0

I am trying to monitor a log using tail -f command and when ever I come across two different words in different lines on same log, need to capture those and send a email notification:

For example: cat example.txt:

<event> 12345 </event>
<Description> Exception on file transfer for user ABC </Description>

I need to monitor for event '12345' having 'Exception' for user 'ABC'.

When I do tail -F example.txt | egrep "12345|Exception|ABC" This command prints if it sees any one of Grep keyword. Instead it needs to print only if it comes across all keywords in grep.

Improve this question
2

1 Answer 1

Reset to default
1

try

tail -f example.txt | egrep --line-buffered  "Exception.*ABC" -B 1 | egrep -v Description
  • "Exception.*ABC" search for lines having Exception AND ABC
  • "-B 1" is to have previous line (the event)
  • "--line-buffered" is to turn grep buffering mode (else the second egrep won't process)
  • "| egrep -v Description" finally removes the Description line (since you just want the event)

you will end up having

    <event> 12345 </event>

Play with each parameter to see the difference

regards

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank You @altagir. This helped

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.