How do I parse a log file for one hour with a simple shell script?

Question

How do I parse a log file using only a shell script, for last one hour?

Each hour, the script should execute, parse the previous hour's logs, and the already alerted or listed errors should not repeat.

Error log example given below:

120622 13:06:36 mysqld_safe Starting mysqld daemon with databases from <path>
120622 13:06:36 [Note] Plugin'FEDERATED' is disabled.
120622 13:06:36  InnoDB: Initializing buffer pool, size = \78.0M
120622 13:06:36  InnoDB: Completed initialization of buffer pool
InnoDB: No valid checkpoint found.
InnoDB: If this error appears when you are creating an InnoDB database,
InnoDB: the problem may be that during an earlier attempt you managed
InnoDB: to create the InnoDB data files, but log file creation failed.
InnoDB: If that is the case, please refer to
InnoDB: http:<path>error-creating-innodb.html
120622 13:06:36 [ERROR] Plugin 'InnoDB' init function returned error.
120622 13:06:36 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
120622 13:06:36 [Note] Event Scheduler: Loaded 0 events
120622 13:06:36 [Note] <path>mysqld: ready for connections.

I want to alert only the ERROR d line.

Answer 1

Check out logtail. It's a tool for reading lines in logs that have not been read.

http://manpages.ubuntu.com/manpages/hardy/man8/logtail2.8.html

Answer 2

Write the script like this and call it from cron every hour:

#!/bin/bash

logfile=/var/lib/mysql/error.log
oldlogfile=/var/lib/mysql/error.log.old
email=your@mail.box.here

if [ -f $oldlogfile ]; then
  diff $oldlogfile $logfile | grep ERROR > /dev/null
  if [ $? -eq 0 ]; then
    diff $oldlogfile $logfile | grep ERROR | mail -s 'last hour mysql errors' $email
  fi
fi
cp -p $logfile $oldlogfile