Bash File Modified Alert for Raspbery Pi on Raspbian

Question

I am a bit new here on Stackoverflow (which you can probably see by my reputation), but I was wondering how to make an audible alert or some other type of modification to an auto polling log file of failed login attempts for RDP (specifically XRDP) sessions on a Rasbperry Pi.

Since it is a Raspberry Pi, I am sure you understand why I would want to run it headless.

I have done lots of searching and only seem to find references or ways to make audible alerts when connected directly to the Pi. I want to have this alert come while running in a mostly silent terminal window. I would prefer a beep for new log activity (if log file size has changed, beep) and then the log to be checked at specific intervals (i.e. every 30 seconds or 1 minute, etc).

My log location is here if it helps in giving me some idea how to start making this Bash script /var/log/xrdp.log

Answer 1

Here is a gist of a bash script that will do exactly what you want, over SSH, on a Raspberry Pi (or any Linux, really):

https://gist.github.com/free5ty1e/300adb0800ba45f3fe4e

#!/bin/bash

# xrdpLogMonitor.sh <optional timeout in seconds>
# This script will check and spit out your xrdp log file every X seconds
# (default 30 if not specified)
# If the file size has changed since your last check, your terminal will beep (system alert)

logFileName="/var/log/xrdp.log"

if [ $# -eq 0 ];
then
    echo "No arguments supplied, will use default time between log polls (30 seconds)"
    secondsBetweenLogPolls=30
else
    echo "Using supplied timeout of $1 seconds between log polls"
    secondsBetweenLogPolls=$1
fi


function updateLogModifiedTimeAndBeepIfChanged()
{
    lastLogModifiedTime=$LogModifiedTime
    LogModifiedTime="$(stat --printf="%Z" $logFileName)"
    if [ "$LogModifiedTime" != "$lastLogModifiedTime" ];
    then
        echo NEW LOG ACTIVITY CAPTURED!!!!

        #Below line creates the terminal beep
        echo -ne '\a'
    fi
}

while [  1 -lt 2 ]; do
    updateLogModifiedTimeAndBeepIfChanged
    echo "$(ls -l $logFileName)"
    echo "Polling  logfile $logFileName which was last modified at $LogModifiedTime..."

    #You will need sudo on the pi to cat this xrdp log
    sudo cat $logFileName

    #Uncomment the following line to search, for example, for "USER:" and display only those lines that contain it:
    #sudo cat $logFileName | grep USER:

    echo "$(date) <--- this is now"
    sleep $secondsBetweenLogPolls
done

Once you have created the xrdpLogMonitor.sh file, don't forget to set it as executable by typing:

chmod +x ./xrdpLogMonitor.sh

Then execute it by typing:

./xrdpLogMonitor.sh