How do I Access a log file from the last eof?



  • I am trying to scan /var/log/openvpn for VPN logons/authentication failures.

    I know I can do something like this:
    clog -f openvpn.log | grep 'openvpn: user' -A 2 | python_program

    Which will find all the successful/unsuccessful access attempts, but I'm a bit concerned about leaving something like that running permanently, and it is also not easy or straightforward to process individual events since a read is going to block.

    Is there any way easy way to access the log file with python that would allow keeping track of where the last eof was, and then reopening the file for read from that point?

    As an alternative could I do something like:

    clog -f openvpn.log | grep 'openvpn: user' -A 2 >>holdingfile.txt

    The with a cron job have python read the file contents and then truncate the file to empty it? Does >> lock the file? If the file isn't locked and can be read/writted with the above statement, would truncating holdingfile.txt to zero length screw things up?

    If the log file was a regular "linear file", I would read to eof, process any entries, save the length, and then on the next run set the file pointer to the last eof address before reading again. A cron job with run the program every 5 minutes to check for activity.

    Any way to accomplish that with these circular logs (other than writing a complex hander)?

    My intended outcome is to send an email and write an entry to the system log on every access. (This is a personal system where I (and maybe later my wife) would be the only users, and accesses wouldn't be frequent events.) If somehow access key/creds got stolen I want to know about it immediately and since access is so infrequent and highly controlled an unauthorized event would be easy to spot.

    Any advice/suggestions would be much appreciated.