#!/bin/bash # Check timestamps up to 3 minutes ago prev3=`date +"%y/%m/%d %H:%M" -d -3minute` prev2=`date +"%y/%m/%d %H:%M" -d -2minute` prev1=`date +"%y/%m/%d %H:%M" -d -1minute` now=`date +"%y/%m/%d %H:%M"` logevent="Exception" treshold=2 # check the log file failCount=` egrep "$prev3|$prev2|$prev1|$now" /var/log/app_logfile.log | grep $logevent | wc -l ` # 3 or more log events in previous 3-4 minutes if [ $failCount -gt $treshold ]; then # notify someone echo "failCount ($failCount) exceeds treshold ($treshold)" | mail -s "Alert from ${HOSTNAME}" support@mycompany.com fi
Log Monitoring - number of recent events exceeding treshold
This script checks a log file for a certain log event. If the number of these events in the last 3 minutes exceeds a treshold, an alert email is sent