Migrating from Unix, using tail -f in log files automatic watch/analys

  • Thread starter Thread starter Sanek
  • Start date Start date
S

Sanek

In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
.....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?
 
Sanek said:
In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?
Click to expand...

Sure. Do you only want to look for errors in the LAST (most recent)
line of logfile.log? In the last n lines of logfile.log? How often
(frequently) do you want to scan the end of logfile.log for errors?

So: in order to do what you want with CMD, instead of posting a
Unix script, just explain in plain English exactly what it is that
you wish to do.
 
Sanek said:
In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?
Click to expand...

If you have skills in unix shells what about:
http://www.cygwin.com or
http://www.microsoft.com/windows/sfu/default.asp

Both are free now. Allow you partly to stay with what you know.
 
Phil Robyn said:
Sure. Do you only want to look for errors in the LAST (most recent)
line of logfile.log? In the last n lines of logfile.log? How often
(frequently) do you want to scan the end of logfile.log for errors?
Click to expand...

Sure I need to look for the most recent errors , as "tail -f" does.
it rescans the end of logfile.log each second, and outputs the latest
lines to stdout, exactly what is needed.
So: in order to do what you want with CMD, instead of posting a
Unix script, just explain in plain English exactly what it is that
you wish to do.
Click to expand...

I post unix shell script only for the to show the beaty of unix tools
and ask about simular solutions on CMD.
There are tail.exe & grep in Windows (shareware, SFU or rescue kit),
but i can't find the way to use them in a full strength with CMD
shell. All I need is to constantly read output from "tail -f
logfile.log" and analyse this output.

I understand, that it is possible to output each second last n lines
to temporary_file,
then use CMD "for %%var in 'type temporary_file' DO ( call
some_grep_work )" ... etc.
But - the desire was to use pipes in order to skip double processing
of the same lines ans so on.

Thank You.
Sorry for my English
 
Sanek said:
Sure I need to look for the most recent errors , as "tail -f" does.
it rescans the end of logfile.log each second, and outputs the latest
lines to stdout, exactly what is needed.
Click to expand...

Once per second seems like overkill. How big is the logfile that is to
be monitored?
I post unix shell script only for the to show the beaty of unix tools
and ask about simular solutions on CMD.
Click to expand...

Beauty is in the eye of the beholder. ;-) If you are really interested
in how to implement a similar solution using CMD, see below. If you
are interested in perpetuating the 'beauty', then use cygwin or other
ports of Unix tools.
There are tail.exe & grep in Windows (shareware, SFU or rescue kit),
but i can't find the way to use them in a full strength with CMD
shell. All I need is to constantly read output from "tail -f
logfile.log" and analyse this output.
Click to expand...

The example below will suffice for simple, one-line error messages. A
real sophisticated log monitor would require the ability to detect and
parse multi-line error messages....
I understand, that it is possible to output each second last n lines
to temporary_file,
then use CMD "for %%var in 'type temporary_file' DO ( call
some_grep_work )" ... etc.
But - the desire was to use pipes in order to skip double processing
of the same lines ans so on.

Thank You.
Sorry for my English
Click to expand...

Sample content of c:\systemlog\system.log:
C:\cmd>demo\tail c:\systemlog\system.log 22
2004-04-06 10:20:00.44 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:21:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:21:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:22:00.23 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:22:00.67 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:23:00.20 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:23:00.54 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:24:00.11 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:24:00.31 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:24:16.45 This is another ERROR message for testing c:\cmd\demo\MonitorSyslog.cmd
2004-04-06 10:25:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:25:00.31 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:26:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:26:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:27:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:27:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:28:00.19 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:28:00.43 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:29:00.12 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:29:00.35 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:30:00.11 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:30:00.32 c:\cmd\TEST\heartbeat.cmd ended.


I started MonitorSyslog in one console window to scan the last 5 lines of system.log
once every 15 secondsand then at various intervals wrote 'ERROR' messages into the
c:\systemlog\system.log (this is on a box that has only a one-minute scheduled heartbeat
and nothing else running on it to make it simple). Each new 'ERROR' was promptly
reported only once by 'NET SEND'....

=====begin C:\cmd\demo\MonitorSyslog.cmd ====================
01. @echo off
02. setlocal
03. type nul > c:\temp\ReportedErrors.
04. set interval=%1
05. if not defined interval (
06. set interval=61
07. ) else (
08. set /a interval += 1
09. )
10. set lines=%2
11. if not defined lines set lines=5
12. :monitor
13. set error_found=
14. for /f "tokens=*" %%a in (
15. 'call tail c:\systemlog\system.log %lines%
16. ^| findstr "ERROR"'
17. ) do set error_found=%%a
18. if defined error_found call :error
19. :wait
20. ::echo/Waiting %interval% seconds....
21. ping -n %interval% localhost > nul
22. goto :monitor
23. :error
24. findstr /c:"%error_found%" c:\temp\ReportedErrors. > nul
25. if %errorlevel% equ 0 goto :EOF
26. net send %computername% %error_found%
27. echo>>c:\temp\ReportedErrors. %error_found%
28. goto :EOF
=====end C:\cmd\demo\MonitorSyslog.cmd ====================
=====begin C:\cmd\demo\tail.cmd ====================
01. @echo off
02. ::
03. :: show tail of {file} [ for {nnn} lines ]
04. ::
05. if [%1]==[] echo You must enter a file name.&goto :EOF
06. if not exist %1 echo File %1 does not exist.&goto :EOF
07. setlocal
08. if [%2] NEQ [] set /a lines=%2
09. if not defined lines set /a lines=15
10. for /f %%a in ('find /v /c "" ^< %1') do set reccount=%%a
11. if %lines% GTR %reccount% set /a lines=15
12. if %lines% GTR %reccount% set startline=1&goto :display
13. set /a startline = reccount - lines
14. :display
15. more /e +%startline% %1
=====end C:\cmd\demo\tail.cmd ====================
 
Back
Top