SUMMARY:capturing syslog events

Date: Tue Sep 16 1997 - 12:29:57 CDT

Original message:

I need a (hopefully simple and easy) way of triggering processes when
certain messages are written by syslogd in /var/adm/messages.

Please note that I am NOT asking to print messages to a different file;
what I want is to run a process (or to pass the messages to an already
running process) to trigger certain actions when they appear.(In real time)
I am aware that syslogd sometimes takes some seconds to write down
messages, but this is tolerable.

I have browsed the FAQs, and searched the relevant man pages, having found
no hints.

The purpose of this is to implement a specialized alarm system in our site,
to help diagnosing some "strange" failures.

Our plattform is Sparc5/ Solaris 2.5

Thanks for any help or pointers


Most of you suggested getting swatch at

Also suggested were Hawk,logsurfer,expect,contool,tklogger,logcheck,watcher
and use of perl and shell scripts, reading the log file and grepping or
using a nawk script, using tail -f and nawk.

However the solution I finally used was the one suggested by Alex Lattanzi
and Adrian Singh. I configured syslogd to write the messages to a file
named "FIFO", and created the file as a pipe with "mknod FIFO p".
Then I created a shell script that sits forever reading from the pipe, like
this (provided by Adrian):


while true
   while read line
      my_program $line
   done <FIFO

Of course, syslogd needs to be HUPped and the shell script must be run in
I have tested it, it does what I need.

I also got the swatch package, it seems well worth to have a look into.

-- Oscar Goldes
-- Orden Argentina SA

