Where would you place exit?
Note: This is just a safeguard in case I've made something wrong, a couple days ago doing an update I made a mistake and I had some errors during some minutes that I would like to avoid.
You place this command on cron ? I mean literally just like below ?
a. Obviously you need some place to store this (e.g.
echo $extracted_timestamp >/tmp/last_error
)No?
That's not exactly the complete comand. I filter the error and only send the log file name where it occurs, but that's what I was planning.
After testing with some 404 error I just stop it because I was receiving alerts evey 10 minutes , but I'm opened to suggestions to a better way to archive this.
Well, you gave me an idea, i could eventually just grep the previous 10 minutes... How could I do this with grep?
grep error in logs > present_error.txt
touch past_error.txt # Create, if not exists
delta=
sdiff -s present_error.txt past_error.txt
mv present_error.txt past_error.txt
telegram_send $delta
Don't use cron.
https://linux.die.net/man/1/swatch
I run sed to replace the offending string with something indicating that I had already been alerted over it, then the string isn't in the log on next cron.
https://paste.mxrouteapps.com/?bfac5b03b76248e0#FpYPJa7LeExvYtYHyB7vKxdAm99iasr8yDReJEeJ1qGE