Need some suggestion with an old problem form a thread here:
http://www.unix.com/shell-programmin...ement-awk.html
Since my log is large, I did get help to make a line that splits the log into two parts
(change from daemon.log to syslog)
Problem is that tail seems to stop and does not update the log file.
I then made a script that looked at the "newlog" and if it did not get updated in 3 hour, restarts the tail .
Its not a good solution, since I do loose 3 hour of data.
Recently I did see some post that tail have this problem with log rotate.
When syslog rotates to syslog.1 , tail stops getting data, since it does not understand that it need to look at the new file.
I made a new script that restarts the tail if syslog.1 gets updated:
Is this a good solution, or you guys having a better solution for this?
http://www.unix.com/shell-programmin...ement-awk.html
Since my log is large, I did get help to make a line that splits the log into two parts
Code:
tail -f syslog | awk '!/snmpd|ntpd|reject/{print | "tee newlog"}'Problem is that tail seems to stop and does not update the log file.
I then made a script that looked at the "newlog" and if it did not get updated in 3 hour, restarts the tail .
Its not a good solution, since I do loose 3 hour of data.
Recently I did see some post that tail have this problem with log rotate.
When syslog rotates to syslog.1 , tail stops getting data, since it does not understand that it need to look at the new file.
I made a new script that restarts the tail if syslog.1 gets updated:
Code:
while [ 1 ]
do
file_now=$(ls -l /var/log/syslog.1 | awk '{print $8}')
if [ "$file_start" != "$file_now" ]; then
file_start=$(ls -l /var/log/syslog.1 | awk '{print $8}')
tail -f /var/logsyslog | awk '!/snmpd|ntpd|reject/{print | "tee newlog"}'
fi
sleep 60
done
