On Fri, Mar 7, 2008 at 7:07 PM, Agnello George <[EMAIL PROTECTED]> wrote:
> On 3/7/08, Nadeem M. Khan <[EMAIL PROTECTED]> wrote: > > > > On Fri, Mar 7, 2008 at 5:25 PM, Agnello George <[EMAIL PROTECTED] > > > > wrote: > > > > > if [ $(tail -n 10 /tmp/agnello |grep -e error | wc -l ) = 0 ] ; > then > > > > You might lots of false alarms because of that. Dont grep for "error" > > in general. Grep for a more specific expression that is unique to the > > error you are looking for. > > > > [ grep "unique expression" /tmp/agnello ..... > > > > Thanks for the tip!! Actually, if I can start from the first mail, then there is something called 'event correlation', which I believe you are actually looking out for. There are opensource tools like logsurfer and SEC (Simple-Event Correlator) (ofcourse there are other Enterprise versions like splunk etc..), which are basically implemented in perl . I like logsurfer for its simplicity but SEC has few advantages over SEC in few contexts. Try it if you are looking for more than extending your scripts . (My policy: Never reinvent the wheel) Regards, Nikhil -- http://mm.glug-bom.org/mailman/listinfo/linuxers
