1

I need something that does not need to be installed. It's on an embedded system with very little space on the HD. I can't instal anything. I need to do it with something that is already included.

I have a script that I want to run based on a certain line that appears in a log file. Currenty I placed this script to run every 5 minutes in the crontab and check the file for changes.

Is there a way that I can have the system call the script only if the file has changed? Like, to tell the system to fire the script in case a system call was made to open that file with write permission?

Hauke Laging
  • 90,279
Tom Klino
  • 842
  • In fact you should look for inotify questions there's already lot's of them and that's what you're looking for. you can also check this from SO http://stackoverflow.com/questions/4060212/in-linux-how-do-i-run-a-shell-script-when-a-file-or-directory-changes – Kiwy Feb 26 '14 at 15:40
  • 1
    That's the kind of thing fail2ban does. – Stéphane Chazelas Feb 26 '14 at 15:41
  • Is the log file directly produced by an application, or is it one of the ones written to by syslog? – Gilles 'SO- stop being evil' Feb 26 '14 at 23:36
  • All the answers (as well as the duplicate answers) speak of something that has to be installed. I need something that is included by default in linux. The script I'm trying to run in on an embedded system. I can't install anything. – Tom Klino Feb 27 '14 at 11:01
  • @Tom, if the system uses a different syslog implementation (most systems will have one unless very rudimentary), maybe there is a way to do it with that. Otherwise if inotify is configured in the kernel, a short C program may do the job. – Graeme Feb 28 '14 at 00:38

2 Answers2

1

Yes, there are several ways to do it. I often use iwatch.

$ touch yourfile
$ iwatch -e all_events  yourfile

after another touch you'll get

[26/Feb/2014 17:02:39] IN_OPEN yourfile
[26/Feb/2014 17:02:39] IN_ATTRIB yourfile
[26/Feb/2014 17:02:39] IN_CLOSE_WRITE yourfile
[26/Feb/2014 17:02:39] * yourfile is closed
[26/Feb/2014 17:02:40] IN_OPEN yourfile
[26/Feb/2014 17:02:40] IN_CLOSE_NOWRITE yourfile

You can also exec a desired command if the file changes:

 $ iwatch -e modify -c "ls -ls  yourfile" yourfile

after a 

 cat /dev/null > yourfile

you'll get

-rw-r--r-- 1 root root 0 Feb 26 17:05 yourfile
0

If the program create the messages logs through syslog and your system uses rsyslog, you can add a line in rsyslog.conf (or add a file in /etc/rsyslog.d). Something like:

facility.* :msg, isequal, "search line" ^/path/to/script

You will need to work out the facility from looking elsewhere in rsyslog.conf.

Graeme
  • 34,027