I use tools like 'logwatch' and 'logcheck' to monitor new events in logs, but they have serious drawbacks. It is most obvious when it comes to multiline logs like PHP error log or MySQL slow log.
So, I wrote a trivial script that would send email messages with new events from the logs. Besides, the messages must be htmlized/colorized, highlighting the SQL/PHP syntax.
So, here's the script:
#!/bin/bash
L=$(/usr/sbin/logtail2 -f $2 )
if [ "x$L" != x"" ]; then
echo "${L}"|source-highlight -s $3 -f html|mail $1 -a "Content-type: text/html" \ -s "$(hostname): $2"
fi
The syntax is: logmail <recipients> <log file> <syntax>
To extract only new events from the log, I use 'logtail2' from 'logcheck' package. For syntax highlighting I chose 'source-highlight' (it was also used to highlight the script code above).
So, to process MySQL slow log, call the script like this:
logmail name@mail.host /var/log/mysql/mysql.slow.log sqlOr, to produce a report from the php-fpm slow log:
logmail name@mail.host /var/log/php-fpm.slow.log phpThe results may look like this:
# Time: 140403 12:01:14
# Thread_id: 12983054 Schema: dsa Last_errno: 0 Killed: 0
# Query_time: 12.672162 Lock_time: 0.000246 Rows_sent: 300 Rows_examined: 5604906 Rows_affected: 0 Rows_read: 5604906
# Bytes_sent: 14625
SET timestamp=1396512074;
SELECT
document_id
, external_document_id
, DATE_FORMAT(created_at, "%Y-%m-%d") AS created_at
, source_id
FROM
document
WHERE
(
#(
# status = 'preparsed'
# AND flag = ""
#)
#OR (
status = 'converted'
#)
)
ORDER BY
document.source_priority DESC
LIMIT
0, 300;
No comments:
Post a Comment