A modular, efficient log monitoring system for Linux environments that scans system logs, filters critical events, and sends email alerts.
- Automated monitoring of multiple log sources
- Configurable pattern matching for critical event detection
- Email notifications for critical events
- Modular architecture with high cohesion and low coupling
- Comprehensive error handling and logging
- Performance optimized for large log files
- Bash 4.0+
- Linux-based operating system
- Mail utilities (mailutils, sendmail)
- Standard Linux utilities (grep, awk, sed)
- Clone this repository:
- git clone https://github.com/gautam-cpp/log-monitor.git
- cd log-monitor
- Run the installation script:
- sudo ./install.sh
- Configure the system by editing the configuration file:
- sudo nano /etc/log-monitor/config.conf
- Test the installation:
- sudo /opt/log-monitor/log_monitor.sh --test
The log monitoring system runs automatically via cron job after installation. You can also run it manually: sudo /opt/log-monitor/log_monitor.sh
--test: Run in test mode without sending alerts--verbose: Enable detailed console output--config=/path/to/config: Use alternative configuration file
The system is configured via /etc/log-monitor/config.conf. Key settings include:
LOG_SOURCES: Space-separated list of log files to monitorCRITICAL_PATTERNS: Patterns that trigger alertsEMAIL_RECIPIENT: Where to send alert emailsCHECK_INTERVAL: How often to run checks (in minutes)
See the example configuration file for more options.
Log acquisition
Pattern matching and filtering
Alert generation
Notification delivery
acquire_logs(): Retrieves logs from specified sources
filter_critical_events(): Identifies critical events based on patterns
generate_alert(): Creates formatted alert messages
send_notification(): Delivers alerts via email
The system will be divided into independent, reusable modules:
The system will be divided into independent, reusable modules:
- log_parser.sh: Handles log acquisition and filtering
- alert_manager.sh: Manages alert generation and delivery
- config_handler.sh: Manages configuration settings
- utils.sh: Contains utility functions shared across modules
High Cohesion: Each module will focus on a single responsibility
Low Coupling: Modules will interact through well-defined interfaces, minimizing
dependencies
Installation instructions:
- Clone repository to /opt/log-monitor/
- Run install.sh to set up dependencies:
sudo apt-get install mailutils sendmail
- Configure settings in /etc/log-monitor/config.conf
- Set up cron job to run the monitor periodically:
*/10 * * * * /opt/log-monitor/run_monitor.sh
- Main: Stable production code
- Develop: Integration branch for features
- Feature/X: Individual feature branches
- Bugfix/X: Bug fix branches
- Release/X.Y: Release preparation branches
git checkout develop
git pull
git checkout -b feature/log-filtering
git add modules/log_parser.sh
git commit -m "Implement advanced log filtering with regex patterns"
git push origin feature/log-filtering
git checkout develop
git merge --no-ff feature/log-filtering
git push origin develop
git checkout -b release/1.
# Version bumping and final testing
git checkout main
git merge --no-ff release/1.
git tag -a v1.0 -m "Version 1.0"
git push origin main --tags
Semantic versioning MAJOR.MINOR.PATCH
Version information stored in VERSION file
CHANGELOG.md updated with each release
Git tags for each release version
- ShellCheck for static code analysis
- BATS (Bash Automated Testing System) for unit testing
- time command to measure execution time
- htop for CPU and memory usage
- iostat for I/O performance
load '../modules/log_parser.sh'
load '../modules/utils.sh'@test "filter_critical_events finds ERROR patterns" {
result=$(filter_critical_events "test_data/sample.log" "ERROR")
[ -n "$result" ]
[[ "$result" == *"ERROR"* ]]
}
@test "parse_log_entry extracts correct components" {
entry="Apr 1 10:15:30 server kernel: ERROR: Out of memory"
result=$(parse_log_entry "$entry")
[[ "$result" == *"TIMESTAMP: Apr 1 10:15:30"* ]]
[[ "$result" == *"SEVERITY: ERROR"* ]]
[[ "$result" == *"MESSAGE: server kernel: ERROR: Out of memory"* ]]
}
# Measure execution time
time ./log_monitor.sh
# Monitor resource usage
/usr/bin/time -v ./log_monitor.sh
- Test with large log files (>1GB)
- Test with high-frequency log generation
- Input validation for all parameters
- Comprehensive error handling
- Graceful degradation when components fail
- Self-monitoring capabilities
- Health check endpoints
- Performance metrics collection
- Detailed installation and troubleshooting guides
- Regular knowledge sharing sessions
- Incident response procedures
- Regular code reviews
- Automated testing in CI/CD pipeline
- Post-incident analysis and improvements
Thanks to these amazing people who contributed to this project:
| Contributor | Profile |
|---|---|
| Sumedhvats | |
| Mohit137c | |
| Vivek-Anand727 |