Kaseya Community

How to monitor a log file in Linux

  • I thought there used to be a LUA script for this a while back, but I don't see it now.  Is there a good way to monitor a Linux log file in /var/log?



  • Hi,

    I have created a bash script in conjunction with a Lua script to accomplish basic log file monitoring. The problem is that it needs to be stateful, you don't want to parse the whole file each time it's tested. You just want to check the lines that were added since the last test. You can download the scripts from dl.dropboxusercontent.com/.../ssh_logfile_search_.zip and the bash script has to be placed in a folder on your Linux machine with correct permissions for the monitoring user. I don't have much documentation for it currently but the Lua script needs three parameters; Script path (ex. /tmp/knm_logfile.sh), the path to the log file you want to monitor, and the string you are searching for.

    It's far from perfected at the moment, but maybe a start for you?


  • I'll give it a shot and see if I can get it to work.  thanks.

  • Hi Tomas,

    Thanks for working on this.  Here is some feedback for the script.

    1. It looks like your username (Tomas) is hard coded in the LUA script and isn't passing the objects credentials through the script.  I hard coded my user account and that worked for now.

    2.  I got this error:  /bin/bash^M: bad interpreter.  I had to run DOS2UNIX on the file to fix this error.

    3. It's not sending the actual line from the log file that triggered the alarm.  So it lets me know that an event was triggered, but I have to log into the server to actually see what the error is.

    4. Can I enter multiple words in the search string?  Does it accept regular expressions?

    If we can get this to work it would be a huge benefit to me.  It's the only thing KNM is missing for me.



  • That's why I mentioned that it's far from perfected now ;)

    I made it to prove it's possible to do for a prospect, but didn't have time to finish it. I might have given you my debug version of the script since my ssh credentials were the script, oops ;)

    I will have a look at it again. The last thing I was working on was to include the line that matched. No support for regular expressions right now. I am not an expert on bash scripts, but it should be possible there.

    It searches for a match of the string only. No and/or as it is now. As I mentioned, it was made as proof of concept but never finished.

  • Thanks Tomas.  Yes, I think it's a workable solution with a little tweaking.