logWatch.sh

#!/bin/bash

# USER VARIABLES
TARGET_LOG_FILE="/var/tmp/testLog.log"                # Log File to monitor
MONITOR_LOG_FILE="/var/tmp/mon.log"                # Monitor sript log file
TEMP_CONTEXT_FILE="/var/tmp/tempContext.txt"            # Temp file for context excerpt
CONDITION_STRING="fooBar.service"                # String to monitor for
CONTEXT_LINES=10                        # Number of preceding lines to collect for context
WEBHOOK_URL="https://ntfy.EXAMPLE.COM/scriptTesting"        # URL to post alerts to

# start tailing the log file and append output to the log file
tail -F $TARGET_LOG_FILE | awk -v target_log="$TARGET_LOG_FILE" -v monitor_log="$MONITOR_LOG_FILE" -v temp_context="$TEMP_CONTEXT_FILE" -v condition="$CONDITION_STRING" -v context_lines="$CONTEXT_LINES" -v webhook_url="$WEBHOOK_URL" '
  # define a function to send alerts
  function send_alert(alert_line, line_number) {
    # extract the context lines preceding the alert line
    cmd = "tail -n " context_lines " " target_log " >> " temp_context
    system(cmd)
    # format the alert message
    message = "ALERT: " condition "\n" alert_line
    # send the context log excerpt
    cmd = "curl -T tempContext.txt -H \"Filename: "temp_context"\" "webhook_url
    system(cmd)
    # pause for the file to send
    system("sleep 1")
    # send the alert
    cmd = "curl -d \""message"\" "webhook_url
    system(cmd)
    system(": > "temp_context)
    close(cmd)
  }

  # look for lines that match the alert condition
  $0 ~ condition {
    # send an alert for the matching line
    send_alert($0, NR)
  }
' 2>&1 >> $MONITOR_LOG_FILE