I want to monitor my log files for a specific line, and if found send an e-mail alert. Rsyslog has this built in, and it works great. I put the following config in
/etc/rsyslog.g/dhcp-watch.conf and now I get an email if a specific DHCP subnet is used.
# If we give out DHCP for a specific network send an alert email $ModLoad ommail $ActionMailSMTPServer mail.domain.com $ActionMailFrom firstname.lastname@example.org $ActionMailTo email@example.com $template mailSubject,"DHCP Poll activity on %hostname%" $template mailBody,"DHCP Activity on the VLAN 873 pool\r\n\r\n%msg%" $ActionMailSubject mailSubject # Only send an email every 15 minutes $ActionExecOnlyOnceEveryInterval 900 # This if/then must all be on one line if $msg contains 'DHCPOFFER on 10.1.9.' then :ommail:;mailBody