Re: Logfile parsing and sending mail

< ^ > P N |<>| ^ _>< --- | ~ ...Help
Hi Markus,

Welcome to Ruby !

From: "Markus Wichmann" <wichmann.markus / gmx.net>
> I'd like to parse an Apache logfile at regular intervals, say every 15
> minutes. If that part of the logfile that has been added since the last
> parsing contains a certain String, let's say "blueice", I'd like to be
> sent an e-mail.

A brute-force approach might be to keep track of how many lines
of the log file you've read, and re-read the logfile each time,
discarding up to the number of lines you'd read previously, and
only considering the new lines.

However, there's an even easier (and more efficient) way...

If you keep the logfile open, you'll get a 'nil' value back from
gets() when you've reached the end of the file...  If you keep the
logfile open, though, and wait the 15 minutes, you can just call
gets() again and you'll get just the new lines that have been
added to the logfile since last time.  (Then you'll get the 'nil'
again, indicating you're at the end of the *current* length of
the logfile... at which point you can wait for 15 min. again...)

You can cause Ruby to pause for 15 minutes, by specifying the
number of seconds to sleep, as: sleep(15 * 60)

You can open the logfile, with, for ex.:

logf = File.open("/var/log/httpd/access_log", "r")

To scan for the string data you're looking for, regular expressions
might be appropriate...  Using your "blueice" example:

while (line = logf.gets)
  if line =~ /blueice/   # scan for "blueice" string anywhere on line
    send_me_email
  end
end


There are likely several ways to send email from Ruby, but here
are a couple I use.  If sendmail is available locally, I might
use that; or if I need to talk directly to my ISP's SMTP server,
that's easy too...

Here's a sendmail example:

from_addr = "log-voyeur / somewhere.net"
to_addr = "me / somewhere.net"

email_text = <<"END_EMAIL"
To: "Me" <#{to_addr}>
From: #{from_addr}
Subject: That thar logfile turned up somethin'

Hi, #{to_addr},

Here's the email about the logfile thing.
END_EMAIL

# now the sendmail part...

IO.popen("/usr/sbin/sendmail #{to_addr}", "w") do |sendmail|
  sendmail.print email_text
end

# That's it...  Or, using SMTP directly:

require 'net/smtp'

Net::SMTP.start("your-isp-smtp-server.com") do |smtp|
  smtp.sendmail(email_text, from_addr, to_addr)
end



That's it...!  Hope this helps, and, apologies in advance if
there are any typos in the above code snippets!!  :)


Regards,

Bill