#!/bin/sh
#
# check_syslog
#
#
# Check for new messages in syslog
#

OS=`uname`
SCRIPTNAME=`basename $0`
LASTEFILE=/var/tmp/$SCRIPTNAME.lastmsg
EXCLFILE=$0.excludemsg
SYSLOG=/var/adm/messages
TMPFILE=/tmp/$SCRIPTNAME.$$

[ x"$1" = x"-d" ] && DEBUG=1

debug () { [ -n "$DEBUG" ] && echo "$*"; }

# works only on Solaris at this time
[ "$OS" != "SunOS" ] && { debug "Exiting (not on SunOS)"; exit 0; }

# Set initial conditions (all existing messages are reported)
touch $LASTEFILE
read < $LASTEFILE LASTLINES LASTMONTH LASTDAY LASTTIME LASTMSG
[ -z "$LASTLINES" ] && LASTLINES=0

# Handle log-switching (reset lines to 0)
LOGLINES=`wc -l $SYSLOG | awk '{print $1}'`
[ $LASTLINES -gt $LOGLINES ] && LASTLINES=0

debug "Last: $LASTLINES, Actu: $LOGLINES"
# skip the last line (was included the last time)
LASTLINES=`expr $LASTLINES + 1`

# read from the 1st new line to the end

EREGEX=`cat $EXCLFILE | sed 's/#.*$//;/^ *$/d' | awk '{printf("%s|", $0)} END {printf("\n")}' | sed 's/[|]$//'`

# echo "$EREGEX" >/tmp/LastEregex.$$

getnewlines() { sed -n "$LASTLINES"',$p' $SYSLOG | egrep -v "$EREGEX"; }

echo >$LASTEFILE $LOGLINES $MONTH $DAY $TIME $MSG

[ `getnewlines | wc -l`  -eq 0 ] && { echo "syslog OK"; exit 0; }

echo "`hostname`: New messages in $SYSLOG:"
getnewlines
exit 1