Help with some script for logging of events?

[Revo2Maxx]

Hello all,

Just trying to work on a script that will alert me when I get an event.. You can see in the first code box area the running feed of events that I am getting on my Linux box in IP Camera log.. However I am trying to get an alert to terminal on event. last part of that first code box is showing that it is running and has been but only data that it has was the last event that happened before I started that was 8hrs ago. So it has been running and should have pulled in the new events that you can see was 2242..

Code: Select all

Mar  4 21:39:44 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  4 21:39:47 10.0.0.236 "EventStop"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  4 22:42:06 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  4 22:42:08 10.0.0.236 "EventStop"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  4 22:47:14 10.0.0.175 "LogIn"#012{#012   "Address" : "10.0.0.17",#012   "Type" : "DVRIP"#012}
Mar  4 22:47:25 10.0.0.175 "LogOut"#012{#012   "Address" : "10.0.0.17"#012}
^C
revo2maxx@Rmaxxi7:~$ sudo systemctl status camera-alert.service
[sudo] password for revo2maxx:           
● camera-alert.service - Camera Alert Notification Service
     Loaded: loaded (/etc/systemd/system/camera-alert.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2025-03-04 15:28:39 EST; 8h ago
   Main PID: 119793 (camera-alert.sh)
      Tasks: 3 (limit: 38197)
     Memory: 2.8M
     CGroup: /system.slice/camera-alert.service
             ├─119793 /bin/bash /usr/local/bin/camera-alert.sh
             ├─119798 tail -F /var/log/ipcamera.log
             └─119799 /bin/bash /usr/local/bin/camera-alert.sh

Mar 04 15:28:39 Rmaxxi7 systemd[1]: Started Camera Alert Notification Service.
Mar 04 15:28:39 Rmaxxi7 camera-alert.sh[119824]: Mar  4 15:25:01 10.0.0.236 "EventStart"
Mar 04 15:28:39 Rmaxxi7 camera-alert.sh[119824]:    "Code" : "CrossLineDetection",
revo2maxx@Rmaxxi7:~$ 

So here is the simple code, Also so I am clear, I have made sure that I have access to the log files that I can read write and all options to it and my code is kind of a mess as I have added in some extra testing area in different random spots but I will just post what I have in the last setup of the shell scipt. maybe @ultimatecodewarrior has something in the magic box he has that can point a light on what is missing?

Code: Select all

#!/bin/bash

LOG_FILE="/var/log/ipcamera.log"
ALERT_PIPE="/var/run/camera-alert.pipe"
DEBUG_LOG="/var/log/camera-debug.log"
echo "[DEBUG] Script triggered at $(date)" >> /var/log/camera-debug.log
# Create the pipe if it doesn't exist
[ ! -p "$ALERT_PIPE" ] && mkfifo "$ALERT_PIPE"

# Monitor the log file for events
tail -F "$LOG_FILE" | while read line; do
    # Clean the log line by replacing #012 with newlines
    CLEAN_LINE=$(echo "$line" | sed 's/#012/\n/g')

    # Log the raw and cleaned lines for debugging
    echo "[DEBUG] Raw line: $line" >> "$DEBUG_LOG"
    echo "[DEBUG] Clean line: $CLEAN_LINE" >> "$DEBUG_LOG"

    # Check for event types
    if echo "$CLEAN_LINE" | grep -E "EventStart|AudioMutation|CrossLineDetection"; then
        TIMESTAMP=$(date)

        # Log the matched event
        echo "[DEBUG] Match found at $TIMESTAMP: $CLEAN_LINE" >> "$DEBUG_LOG"

        # Send alert to the pipe and log it
        echo "[$TIMESTAMP] Camera Alert: $CLEAN_LINE" > "$ALERT_PIPE"
        echo "[$TIMESTAMP] Camera Alert: $CLEAN_LINE" >> /var/log/camera-alerts.log
    fi
done

any info anyone has that might point me in what is missing.

Thank you in advance
Revo2Maxx

[Revo2Maxx]

Here is some of the Debug log as well so you can see it has been running?

Code: Select all

[DEBUG] Match found at Tue 04 Mar 2025 03:02:11 PM EST: Mar  4 14:59:48 10.0.0.236 "EventStop"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Tue 04 Mar 2025 03:24:45 PM EST
[DEBUG] Raw line: Mar  4 15:17:46 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:17:46 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Tue 04 Mar 2025 03:24:45 PM EST: Mar  4 15:17:46 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Tue 04 Mar 2025 03:25:48 PM EST
[DEBUG] Raw line: Mar  4 15:22:38 10.0.0.175 "LogIn"#012{#012   "Address" : "10.0.0.17",#012   "Type" : "DVRIP"#012}
[DEBUG] Clean line: Mar  4 15:22:38 10.0.0.175 "LogIn"
{
   "Address" : "10.0.0.17",
   "Type" : "DVRIP"
}
[DEBUG] Raw line: Mar  4 15:24:05 10.0.0.36 "LogIn"#012{#012   "Address" : "10.0.0.17",#012   "Type" : "Web3.0",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:05 10.0.0.36 "LogIn"
{
   "Address" : "10.0.0.17",
   "Type" : "Web3.0",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:24:05 10.0.0.36 "LogIn"#012{#012   "Address" : "10.0.0.17",#012   "Type" : "Web3.0",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:05 10.0.0.36 "LogIn"
{
   "Address" : "10.0.0.17",
   "Type" : "Web3.0",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:25:01 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Tue 04 Mar 2025 03:25:48 PM EST: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Tue 04 Mar 2025 03:28:39 PM EST
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:25:01 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Tue 04 Mar 2025 03:28:39 PM EST: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Tue 04 Mar 2025 03:29:23 PM EST
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:24:23 10.0.0.36 "LogOut"#012{#012   "Address" : "10.0.0.17",#012   "User" : "admin"#012}
[DEBUG] Clean line: Mar  4 15:24:23 10.0.0.36 "LogOut"
{
   "Address" : "10.0.0.17",
   "User" : "admin"
}
[DEBUG] Raw line: Mar  4 15:25:01 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Tue 04 Mar 2025 03:29:23 PM EST: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Tue 04 Mar 2025 03:30:45 PM EST
[DEBUG] Raw line: Mar  4 15:25:01 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Tue 04 Mar 2025 03:30:45 PM EST: Mar  4 15:25:01 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Raw line: Mar  4 15:25:03 10.0.0.236 "EventStop"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 15:25:03 10.0.0.236 "EventStop"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Wed 05 Mar 2025 12:21:14 AM EST: Mar  4 15:25:03 10.0.0.236 "EventStop"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Script triggered at Wed 05 Mar 2025 12:21:45 AM EST
[DEBUG] Raw line: Mar  4 21:01:19 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
[DEBUG] Clean line: Mar  4 21:01:19 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}
[DEBUG] Match found at Wed 05 Mar 2025 12:21:45 AM EST: Mar  4 21:01:19 10.0.0.236 "EventStart"
{
   "Code" : "CrossLineDetection",
   "Index" : 1,
   "User" : "System"
}

[Revo2Maxx]

so I made some changes as you can see from the restart and different format, Maybe this will work lol

Code: Select all

revo2maxx@Rmaxxi7:~$ sudo systemctl status camera-alert.service
● camera-alert.service - Camera Alert Notification Service
     Loaded: loaded (/etc/systemd/system/camera-alert.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2025-03-04 15:28:39 EST; 9h ago
   Main PID: 119793 (camera-alert.sh)
      Tasks: 3 (limit: 38197)
     Memory: 2.9M
     CGroup: /system.slice/camera-alert.service
             ├─119793 /bin/bash /usr/local/bin/camera-alert.sh
             ├─119798 tail -F /var/log/ipcamera.log
             └─119799 /bin/bash /usr/local/bin/camera-alert.sh

Mar 04 15:28:39 Rmaxxi7 systemd[1]: Started Camera Alert Notification Service.
Mar 04 15:28:39 Rmaxxi7 camera-alert.sh[119824]: Mar  4 15:25:01 10.0.0.236 "EventStart"
Mar 04 15:28:39 Rmaxxi7 camera-alert.sh[119824]:    "Code" : "CrossLineDetection",
Mar 05 00:21:14 Rmaxxi7 camera-alert.sh[125614]:    "Code" : "CrossLineDetection",
revo2maxx@Rmaxxi7:~$ sudo systemctl daemon-reload
revo2maxx@Rmaxxi7:~$ sudo systemctl restart camera-alert.service
revo2maxx@Rmaxxi7:~$ sudo systemctl status camera-alert.service
● camera-alert.service - Camera Alert Notification Service
     Loaded: loaded (/etc/systemd/system/camera-alert.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2025-03-05 00:39:13 EST; 14s ago
   Main PID: 126525 (camera-alert.sh)
      Tasks: 3 (limit: 38197)
     Memory: 1.2M
     CGroup: /system.slice/camera-alert.service
             ├─126525 /bin/bash /usr/local/bin/camera-alert.sh
             ├─126537 inotifywait -m -e modify /var/log/ipcamera.log
             └─126539 /bin/bash /usr/local/bin/camera-alert.sh

Mar 05 00:39:13 Rmaxxi7 systemd[1]: Started Camera Alert Notification Service.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Setting up watches.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Watches established.

[Revo2Maxx]

So oddly that only triggered once.. But as you can see in the first part there was 2 since I updated the file?

Code: Select all

Mar  5 00:27:31 10.0.0.236 "LogOut"#012{#012   "Address" : "10.0.0.22",#012   "Type" : "Web3.0",#012   "User" : "admin"#012}
Mar  5 01:36:16 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  5 01:36:19 10.0.0.236 "EventStop"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  5 01:36:46 10.0.0.236 "EventStart"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}
Mar  5 01:36:48 10.0.0.236 "EventStop"#012{#012   "Code" : "CrossLineDetection",#012   "Index" : 1,#012   "User" : "System"#012}

however looking at the status you can see that it did get first one at 136 but not that one at 13648?

Code: Select all

revo2maxx@Rmaxxi7:~$ sudo systemctl status camera-alert.service
● camera-alert.service - Camera Alert Notification Service
     Loaded: loaded (/etc/systemd/system/camera-alert.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2025-03-05 00:39:13 EST; 57min ago
   Main PID: 126525 (camera-alert.sh)
      Tasks: 3 (limit: 38197)
     Memory: 1.8M
     CGroup: /system.slice/camera-alert.service
             ├─126525 /bin/bash /usr/local/bin/camera-alert.sh
             ├─126537 inotifywait -m -e modify /var/log/ipcamera.log
             └─126539 /bin/bash /usr/local/bin/camera-alert.sh

Mar 05 00:39:13 Rmaxxi7 systemd[1]: Started Camera Alert Notification Service.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Setting up watches.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Watches established.
Mar 05 01:36:17 Rmaxxi7 camera-alert.sh[127586]: Mar  5 01:36:16 10.0.0.236 "EventStart"
Mar 05 01:36:17 Rmaxxi7 camera-alert.sh[127586]:    "Code" : "CrossLineDetection",
revo2maxx@Rmaxxi7:~$ sudo systemctl status camera-alert.service
● camera-alert.service - Camera Alert Notification Service
     Loaded: loaded (/etc/systemd/system/camera-alert.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2025-03-05 00:39:13 EST; 58min ago
   Main PID: 126525 (camera-alert.sh)
      Tasks: 3 (limit: 38197)
     Memory: 1.8M
     CGroup: /system.slice/camera-alert.service
             ├─126525 /bin/bash /usr/local/bin/camera-alert.sh
             ├─126537 inotifywait -m -e modify /var/log/ipcamera.log
             └─126539 /bin/bash /usr/local/bin/camera-alert.sh

Mar 05 00:39:13 Rmaxxi7 systemd[1]: Started Camera Alert Notification Service.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Setting up watches.
Mar 05 00:39:13 Rmaxxi7 camera-alert.sh[126537]: Watches established.
Mar 05 01:36:17 Rmaxxi7 camera-alert.sh[127586]: Mar  5 01:36:16 10.0.0.236 "EventStart"
Mar 05 01:36:17 Rmaxxi7 camera-alert.sh[127586]:    "Code" : "CrossLineDetection",

[ultimatecodewarrior]

@Revo2Maxx
Quickly looking at your code, seems as if you are reading from a ipcamera.log and wanting to extract/parse out certain events and put them into another alert pipe file?


You could always create a python script to do this and create a cron job to run that python script at startup of the machine.

Code: Select all

import os
from datetime import datetime

LOG_FILE = "ipcamera.log"
ALERT_LOG = "camera-alerts.log"
STATE_FILE = "camera_state.txt"
EVENT_TYPES = ["EventStart", "AudioMutation", "CrossLineDetection"]

def ensure_file_exists(file_path):
    """Ensure that the file exists, create it if it doesn't."""
    if not os.path.exists(file_path):
        open(file_path, 'a').close()

def ensure_directory_exists(directory_path):
    """Ensure that the directory exists, create it if it doesn't."""
    if directory_path and not os.path.exists(directory_path):
        os.makedirs(directory_path)

def read_last_timestamp():
    if os.path.exists(STATE_FILE):
        with open(STATE_FILE, 'r') as state_file:
            return state_file.read().strip()
    return None

def save_last_timestamp(timestamp):
    with open(STATE_FILE, 'w') as state_file:
        state_file.write(timestamp)

def extract_timestamp(line):
    try:
        # Find the second ':' in the line
        second_colon_index = line.find(':', line.find(':') + 1)
        if second_colon_index != -1:
            # Extract the timestamp string
            timestamp_str = line[:second_colon_index + 3].strip()
            # Parse the timestamp string into a datetime object
            timestamp = datetime.strptime(timestamp_str, '%b %d %H:%M:%S')
            return timestamp_str
    except ValueError:
        return None

def process_line(line):
    clean_line = line.replace("#012", "")
    if any(event in clean_line for event in EVENT_TYPES):
        timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        alert_message = f"[{timestamp}] Camera Alert: {clean_line}"
        with open(ALERT_LOG, 'a') as alert_log:
            alert_log.write(alert_message + "\n")
        print(alert_message)

def main():
    # Ensure necessary files and directories exist
    ensure_directory_exists(os.path.dirname(LOG_FILE))
    ensure_directory_exists(os.path.dirname(ALERT_LOG))
    ensure_directory_exists(os.path.dirname(STATE_FILE))
    ensure_file_exists(LOG_FILE)
    ensure_file_exists(ALERT_LOG)

    last_timestamp = read_last_timestamp()
    with open(LOG_FILE, 'r') as log_file:
        if last_timestamp:
            # Skip lines until we find the last processed timestamp
            for line in log_file:
                if line.startswith(last_timestamp):
                    break

        # Process new lines
        for line in log_file:
            process_line(line)
            # Extract the timestamp from the line
            timestamp_str = extract_timestamp(line)
            if timestamp_str:
                save_last_timestamp(timestamp_str)

if __name__ == "__main__":
    main()

*** The camera_state.txt keeps track of the last datetime processed in the log file. So if you want to re-run your entire log, then delete the camera_state.txt file if it exists. If you only want to run this python file on new entries to the ipcamera.log, then find the last line datetime in the ipcamera.log and paste it in the camrea_state.txt file. For instance: Mar 5 01:36:48

If you wanted to you could actually have the event sent to your mobile phone via telegram app. There is a way you can create a free account on telegram (via the Bot Father) to post to and your cell phone will get a push notification of a text message or even quick snapshot from the camera itself. (I think there are some http:// based snapshot api functions on the amcrest cameras). You could use opencv to scale it down if need be so it's not so big to send (like a 640x480 photo).