parsing syslogd files

[count23]

I am pushing Cisco router logs to syslogd on a FreeBSD box. I want to be notified when high priority messages are logged. The notification would be via email. The problem I'm running into is I'm not sure how to parse the logs to find the right messages.

I am currently sending warning and higher priority logs to the same file. I could split this into 2 or more files if that will help. For instance, one file for messages I want to be alerted on and another file for everything else.

I do have some perl skills so I could probably write a script but I imagine there is already something out there that will do this for me.

If anyone has a suggestion for how this can be done I would appreciate hearing it.

Thanks in advance.

 

[AHinMaine]

How about installing a monitoring software like Nagios? It can do that and a heck of a lot more.

--
Andy

http://www.nachoz.com

 

[Annihilannic]

Something like this would probably do:

[tt]tail -1f yourlogfile | nawk '
BEGIN { getline }
/HighPriority/ {
system("echo \"" $0 "\" | mailx -s \"" $0 "\" youraddress@somewhere&quot
}
'&[/tt]

Obviously you could stick that in a script and run it in the background using nohup or similar. "HighPriority" is some string that matches something in your high priority messages. I had to use nawk on Solaris, you may get away with just awk on your OS. Annihilannic.