如何尾随 -fa 文件(或类似文件)指定的时间间隔?

发布于 2024-07-24 07:42:03 字数 475 浏览 14 评论 0原文

我正在努力向我们的系统添加一些 nagios 警报——其中一些警报将监视命中 nginx/apache 日志的某些事件的速率(或解析这些日志中的值)。到目前为止,我解决问题的方法是一个简单的 shell 脚本 tail -f'ing 将日志保存到临时文件大约 25 秒,终止进程,然后在临时文件上运行 awk 等。 这里的目标是在 25 秒内获取日志“样本”,然后进行分析。

这显然不太理想,因为这些临时文件导致磁盘 IO 的增加——我真正想要的是一个“增强的”tail -f,它将在一定秒数后干净地终止管道。 即:

tail -f --interval '5 秒' | grep "/serve"

会跟踪日志 5 秒钟,并显示所有包含“/serve”的行。

我想我可以快速编写一个 ruby​​ 脚本来完成此任务,但我想确保没有更统一的方法来完成此任务。 在较高的层面上,是否有更好的方法来从最后 N 秒中获取日志样本(不,我不想解析时间戳等)

I am working on adding some nagios alerts to our system -- some of which will monitoring the rate of certain events hitting the nginx/apache logs (or parsing values from those logs.) The way I've approached the problem so far is with a simple shell script tail -f'ing the log for 25 seconds or so to a temporary file, killing the process, and then running awk, etc over the temp file. The goal here being to get a log "sample" over 25 seconds and then perform analysis.

This is less than ideal obviously because of the increase in disk IO due to these temp files -- what I really would like is an "enhanced" tail -f that would terminate the pipe cleanly after a certain number of seconds. Ie:

tail -f --interval '5 seconds' | grep "/serve"

Would tail the log for 5 seconds and show me all the lines that have "/serve".

I'd imagine I can whip up a ruby script to do this pretty quickly, but I wanted to make sure there wasn't a more unixy way to accomplish this. At a high level, is there a better way to be taking samples of a log from the last N seconds (and no, I'd rather not be parsing timestamps, etc.)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

北方。的韩爷 2024-07-31 07:42:03

找到了解决方案。 “apt-get install timeout”:)

编辑:实际上这会杀死 tail,不会导致它正常退出,所以我们丢失了整个管道。 我想要的工作是:

timeout -15 5 tail -f /mnt/log/nginx/nginx-access.log | grep '/javascripts' | grep '/javascripts' | wc -l

告诉我过去 5 秒内服务了多少个 javascript 文件等。

Found the solution. "apt-get install timeout" :)

Edit: Actually this kills tail, doesn't cause it to exit gracefully, so we lose the entire pipe. What I want to work is:

timeout -15 5 tail -f /mnt/log/nginx/nginx-access.log | grep '/javascripts' | wc -l

To tell me how many javascript files served in last 5 seconds, etc.

梦屿孤独相伴 2024-07-31 07:42:03

稍微不同的方法:

(tail -f /var/log/messages & P=$! ; sleep 5; kill -9 $P) | grep /serve

A slightly different approach:

(tail -f /var/log/messages & P=$! ; sleep 5; kill -9 $P) | grep /serve
吃颗糖壮壮胆 2024-07-31 07:42:03

我认为,作为 Nagiios 用户,您不希望探测进程暂停任意时间。 在最坏的情况下,这将使 Nagios 减少检查其他事情的频率,或者“集中”检查。

一个快速(立即)运行并解析文件最后几行、仅返回时间戳晚于给定时间的有趣内容的脚本怎么样?

I'm thinking that, as a Nagiios user myself, you do not want probe processes pausing for arbitrary amounts of time. That's going to, in the worst case, make Nagios check other things less often, or "clump" the checks.

What about a script that runs quickly (instantly) and parses the last few lines of the file, returning only interesting things with a timestamp later than a given time?

岁吢 2024-07-31 07:42:03

GNU 的 tail 有一个 --pid 标志可用于此目的(一旦具有该 PID 的进程不再存在,tail 将退出)。 只需在后台启动一个 sleep 进程,并告诉 tail 退出即可。 就像这样:

sleep 5 & tail --pid=$! -f /var/log/system.log

当超时时,tail 将退出并显示 0 退出代码。

GNU's tail has a --pid flag that can be used for this (tail will exit once a process with that PID no longer exists). Just start up a sleep process in the background and tell tail to exit when it does. Like so:

sleep 5 & tail --pid=$! -f /var/log/system.log

tail will exit with a 0 exit code when time is out.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文