Created
September 10, 2019 15:12
-
-
Save westhouseit/529cfac5ac216ac3b670da9c485fb3a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Version: 2.0 | |
# Date: 19-01-2015 | |
# Enhanced by: Paul van der Westhuizen | |
# | |
# Logmon.sh | |
# This script is designed to monitor error log files, | |
# and if any new lines are found, to email these to a chosen address | |
# | |
# I'm pretty sure I got part of this script from someone else, | |
# but I can't remember from whom, sorry. | |
# | |
# v2.0 Added ability to strip junk so as to reduce number of log reports | |
# | |
# TODO: | |
# Variables | |
# To monitor more files add another entry to the MONFILES list. | |
# All files in the MONDIRS array will be monitored. | |
FROM="email@example.com" | |
NOTIFY="email@example.com" | |
#MONDIRS[1]="" | |
#get successful logins, failed attempts caught by fail2ban | |
grep "sshd:session" /var/log/auth.log > /var/log/sshd.log | |
MONFILES[0]="/var/log/sshd.log" | |
MONFILES[2]="/var/log/mysql/error.log" | |
# Regex string run by sed again log files. Can be used to strip junk from log. | |
REGEXES[1]="/File\ does\ not\ exist/d" | |
REGEXES[2]="/request[ ]without[ ]hostname/d" | |
REGEXES[3]="/Invalid URI in request/d" | |
REGEXES[4]="/request failed\: error reading the headers/d" | |
REGEXES[5]="/does NOT match server name\!\?/d" | |
#REGEXES[2]="/^n/d" | |
############################### | |
## Do not modify below here. ## | |
############################### | |
# Length of REGEXES array. Spaces breaks for..in loop. | |
REGEXL = ${#REGEXES[@]} | |
# get all the files in dirs | |
for DIR in ${MONDIRS[@]} | |
do | |
dirfiles=($(find $DIR -type f -name "*php" -mtime -1)) | |
# we'll only check files modified in the last 24hours. | |
# this extra leeway allows for this script missing certain | |
# regular intervals due to server failure, etc. | |
# clean up old junk | |
find $DIR -type f -name "*body" -mtime +1 -exec rm {} \; | |
find $DIR -type f -name "*last" -mtime +1 -exec rm {} \; | |
done | |
FILES=( ${dirfiles[@]} ${MONFILES[@]} ) | |
#FILES="${dirfiles[@]} ${MONFILES}" | |
# process the files | |
for FILE in ${FILES[@]} | |
do | |
LASTFILE="$FILE.last" | |
BODY="$FILE.body" | |
HOSTNAME=`hostname` | |
DATE=`date` | |
if [ ! -e "$FILE" ] # Check if file exists. | |
then | |
#echo "$FILE does not exist."; echo | |
touch $FILE | |
continue # On to next. | |
fi | |
# Run regexes to process log file | |
# Use length of REGEXES array. Spaces breaks for..in loop. | |
for (( r=1; r<=${#REGEXES[@]}; r++ )) | |
do | |
#echo "regex = ${REGEXES[$r]}" | |
sed -i -e "${REGEXES[$r]}" $FILE | |
done | |
# Keep a count of number of lines | |
# If file length reduces then we assume logrotate and reset our count back to 0 | |
CURLENGTH=`cat $FILE | wc -l` | |
touch $LASTFILE | |
LASTLENGTH=`cat $LASTFILE` | |
if [ "$LASTLENGTH" == "" ]; then | |
LASTLENGTH=0 | |
fi | |
if [ $CURLENGTH -lt $LASTLENGTH ]; then | |
# File is smaller than last time we processed, assume logrotate and we will start from 0 | |
#echo "File is smaller ! Assuming logrotate and resetting back to 0" | |
LASTLENGTH=0 | |
fi | |
#echo | |
#echo "Current length of $FILE is $CURLENGTH" | |
#echo "Last length of $FILE is $LASTLENGTH" | |
TAIL=$(($CURLENGTH-$LASTLENGTH)) | |
#echo "Number of lines to tail are $TAIL" | |
#echo | |
# Generate the body for our alert email | |
echo "From: $FROM" > $BODY | |
echo "To: $NOTIFY" >> $BODY | |
echo "Subject: ALERT: $TAIL new entries found in $FILE on $HOSTNAME at $DATE" >> $BODY | |
echo "" >> $BODY | |
echo "$TAIL new entries found in $FILE on $HOSTNAME at $DATE" >> $BODY | |
echo >> $BODY | |
tail -n $TAIL $FILE >> $BODY | |
echo "" >> $BODY | |
# Email $BODY to $NOTIFY if there have been any changes | |
if [ $TAIL != 0 ]; then | |
/usr/sbin/sendmail -t < $BODY | |
#echo "email sent to $NOTIFY" | |
#remove log file | |
#rm $FILE | |
fi | |
# Print the body | |
#echo | |
#cat $BODY | |
#echo | |
# Now reset the last known log position | |
echo $CURLENGTH > $LASTFILE | |
# DEBUGGING | |
#echo "-----------------------" | |
#echo "FILE: $FILE" | |
#echo "CURLENGTH: $CURLENGTH" | |
#echo "LASTLENGTH: $LASTLENGTH" | |
#echo "TAIL: $TAIL" | |
#echo "BODY: $BODY" | |
#echo "-----------------------" | |
done | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment