Monitor log in realtime, and run a command on a particular event

Latest response

I think I could probably create a python script to do this, but I wanted to see if someone has been here before me.

We already have a crude working script that "greps" logs searching for a particular event.
The event can easily be identified. The event contains a filename and filepath.
The script then performs a "chattr" on that file.
The script runs once ever 5 mins.

However we now need it to run in real time so as soon as the event occurs the script is triggered.

EJ
Log in to join the conversation

Responses

thomas.jones2@dodiis.mil's picture Guru 6435 points
8 March 2015 1:53 AM

That's what logwatch is for. A LOTTA people tie it to fail2ban to enhance system security. Realistically, it can be tied to nearly anything you want to trigger on. Also, the various syslog implementations can support logging to a pipe/script so that you don't have to do any kind of supplemental file-grepping.

EJ Community Member 27 points
8 March 2015 8:42 AM

We have just started using fail2ban and I noticed it works by monitoring the failed sshd attempts in the log.
However logwatch does not appear to work in real-time, everything I have read indicates that you set it off to run at specific intervals rather than constantly monitoring the events as they are written to the file.

Whatever system is good enough for fail2ban is good enough for me, I will look into it.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.