折腾了点时间,供参考
# -*- coding: utf-8 -*-
__author__ = 'River'
import timeit,os
import re,time
'''
'''
#被监控的文件
log_file="/var/log/messages"
#记录读取的行数
line_file="/var/log/line.log"
##计算文件行数
def linecount(log_file):
count = 0
with open (log_file,'rb') as thefile:
while 1:
buffer = thefile.read(65536)
if not buffer:
break
count += buffer.count('\n')#通过读取换行符计算
return count
try:
##宁愿重复报警,也不能遗漏报警,上次读取的结尾初始化为50%文件行数
end_line=int(linecount(log_file)*0.5)
while 1:
with open (line_file,'r') as fileHandle_line:
try:
#获取上次记录的读取位置
start_line_record=fileHandle_line.readlines()[0:1][0].strip()
start_line = int(start_line_record)
except:
#start_line=int(end_line*0.5)
start_line=int(linecount(log_file)*0.5)
with open (log_file,'r') as fileHandle_log:
try:
fileList = fileHandle_log.readlines()[start_line:]
end_line=start_line
for line in fileList:
end_line=end_line+1
#匹配上正则规则
if re.match(r".*puppet-agent.*\(\/Stage",line):
#过滤出需要的文字:时间、主机名、变更内容
tmp_list=line.strip().split(" ")
action_time=tmp_list[0]+tmp_list[1]+" "+tmp_list[2]+" "+tmp_list[3]
hostname=tmp_list[4]
change=line.strip().split("(")[1]
print action_time +" "+hostname+" "+change
else:
continue
fileList=[]
with open (line_file,'w') as fileHandle_line_w:
#保存本次读到的文件位置
fileHandle_line_w.write(str(end_line))
except:
#start_line=int(end_line*0.5)
fileHandle_line_w.write(str(end_line))
raise "ERROR 读取文件失败%s" %(log_file)
#以5s为间隔,再次从上次记录的位置读取文件
time.sleep(5)
except:
with open (line_file,'w') as fileHandle_line_w:
#异常时保存本次读到的文件位置
fileHandle_line_w.write(str(end_line))