Send email alert on log file entry?

I checked out several of the options mentioned on this page, and ended up using something far simpler: swatch.

Those other systems are great for dealing with existing system logs, or with software where you don't have control over the output. I just didn't want to write a bunch of code to do email notifications just yet. So I just created a swatch file like this:

watchfor /./
    mail addresses=me\@example.com:other\@example.com,subject=log_alert

And then started it up with

swatch -c send-me-everything.swatch -t /my/app/urgentevents

It's crude, but since I control the logfile output, I don't need anything more complicated yet.

Before we went to a heavyweight solution (Zenoss) we used to use logcheck which is a part of Debian but can easily be ported to other distros as well. I was using it on Gentoo. Distros like RHEL come with logwatch, which does something similar.

The best way is to use a log analysis program.

OSSEC, for example, is free/open source and allows you to watch as many log files as you want and to generate email alerts (or even active responses) for certain events.

Link: http://www.ossec.net

I know, hacking a shell script is fun, but way less stable than a mature program being developed for years. Plus, if in the future you need to extend your script or add more triggers, it becomes way more complicated. OSSEC (and other tools) have this framework done for you.