折腾了点时间,供参考
# -*- coding: utf-8 -*- __author__ = 'River' import timeit,os import re,time ''' ''' #被监控的文件 log_file="/var/log/messages" #记录读取的行数 line_file="/var/log/line.log" ##计算文件行数 def linecount(log_file): count = 0 with open (log_file,'rb') as thefile: while 1: buffer = thefile.read(65536) if not buffer: break count += buffer.count('\n')#通过读取换行符计算 return count try: ##宁愿重复报警,也不能遗漏报警,上次读取的结尾初始化为50%文件行数 end_line=int(linecount(log_file)*0.5) while 1: with open (line_file,'r') as fileHandle_line: try: #获取上次记录的读取位置 start_line_record=fileHandle_line.readlines()[0:1][0].strip() start_line = int(start_line_record) except: #start_line=int(end_line*0.5) start_line=int(linecount(log_file)*0.5) with open (log_file,'r') as fileHandle_log: try: fileList = fileHandle_log.readlines()[start_line:] end_line=start_line for line in fileList: end_line=end_line+1 #匹配上正则规则 if re.match(r".*puppet-agent.*\(\/Stage",line): #过滤出需要的文字:时间、主机名、变更内容 tmp_list=line.strip().split(" ") action_time=tmp_list[0]+tmp_list[1]+" "+tmp_list[2]+" "+tmp_list[3] hostname=tmp_list[4] change=line.strip().split("(")[1] print action_time +" "+hostname+" "+change else: continue fileList=[] with open (line_file,'w') as fileHandle_line_w: #保存本次读到的文件位置 fileHandle_line_w.write(str(end_line)) except: #start_line=int(end_line*0.5) fileHandle_line_w.write(str(end_line)) raise "ERROR 读取文件失败%s" %(log_file) #以5s为间隔,再次从上次记录的位置读取文件 time.sleep(5) except: with open (line_file,'w') as fileHandle_line_w: #异常时保存本次读到的文件位置 fileHandle_line_w.write(str(end_line))