如何确定连续审核日志轮换中新关闭的文件？

Question 1

尝试使用inotifywait它：

inotifywait -e close_write /home/tomcat/openam/openam/log/CURRENT_OPENED_LOG_FILE

Answer

尝试使用inotifywait它：

inotifywait -e close_write /home/tomcat/openam/openam/log/CURRENT_OPENED_LOG_FILE

Question 2

作为结束，这是我要使用的脚本的开始。它需要更多的工作来使其健壮并进行日志记录，但您应该了解总体思路。

#!/bin/sh

# This script should be executed from a crontab that executes every 5 or 10 minutes
# the find below looks for all log files that do NOT have the sticky bit set. 
# You can see the sticky bit with a "T" from a "ls -l". 
for x in `find /home/tomcat/openam/openam/log/ -name "log-*" -type f ! -perm -1000 -print`
do
    # Look for open files. For safety, log that we are skipping them
    if lsof | grep $x > /dev/null; then
        # create a log entry on why I'm not processing this file...
        echo $x " is open"
    else 
        # $x "is closed and not sticky"
        # run the awk scripts to process the file!
        echo $x " processing with awk..." 
        # Set the sticky bit to indicate we have processed this file
        chmod +t $x
    fi
done

Answer

作为结束，这是我要使用的脚本的开始。它需要更多的工作来使其健壮并进行日志记录，但您应该了解总体思路。

#!/bin/sh

# This script should be executed from a crontab that executes every 5 or 10 minutes
# the find below looks for all log files that do NOT have the sticky bit set. 
# You can see the sticky bit with a "T" from a "ls -l". 
for x in `find /home/tomcat/openam/openam/log/ -name "log-*" -type f ! -perm -1000 -print`
do
    # Look for open files. For safety, log that we are skipping them
    if lsof | grep $x > /dev/null; then
        # create a log entry on why I'm not processing this file...
        echo $x " is open"
    else 
        # $x "is closed and not sticky"
        # run the awk scripts to process the file!
        echo $x " processing with awk..." 
        # Set the sticky bit to indicate we have processed this file
        chmod +t $x
    fi
done

如何确定连续审核日志轮换中新关闭的文件？

答案1

答案2

相关内容