Simon icon Simon
Flexible server monitoring

Check for absence of log line

I'm looking for a way to be notified on the absence of a certain line in a log file, on a continuing basis.

A bit of background: we have a few VIPs with mobile devices that are supposed to sync with their calendars via SyncML, but sometimes the sync process on the device silently gets stuck and stop syncing (the developer can't track it down). Of course the phone and other apps continue to work fine, so the user is clueless until they miss an appointment or something, and then they're already angry.

I'd like to get more proactive on this by monitoring the sync server log to ensure that my VIP users are syncing properly. So if I have a user called "JohnD", Simon would check the log to ensure that JohnD has logged in at least once over the previous 2 or 3 hours (the sync is supposed to happen every hour).

I could just do a tail on the log for the number of lines that would normally approximate the last few hours and grep the login names, but that would break if anything increased the number of log lines (temporarily turning up the logging detail, adding more users that sync, etc). Similarly, if logging detail was decreased, we'd get a false negative because older login lines from many hours or days ago might show up. I wondered if there was a fancier way to actually check the log over the last few hours based on the current date and time and the timestamps in the log.

A login line in the log looks like this:

2008/02/27 09:52:47 [S fd60biag--cq--vfx156] User John DeMillion (johnd) logged in.

Any hints?

David Sinclair's picture

Re: Check for absence of log line

I guess one way could be to write a shell script that matches lines with the same date (if going back up to 24 hours was acceptable), then match the names.

Many script languages have functions to convert strings to dates, and get the current date, so a better solution would be for you to look for the line with the last "johnd", then extract the date from that line and make sure it's recent enough.

Unfortunately my unix skills aren't good enough to do that, though perhaps others could help you. Or it could be written in Perl, PHP, AppleScript, or some other script language you're more comfortable with.

I hope that gives you some ideas.