On Fri, Mar 7, 2008 at 7:32 PM, Nikhil mnikhil@gmail.com wrote:
On Fri, Mar 7, 2008 at 7:07 PM, Agnello George agnello.dsouza@gmail.com wrote:
On 3/7/08, Nadeem M. Khan nadeem.m.khan@gmail.com wrote:
On Fri, Mar 7, 2008 at 5:25 PM, Agnello George <
agnello.dsouza@gmail.com>
wrote:
if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ;
then
You might lots of false alarms because of that. Dont grep for "error" in general. Grep for a more specific expression that is unique to the error you are looking for.
[ grep "unique expression" /tmp/agnello .....
Thanks for the tip!!
Actually, if I can start from the first mail, then there is something called 'event correlation', which I believe you are actually looking out for. There are opensource tools like logsurfer and SEC (Simple-Event Correlator) (ofcourse there are other Enterprise versions like splunk etc..), which are basically implemented in perl .
I like logsurfer for its simplicity but SEC has few advantages over SEC in few contexts. Try it if you are looking for more than extending your scripts . (My policy: Never reinvent the wheel)
Regards, Nikhil
let me know if you need any startup help with the sec or the logsurfer...