| Version 2 (modified by chris, 3 years ago) (diff) |
|---|
This is a very crude script to grep Nginx logs for 50x errors, it is run via logrotate, see below.
nginx-logwatch
#!/bin/bash
# The log file we are checking, best run the script via logrotate,
# for example edit /etc/logrotate.d/nginx to:
#
# prerotate
# /usr/local/bin/nginx-logwatch chris@webarchitects.co.uk
# if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
# run-parts /etc/logrotate.d/httpd-prerotate; \
# fi \
# endscript
# check that the script is being run by root
if [[ "$(id -u)" != "0" ]] ; then
echo "You must run $0 as root or via sudo"
exit 2
fi
# check for a logfile on standard input
if [[ $1 ]]; then
LOGFILE=$1
elif [[ ! $1 ]]; then
echo "You need to provide the logfile as the first argument, eg:"
echo "$0 /var/log/nginx/crin.org.access.log"
exit
fi
# Optional email address to send the results to
EMAIL=$2
# grep for all the lines with error codes
#ERRORS=$(grep '1.[0|1]" [4|5]0[2|3|4] ' $LOGFILE)
#ERRORS=$(grep '1.[0|1]" [4|5]0[2|3|4] ' $LOGFILE)
ERRORS=$(grep '1.[0|1]" 50[2|3|4] ' $LOGFILE)
# grep for to totals for these errors codes
#ERRORS_403=$(grep -c '1.[0|1]" 403 ' $LOGFILE)
#ERRORS_404=$(grep -c '1.[0|1]" 404 ' $LOGFILE)
ERRORS_502=$(grep -c '1.[0|1]" 502 ' $LOGFILE)
ERRORS_503=$(grep -c '1.[0|1]" 503 ' $LOGFILE)
ERRORS_504=$(grep -c '1.[0|1]" 504 ' $LOGFILE)
# check to see if any errors were found
if [[ $ERRORS ]]; then
# check for a email address
if [[ $EMAIL ]]; then
# name of the server
HOSTNAME=$(hostname)
# email subject line
#SUBJECT="$ERRORS_403 403, $ERRORS_404 404, $ERRORS_502 502, $ERRORS_503 503 and $ERRORS_504 504 errors from $HOSTNAME"
#SUBJECT="$ERRORS_403 403, $ERRORS_502 502, $ERRORS_503 503 and $ERRORS_504 504 errors from $HOSTNAME"
SUBJECT="$ERRORS_502 502, $ERRORS_503 503 and $ERRORS_504 504 errors from $HOSTNAME"
# we were supplied with a email address so send the results by email using mutt
echo "$ERRORS" | mutt -s "$SUBJECT" $EMAIL
# we don't have a email address so display the results of the grep
else [[ ! $EMAIL ]]
echo "Supply a email address on the command line to send the following results by email"
echo ""
#echo "Total 403 errors: $ERRORS_403"
#echo "Total 404 errors: $ERRORS_404"
echo "Total 502 errors: $ERRORS_502"
echo "Total 503 errors: $ERRORS_503"
echo "Total 504 errors: $ERRORS_504"
echo ""
echo "Lines with errors from $LOGFILE"
echo ""
echo "$ERRORS"
echo ""
echo "This script is best piped into a pager, eg:"
echo "$0 | less"
fi
else
# we don't want any output if a email address is specified as the script is run via cron
if [[ ! $EMAIL ]] ; then
#echo "No recent 403, 404, 502, 503 or 504 errors were found"
#echo "No recent 403, 502, 503 or 504 errors were found"
echo "No recent 502, 503 or 504 errors were found"
fi
fi
/etc/logrotate.d/nginx
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
/usr/local/bin/nginx-logwatch /var/log/nginx/crin.org.ssl_access.log root@localhost
/usr/local/bin/nginx-logwatch /var/log/nginx/crin.org.access.log root@localhost
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}/var/log/nginx/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
/usr/local/bin/nginx-logwatch /var/log/nginx/crin.org.ssl_access.log root@localhost
/usr/local/bin/nginx-logwatch /var/log/nginx/crin.org.access.log root@localhost
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
