I am looking for a way using the command line in UNIX to email the results from a grep command.
I am grepping the error logs looking for a "searchword". I temporarily want to email the results to my work account. This is a temporary solution until the SA has the time to write a script that will write it to a file where the file will be read by an automated analyzing program.
sendmail joetester#workemail.com < grep searchword error*
Does anyone have an idea on how to do it that they can share. Thank you.
You want something like grep searchword error* | sendmail joetester#workemail.com, see this question.
Related
I'm trying to replace the word in shell script with sed -e command but its not replacing , please help on that, i have tried the below
we have separate file in /data/docs/config.log, in that file there is a word ?account for example ,
username acc, passsword acc, ?account.name
this ?account word needs to be replaced with word 'GLOBAL' using sed -e command ,
reacc = GLOBAL
sed -e "s/?account/$reacc/g" /data/docs/config.log > /data/docs/newconfig.log
but here the file newconfig.log has created with 0 size , no output written to the file , its not replacing its an empty file,
the output should be username acc, passsword acc, GLOBAL.name in newconfig.log
Being the only person who can reproduce the problem, you are pretty much on your own. There are plenty of things you can do to analyze the problem, though.
Double-check the shell. Don't have blind faith in #!/bin/sh. In cygwin for example, /bin/sh is an alias for bash. Verify with: echo $SHELL
Check permissions and file system. Do you have rights to write to the output file? Is the disk full? Does cat /data/docs/config.log > /data/docs/newconfig.log work? Test again in a different folder.
Double-check the output file. Is it really empty, or is the file system just slow with updating the file size? Is sed really finished? Test without output redirection; see if the output is dumped to stdout.
Test with a small file; one or two lines is enough.
If even that does not work, then test sed itself. Who knows, maybe you have a weird alias that hides the real sed. The most trivial filter is sed -e '', which should simply echo every line you type (just like cat without parameters). Does that work? Then try some simple patterns.
Systematically iterate between test cases that succeed and test case that fail, until you have found the breaking point. Doing so, you should be able to find the cause. Sorry, that's all I can do for you right now.
Remove spaces around =. Try after making
reacc=GLOBAL
Say I had a script that checked honeypot locations using md5sum.
#!/bin/bash
#cryptocheck.sh
#Designed to check md5 CRC's of honeypot files located throughout the filesystem.
#Must develop file with specific hashes and create crypto.chk using following command:
#/opt/bin/md5sum * > crypto.chk
#After creating file, copy honeypot folder out to specific folders
locations=("/share/ConfData" "/share/ConfData/Archive" "/share/ConfData/Application"
"/share/ConfData/Graphics")
for i in "${locations[#]}"
do
cd "$i/aaaCryptoAudit"
/opt/bin/md5sum -c /share/homes/admin/crypto.chk
done
And the output looked like this:
http://pastebin.com/b4AU4s6k
Where would you start to try and recognize the output and perhaps trigger some sort of response by the system if there is a 'FAILED'?
I've worked a bit with PERL trying to parse log files before but my attempts typically failed miserably for one reason or another.
This may not be the proper way to go about this, but I'd want to be putting this script into a cronjob that would run every minute. I had some guys telling me that an inotify job or script (I'm not familiar with this) would be better than doing it this way.
Any suggestions?
--- edit
I made another script to call the script above and send the output to a file. The new script then runs a grep -q on 'FAILED' and if it picks anything up, it sounds the alarm (tbd what the alarm will be).
#!/bin/bash
#cryptocheckinit.sh
#
#rm /share/homes/admin/cryptoalert.warn
/share/homes/admin/cryptocheck.sh > /share/homes/admin/cryptoalert.warn
grep -q "FAILED" /share/homes/admin/cryptoalert.warn && echo "LIGHT THE SIGNAL FIRES"
Use:
if ! /opt/bin/md5sum -c /share/homes/admin/crypto.chk
then
# Do something
fi
Or pipe the output of the loop:
for i in "${locations[#]}"
do
cd "$i/aaaCryptoAudit"
/opt/bin/md5sum -c /share/homes/admin/crypto.chk
done | grep -q FAILED && echo "LIGHT THE SIGNAL FIRES"
im using procmail to forward emails to different folders in my Maildir.
I use these two lines to get the FROM and TO from the mail, which works pretty fine.
FROM=`formail -x"From:"`
TO=`formail -x"To:"`
These two commands return the whole line without the From: and To: prefix.
So i get something like:
Firstname Lastname <firstname.lastname#mail-domain.com>
Now i want to extract the email between < and >.
For this i pipe the variable FROM and TO grepping it like this.
FROM_PARSED=`echo $FROM | grep -o '[[:alnum:]+\.\_\-]*#[[:alnum:]+\.\_\-]*'`
TO_PARSED=`echo $TO | grep -o '[[:alnum:]+\.\_\-]*#[[:alnum:]+\.\_\-]*'`
But when i print FROM_PARSED into the procmail log by using LOG=FROM_PARSED, i get an empty string in FROM_PARSED and TO_PARSED.
But if i run these commands on my console, all works fine. I tried many other grepping methods, using grep, egrep, sed and even cut (cutting < and >). All working on console, but i use it in procmail it just returns nothing.
Is it possible that procmail is not allowed to use grep and sed commands? Something like a chroot?
I dont get any error logs in my procmail log. I just want to extract the valid email address from the FROM and TO line. Extracting with formail works, but parsing it with grep or sed fails, even if expression is correct.
Could somebody help? Maybe i need to setup procmail somehow.
Strange.
I added this to the users .procmailrc file
SHELL=/bin/bash
The users shell was set to /bin/false, which is correct because its a mail user, no ssh access at all.
You should properly quote "$FROM" and "$TO".
You will also need to prefix grep with LC_ALL=POSIX to ensure [:alnum:] will actually match the 26 well-known characters + 10 digits of the English alphabet.
You already solved this, but to answer your actual question, it is possible to run procmail in a chroot, but this is certainly not done by Procmail itself. Sendmail used to come with something called the Sendmail Restricted Shell (originally called rsh but renamed to remsh) which allowed system administrators to chroot the delivery process. But to summarize, this is a feature of the MTA, not of Procmail.
I have some python scripts that run on a daily basis in cron. How can I have cron send me an email ONLY WHEN THERE IS STDERR OUTPUT from my script? I want to be able to mail multiple recipients, and set the subject line individually for each cron entry.
I tried this:
./prog > /dev/null | mail . . .
but it didn't work -- I still receive blank emails when there is no STDERR. Do I need to do this in the script itself?
Sorry if this seems basic, I have googled a lot but can't seem to find this answered succintly.
For cron you don't need to pipe through mail. The cron daemon will automatically mail any output of your command to you. Your crontab entry should look like:
# every minute
* * * * * ./prog >/dev/null
If there is no STDERR output, you won't get any mail.
You are asking incorrect question. When you are using mail(1) to send the email, it is no longer relevant that its in cron. What you actually need is to pipe stderr to stdin of mail. Normal pipe is from stdout to stdin, so simplest way to solve this is redirect:
{ /prog > /dev/null ; } 2>&1 | mail ...
Or in the less-clear way because of confusing order of redirectings:
/prog 2>&1 > /dev/null | mail ...
mail v1.6 has an option to not send messages with an empty body:
-E Do not send messages with an empty body.
This is useful for piping errors from cron(8) scripts.
This might be what you are looking for.
The -s file test will tell you if a file exists and has size greater than zero.
./prog >/dev/null 2>some/file ; if [ -s some/file ] ; then mail < some/file ; fi
There is a nice tool called cronic that does this. It is part of the moreutils package.
If your SCRIPT has commands that may produce STDERR that you want to be notified on, then you need to use a mail or mailx call within the script itself (if then else or ). The cron job STDOUT and STDERR redirects are ONLY for cron job EXECUTION STDOUT and STDERR. hkmaly had it right on the n
I have a script that addresses and sends an email but I need a body in the message without creating a file and then inserting the file with the standard MAIL commandline.
How can I do that?
Assuming the body you want to create is something you can write to SYS$OUTPUT (e.g. the output of a command procedure or DCL command), then you can use DCL PIPE to pipe the output into VMS Mail, like:
$ PIPE write sys$output "The date is ", f$cvtime() | MAIL SYS$INPUT smith/SUBJ="Piping in DCL"
or
$ PIPE DIR *.LOG | MAIL SYS$INPUT smith/SUBJ="Piping in DCL"
The PIPE command was added in OpenVMS V7.1. If you are somehow on an pre-7.1 system, then your only choice is writing to a temporary file and cleaning up.
Edit: To answer the comment, if you want to eliminate the interactive displays from the Mail command, you can redirect SYS$OUTPUT to NLA0:, as in:
$ PIPE DIR *.LOG | MAIL SYS$INPUT smith/SUBJ="Piping in DCL" > NLA0:
Error messages go to SYS$ERROR, so you'll still see any failures. See HELP PIPE for more goodness.
Have the script create a temporary file to hold the body of the message.
Mail will accept a text file on the command line, like the list of users and the /subj