Monitoring any changes in /var/log/messages to file

[oldfrog na volny.cz]

>OK I coped with it by
>tail -f /var/log/messages >> file
>
>But my second question is still on top.
>Sergiusz.
>
>Użytkownik "Sergiusz Michalski" <boss na sergenet.prv.pl> napisał w wiadomości
>news:belvu4$gpg$1 na atlantis.news.tpi.pl...
>  
>
>>Hi!
>>
>>Maybe you have any good idea how to detect any new changes maked in
>>/var/log/messages and write it to new separate file. Any script???
>>
>>I've tried to use diff program but I need to have 2 files to compare so  I
>>don't think that this is  an optional solution.
>>
>>Thanks for all advices.
>>
>>Serge M.
>>
You can maybe watch size, checksum, atime (but atime can be changed
without changing content of file) or number of lines. Try 'ls',
'md5sum', 'wc', 'find'.

Simple example:

---example--script---
#!/bin/sh

FILE="messages"
WAIT="10s"
LOGF="new-lines-of-$FILE.log"

while true;
do
        LAST_LN="$(set $(wc -l $FILE); echo $1;)"
        CURR_LN="$(sleep $WAIT; set $(wc -l $FILE); echo $1;)"
        CHNG_LN="$(($CURR_LN-$LAST_LN))"

        CURR_LN="$CURR_LN"
        LAST_LN="$CURR_LN"

        echo "LAST NUMBER OF LINES:     $LAST_LN"
        echo "CURRENT NUMBER OF LINES:  $CURR_LN"
        echo "NUMBER OF NEW LINES:      $CHNG_LN"

        [ "$CHNG_LN" != "0" ] && tail -n "$CHNG_LN" "$FILE" > $LOGF;
done;

---example--script---

Run this script and then use logger to append some entry in 'messeges':

# logger $(date)

All appended lines will be written in 'new-lines-of-messages.log'.
Everytime the file 'messages' is changed this script overwrites
the file 'new-lines-of-messages.log'.

Note1: script may fail when logrotate rotates logfiles...
Note2: 'wc' is quite slow method to watch if file is changed
Note3: excuse my horrible english

O.

-- 
------------------
Ondrej Nemecek
    alias 'OldFrog'

tel:     241766035
ICQ:     250163477
------------------