Linux monitor logs and email alerts?

Solution 1:

You could use something like LogWatch. Or even a simple script like this (it's pseudo code you'll need to modify it for your enviroment):

 #!/bin/bash
 GREP_STRING=`grep -c <error string> <acpid log location>`
 if [ $GREP_STRING -ne 0 ] 
 then
    <send email notification>
 fi

Put that in cron to run every hour or so and you should get an email letting you know when it's getting wierd.

Solution 2:

You can use OSSEC HIDS to set up rules on log files and, at the same time, get security information from your host.

Setting it up is very easy:

• Download the source
• Uncompress it and run ./install.sh
• Choose local install
• Answer the questions (email, checks, etc.)
• Edit /var/ossec/rules/local_rules.xml as specified below
• Start OSSEC with /var/ossec/bin/ossec-control start

local_rules.xml

<group name="local,syslog,">
  <rule id="100001" level="13">
    <regex>^.*Your string.*$</regex>
    <description>I've just picked up a fault in the AE35 unit. It's going to go 100% failure in 72 hours</description>
  </rule>
</group>

Rules can be very flexible and complex. See this table to get an idea of the parameters involved in a rule.

If you don't want or need the other security features you can deactive them by removing the include lines under the rules tag.

Solution 3:

I would suggest Nagios its what we run where I work for monitoring multiple machines with are network. Its very good i've not used it specifically for what your doing but you can certainly set it up to email you when errors occur.

There is a guide here for installing it on Ubuntu http://beginlinux.com/blog/2008/11/install-nagios-3-on-ubuntu-810/ and one here for installing on http://www.debianhelp.co.uk/nagiosinstall.htm.