Sysgrep (Syslog Alerting)

Sysgrep.tar

Sysgrep is a bash script that periodically (300 seconds by default) looks at the line count of a log file and checks to see if new lines have been written (such as on a syslog server capturing network events). It then grabs any new lines from the syslog file and runs 'grep' against them (hense 'sysgrep'), removing any lines found in a list of exclusions (the notmaches file). What is left is then checked against a list of inclusions (the matches files). Any hits are emailed to the email address provided. It's that simple.

Sysgrep provides a method for emailing specific log message to an alerts inbox. By default no mesage are sent, only those defined in the matches file are sent, provided they haven't been exlucded by the notmaches file first. So you can include all failed login attempts for example, but exlcude any from you lab switches by adding them to the notmatches file. Syslog displays on the wall in a NOC are common, but you may also want alerts for certain messages. Where the script sends the email, you can replase this line with anything else, like sending an SMS alert, flashing a red light on the NOC wall, or dispensing chocolates out of a hatch.

Note to self; re-write in Perl or PHP, or any other language like lua to vastly speed up!

---