Extract syslog info from Central Logserver – via cron and mail

Many companies use a Central Loghost where syslogs from all servers are consolidated.

If there is a need for example to check on certain entries it is no need to acces the individual servers, instead extract info from 1 centrel Logfile can do the trick.

In case the is a Central Loghost then syslog info about lvm errors can be collected (only when lvm is configured to use syslog for event and error reporting).

Example is to check in LVM errors that can cause major issues when not timely noticed, like:

   <server09> user.err Couldn’t find device with uuid I2CiGM-ZaaM-wbbD-gccL-ZvrF-l3uk-ouXzxZ.

A script was extract these kind of uuid errors,  /root/lvm-uuid-log-check.sh

# Script to extract LVM related UUID error messages from syslog
# 20151103 – AA
ARCH_DATE=`date -d “yesterday 13:00 ” ‘+%Y%m%d’`
bunzip2 -ck /log/archive/linux.log-$ARCH_DATE.bz2 | grep -i “user.err lvm” | grep -v s0[0-9]tl | grep -v rootvg > /tmp/syslog-lvm-errors-$ARCH_DATE
cat /tmp/syslog-lvm-errors-$ARCH_DATE | grep uuid | sort -k4,4 -k2,2n > /tmp/syslog-lvm-errors-$ARCH_DATE-UUID
cat /tmp/syslog-lvm-errors-$ARCH_DATE-UUID | awk -F” ” ‘{$1=$2=$3=$6=””; print $0 }’ | sort -u > /tmp/syslog-lvm-errors-$ARCH_DATE-UUID-summary
cat /tmp/syslog-lvm-errors-$ARCH_DATE-UUID-summary | mutt -a /tmp/syslog-lvm-errors-$ARCH_DATE-UUID -s “[REPORT LVM-UUID ERRORS] $ARCH_DATE” — lvm_mail@server.com

Put this script in cron (user: root) to run each day a specific time and receive a mail with the issues listed:

# DO NOT EDIT THIS FILE – edit the master and reinstall.
# (/tmp/crontab.XXXXWvcC0A installed on Tue Nov  3 14:30:03 2015)
# (Cron version V5.0 — $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)
25 02 * * *   /root/lvm-uuid-log-check.sh >/dev/null 2>&1