Monitor a log file for Mac Address using Perl and Linux::Inotify2 Module

Question

I currently have my script here it is, my goal is to be able to monitor a live log file that is updated every second and as soon as my script finds this f8:27:93:88:1c:95 mac address it writes the line to a script.

#!/usr/bin/perl
my $mac = "f8:27:93:88:1c:95";
open (OUT, ">output.txt");
sub Reader (){
    @a1 = `Tail System.log`;
}
sub Parser (){
    if( $_=~ m/f8:27:93:88:1c:95/ ){
        print OUT $_;
    }
}

My goal is to be able to watch this log file, it is being updated every second so tail does not work well.

Here is a snippet from the log file

> [2014-07-18 14:11:22,849] <inform_stat-1> WARN event - [event] User[f8:27:93:0c:da:c5] roams from AP[dc:9f:db:1a:61:bd] to AP[dc:9f:db:1a:61:b9] on "channel 44(na)"

What is your question? This just reads like a request to write your program for you. — ThisSuitIsBlackNot, Jul 28 '14 at 18:02
I need help using inotify, i don't understand how to use it. — Dimitri Pantzos, Jul 28 '14 at 18:07
Have you read the [documentation](https://metacpan.org/pod/Linux::Inotify2)? Edit your question to include what *specifically* you're having trouble with. — ThisSuitIsBlackNot, Jul 28 '14 at 19:15

score 0 · Accepted Answer · answered Jul 28 '14 at 19:46

0

Perhaps use a cpan module like File::Tail

#!/usr/bin/perl

use strict;
use warnings;
use autodie;

use File::Tail;

my $infile = 'System.log';
my $outfile = 'output.txt';
my $mac = 'f8:27:93:88:1c:95';

open my $outfh, '>', $outfile;

my $tail = File::Tail->new($infile);
while (defined(my $line = $tail->read)) {
    print $outfh $line if $line =~ m/\Q$mac/;
}

answered Jul 28 '14 at 19:46

Miller

34,962
4
39
60

Would this still work because the Log File, is being update every second, i tried tail before but it didn't work that well because the file is always being updated. – Dimitri Pantzos Jul 28 '14 at 20:40
Yes, this would work for a continually growing log file. The only limitation is that this module does not appear to install easily on Windows. So as long as your on a Mac or Unix based machine, this should work well. – Miller Jul 28 '14 at 22:44

score 0 · Answer 2 · answered Jul 29 '14 at 07:14

You have already mentioned that the log changes every second. So inotify will not help much in your case. So I recommend to run your perl script as daemon so that it can constantly analyze your log file and output the result to a text file. To avoid load you should use seek and tell so that whole file need not need to load into the server. The below code will work for you.

#!/usr/bin/perl
use POSIX qw(setsid);
use LWP::Simple;
$| = 1;
# daemonize the program
&daemonize;
while(1)
{
open (DATA,"</var/log/log");
open (OUT, ">output.txt");
my $position = 0;
$position = `cat /tmp/position` if -e "/tmp/position";
seek (DATA,$position,0);
while (<DATA>)
{
if( $_=~ m/f8:27:93:88:1c:95/ ){
        print OUT $_;
    }
}
$position = tell(DATA);
open (DATA1,">/tmp/position");
print DATA1 $position;
close(DATA);
close(DATA1);
close(OUT);
}
sub daemonize {
chdir '/' or die "Can’t chdir to /: $!";
open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
open STDOUT, '>>/dev/null' or die "Can’t write to /dev/null: $!";
open STDERR, '>>/dev/null' or die "Can’t write to /dev/null: $!";
defined(my $pid = fork) or die "Can’t fork: $!";
exit if $pid;
setsid or die "Can’t start a new session: $!";
umask 0;
}

Can't locate LWP/Simple.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at Search.pl line 3. BEGIN failed--compilation aborted at Search.pl line 3. — Dimitri Pantzos, Jul 29 '14 at 14:18

Monitor a log file for Mac Address using Perl and Linux::Inotify2 Module

2 Answers2