If a logfile entry is unique, either by having a date or by having an ID it is possible to record what was already processed and sent to SCOM, so we only have to report new entries.
I've created a shell script that finds and reports all the new occurrences of a string inside a log file.
In this case I'm only reporting the number the occurrences but the script can easily be changed to report the complete lines.
#!/bin/bash# -- Parameters:# $1 - Pathname to logfile# $2 - String to search: Regular expression for 'grep'umask 022# -- Create tmp file nameftmp=`echo "$1" | tr -dc '[:alnum:]'`"-"`echo "$2" | tr -dc '[:alnum:]'`> $ftmp.send# -- If logfile doesn't exist just initialize previous found fileif [ ! -f "$1" ] || [ ! -s "$1" ]; then> $ftmp.prevelse# -- Search log for stringgrep "$2" "$1" > $ftmp.new# -- Process found lines: if not already sent them send themif [ ! -f $ftmp.prev ] || [ ! -s $ftmp.prev ]; thencp $ftmp.new $ftmp.sendelse(while read adorm $ftmp.found 2>/dev/null(while read bdoif [ "$b" == "$a" ]; then echo "" > $ftmp.found; break; fidone) < $ftmp.previf [ ! -f $ftmp.found ]; then echo "$a" >> $ftmp.send; fidone) < $ftmp.newfimv $ftmp.new $ftmp.prevfi# Count the number of lines to sendwc -l $ftmp.send
exit 0
No comments:
Post a Comment