BASH

Monitor Log Files for Patterns and Trigger Actions

Create a robust log monitoring script that continuously watches a log file for specific error patterns and executes custom actions, enhancing system observability.

#!/bin/bash
# Script to monitor a log file for specific patterns and trigger an action

# Configuration
LOG_FILE="/var/log/nginx/error.log" # Path to the log file to monitor
ERROR_PATTERN="PHP Fatal error|ECONNREFUSED" # Regex pattern to search for (e.g., error, warning, failed, specific codes)
ACTION_SCRIPT="/usr/local/bin/send_alert.sh" # Path to a script that should be executed when a pattern is found
POLLING_INTERVAL=2 # How often to check for new lines if `tail -F` isn't real-time enough (usually not needed with -F)

# Function to execute the action script
execute_action() {
  local detected_line="$1"
  echo "Executing action: '$ACTION_SCRIPT' with detected line..."
  # Run the action script in the background to avoid blocking the log monitoring
  "$ACTION_SCRIPT" "$detected_line" & 
  if [ $? -eq 0 ]; then
    echo "  Action script triggered successfully."
  else
    echo "  Warning: Action script failed to execute."
  fi
}

echo "=================================================="
echo "Starting log monitor for '$LOG_FILE'"
echo "Searching for pattern: '$ERROR_PATTERN'"
echo "Action script: '$ACTION_SCRIPT'"
echo "=================================================="

# Check if the log file exists
if [ ! -f "$LOG_FILE" ]; then
    echo "Error: Log file '$LOG_FILE' not found. Please ensure the path is correct."
    exit 1
fi

# Check if the action script exists and is executable
if [ ! -x "$ACTION_SCRIPT" ]; then
    echo "Warning: Action script '$ACTION_SCRIPT' not found or is not executable."
    echo "Please ensure the path is correct and it has execute permissions (chmod +x)."
    # Exit if action script is critical, otherwise continue monitoring
    # exit 1
fi

# Use 'tail -F' to follow the log file, even if it's rotated or recreated.
# Then pipe its output to a while loop to process each new line.
tail -F "$LOG_FILE" | while read -r line; do
    # Check if the current line contains the error pattern
    if echo "$line" | grep -qE "$ERROR_PATTERN"; then
        echo "--- Pattern MATCH found in log file! ($(date +'%Y-%m-%d %H:%M:%S')) ---"
        echo "  Detected: $line"
        execute_action "$line"
        echo "---------------------------------------------------"
    fi
    # Sleep briefly to reduce CPU usage if 'tail -F' is not performing instant reads
    # This is often not needed as 'tail -F' is usually efficient
    # sleep $POLLING_INTERVAL 
done
How it works: This script continuously monitors a specified log file (`LOG_FILE`) for predefined patterns (`ERROR_PATTERN`) using `tail -F` and `grep -qE`. When a matching line is detected, it executes an `ACTION_SCRIPT`, passing the entire detected log line as an argument. This is highly useful for real-time alerting (e.g., sending notifications to Slack, email, or PagerDuty) when critical errors or events occur in application logs, enhancing system observability and response times.

Need help integrating this into your project?

Our team of expert developers can help you build your custom application from scratch.

Hire DigitalCodeLabs