Monitoring var log messages file: Do you wish to monitor the /var/log/messages file on your Linux servers?
What exactly does it mean to monitor the /var/log/messages file on a Linux server? You see, there are various errors and incidents that many Linux users may want to watch for in their var log messages file. And while a simple tail and grep can isolate those wanted messages very quickly and easily, there often comes a time when something more sophisticated is needed. Something that is more controllable.
Say for instance there’s a crisis at your job (like a server crash) and you need to quickly LOOK at the system log files for certain errors or messages that will inform you of what happened. What would you do in that situation? You’re already frantic. How many tails and greps are you going to run before you go insane?
What if there’s a log monitoring command you can run that will grab out the information you need based on a time-frame?
Say you had a server crash and the higher-ups at your job are breathing down your neck for answers concerning why the server went down.
In that case, you can run over to the /var/log/messages file (or any UNIX system log file) and run a command like the one below where you can choose to pull out all lines from the log file that has the strings “error” and “panic” in them, and that occurred within the past 60 minutes. The 60 minute time-frame can of course be adjusted to fit whatever time period you need to grab.
Syntax: logrobot (log-file) (minutes-to-search) (string-to-search1) (string-to-search2) (action) (warning) (critical).
Example: logrobot /var/log/messages 60 ‘error’ ‘panic’ -show 5 10
This simple line of code will save you a lot of headaches and in some cases, it will also save you your job.