Alert log checking


A common requirement is to be able to check the alert log at regular intervals for system errors that may have occurred. Anyone familiar with unix will know that 'grep' will trivially search the file. The problem is - how to only search the part of the alert log that has been added to since the last time you search.

You can use the 'dd' command to achieve this, as the following script demonstrates. (It also keeps the alert log down to a manageable size).

ALERT_LOG=$BACKGROUND_DUMP/alert_$ORACLE_SID.log
MAXSIZE=1000000
LINES_KEPT=1000

if [ -f $ALERT_LOG.prev ] ; then
   PREVSIZE=`ls -l $ALERT_LOG.prev | awk '{print $5}'`
   dd if=$ALERT_LOG of=/tmp/alert.log bs=$PREVSIZE skip=1
   CHECKFILE=/tmp/alert.log
else
   PREVSIZE=0
   CHECKFILE=$ALERT_LOG
fi

if [ "`grep 'ORA-' $CHECKFILE`" ] ; then
   (error has occurred)
   send $CHECKFILE as email or whatever
else
   (no errors found)
fi

if [ $PREVSIZE -gt $MAXSIZE ] ; then
  tail -$LINES_KEPT $ALERT_LOG > $ALERT_LOG.new
  mv $ALERT_LOG.new $ALERT_LOG
fi

cp $ALERT_LOG $ALERT_LOG.prev