logWatch.sh

#!/bin/bash


# USER VARIABLES

TARGET_LOG_FILE="/var/tmp/testLog.log"				# Log File to monitor

MONITOR_LOG_FILE="/var/tmp/mon.log"				# Monitor sript log file

TEMP_CONTEXT_FILE="/var/tmp/tempContext.txt"			# Temp file for context excerpt

CONDITION_STRING="fooBar.service"				# String to monitor for

CONTEXT_LINES=10						# Number of preceding lines to collect for context

WEBHOOK_URL="https://ntfy.EXAMPLE.COM/ibuilt.one/scriptTesting"		# URL to post alerts to


# start tailing the log file and append output to the log file

tail -F $TARGET_LOG_FILE | awk -v target_log="$TARGET_LOG_FILE" -v monitor_log="$MONITOR_LOG_FILE" -v temp_context="$TEMP_CONTEXT_FILE" -v condition="$CONDITION_STRING" -v context_lines="$CONTEXT_LINES" -v webhook_url="$WEBHOOK_URL" '
 
  # define a function to send alerts
 
  function send_alert(alert_line, line_number) {
 
    # extract the context lines preceding the alert line
 
    cmd = "tail -n " context_lines " " target_log " >> " temp_context
 
    system(cmd)
 
    # format the alert message
 
    message = "ALERT: " condition "\n" alert_line
 
    # send the context log excerpt
 
    cmd = "curl -T tempContext.txt -H \"Filename: "temp_context"\" "webhook_url
 
    system(cmd)
 
    # pause for the file to send
 
    system("sleep 1")
 
    # send the alert
 
    cmd = "curl -d \""message"\" "webhook_url
 
    system(cmd)
 
    system(": > "temp_context)
 
    close(cmd)
 
  }

 

  # look for lines that match the alert condition
 
  $0 ~ condition {
 
    # send an alert for the matching line
 
    send_alert($0, NR)
 
  }

' 2>&1 >> $MONITOR_LOG_FILE