Migrating from Unix, using tail -f in log files automatic watch/analys

[Sanek]

In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
.....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?

 

[Phil Robyn [MVP]]

In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?

Sure. Do you only want to look for errors in the LAST (most recent)
line of logfile.log? In the last n lines of logfile.log? How often
(frequently) do you want to scan the end of logfile.log for errors?

So: in order to do what you want with CMD, instead of posting a
Unix script, just explain in plain English exactly what it is that
you wish to do.

 

[Matthias Tacke]

In Unix i had very simple script like:

tail -f logfile.log | while read line ; do
if echo $line | grep "ERROR"
then
# mail about error or whatever
fi
if echo $line | grep "ANOTHERERROR" .... etc
....

done

This script allows to spy/watch log file dinamicaly

Is there any way to use "tail -f" in simular way in Windows CMD?

If you have skills in unix shells what about:
http://www.cygwin.com or
http://www.microsoft.com/windows/sfu/default.asp

Both are free now. Allow you partly to stay with what you know.

 

[Sanek]

Sure. Do you only want to look for errors in the LAST (most recent)
line of logfile.log? In the last n lines of logfile.log? How often
(frequently) do you want to scan the end of logfile.log for errors?

Sure I need to look for the most recent errors , as "tail -f" does.
it rescans the end of logfile.log each second, and outputs the latest
lines to stdout, exactly what is needed.

So: in order to do what you want with CMD, instead of posting a
Unix script, just explain in plain English exactly what it is that
you wish to do.

I post unix shell script only for the to show the beaty of unix tools
and ask about simular solutions on CMD.
There are tail.exe & grep in Windows (shareware, SFU or rescue kit),
but i can't find the way to use them in a full strength with CMD
shell. All I need is to constantly read output from "tail -f
logfile.log" and analyse this output.

I understand, that it is possible to output each second last n lines
to temporary_file,
then use CMD "for %%var in 'type temporary_file' DO ( call
some_grep_work )" ... etc.
But - the desire was to use pipes in order to skip double processing
of the same lines ans so on.

Thank You.
Sorry for my English

 

[Phil Robyn [MVP]]

Sure I need to look for the most recent errors , as "tail -f" does.
it rescans the end of logfile.log each second, and outputs the latest
lines to stdout, exactly what is needed.

Once per second seems like overkill. How big is the logfile that is to
be monitored?

I post unix shell script only for the to show the beaty of unix tools
and ask about simular solutions on CMD.

Beauty is in the eye of the beholder. ;-) If you are really interested
in how to implement a similar solution using CMD, see below. If you
are interested in perpetuating the 'beauty', then use cygwin or other
ports of Unix tools.

There are tail.exe & grep in Windows (shareware, SFU or rescue kit),
but i can't find the way to use them in a full strength with CMD
shell. All I need is to constantly read output from "tail -f
logfile.log" and analyse this output.

The example below will suffice for simple, one-line error messages. A
real sophisticated log monitor would require the ability to detect and
parse multi-line error messages....

I understand, that it is possible to output each second last n lines
to temporary_file,
then use CMD "for %%var in 'type temporary_file' DO ( call
some_grep_work )" ... etc.
But - the desire was to use pipes in order to skip double processing
of the same lines ans so on.

Thank You.
Sorry for my English

Sample content of c:\systemlog\system.log:
C:\cmd>demo\tail c:\systemlog\system.log 22
2004-04-06 10:20:00.44 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:21:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:21:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:22:00.23 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:22:00.67 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:23:00.20 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:23:00.54 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:24:00.11 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:24:00.31 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:24:16.45 This is another ERROR message for testing c:\cmd\demo\MonitorSyslog.cmd
2004-04-06 10:25:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:25:00.31 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:26:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:26:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:27:00.10 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:27:00.30 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:28:00.19 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:28:00.43 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:29:00.12 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:29:00.35 c:\cmd\TEST\heartbeat.cmd ended.
2004-04-06 10:30:00.11 c:\cmd\TEST\heartbeat.cmd started.
2004-04-06 10:30:00.32 c:\cmd\TEST\heartbeat.cmd ended.


I started MonitorSyslog in one console window to scan the last 5 lines of system.log
once every 15 secondsand then at various intervals wrote 'ERROR' messages into the
c:\systemlog\system.log (this is on a box that has only a one-minute scheduled heartbeat
and nothing else running on it to make it simple). Each new 'ERROR' was promptly
reported only once by 'NET SEND'....

=====begin C:\cmd\demo\MonitorSyslog.cmd ====================
01. @echo off
02. setlocal
03. type nul > c:\temp\ReportedErrors.
04. set interval=%1
05. if not defined interval (
06. set interval=61
07. ) else (
08. set /a interval += 1
09. )
10. set lines=%2
11. if not defined lines set lines=5
12. :monitor
13. set error_found=
14. for /f "tokens=*" %%a in (
15. 'call tail c:\systemlog\system.log %lines%
16. ^| findstr "ERROR"'
17. ) do set error_found=%%a
18. if defined error_found call :error
19. :wait
20. ::echo/Waiting %interval% seconds....
21. ping -n %interval% localhost > nul
22. goto :monitor
23. :error
24. findstr /c:"%error_found%" c:\temp\ReportedErrors. > nul
25. if %errorlevel% equ 0 goto :EOF
26. net send %computername% %error_found%
27. echo>>c:\temp\ReportedErrors. %error_found%
28. goto :EOF
=====end C:\cmd\demo\MonitorSyslog.cmd ====================
=====begin C:\cmd\demo\tail.cmd ====================
01. @echo off
02. ::
03. :: show tail of {file} [ for {nnn} lines ]
04. ::
05. if [%1]==[] echo You must enter a file name.&goto :EOF
06. if not exist %1 echo File %1 does not exist.&goto :EOF
07. setlocal
08. if [%2] NEQ [] set /a lines=%2
09. if not defined lines set /a lines=15
10. for /f %%a in ('find /v /c "" ^< %1') do set reccount=%%a
11. if %lines% GTR %reccount% set /a lines=15
12. if %lines% GTR %reccount% set startline=1&goto :display
13. set /a startline = reccount - lines
14. :display
15. more /e +%startline% %1
=====end C:\cmd\demo\tail.cmd ====================