#!/bin/bash procNumber=`/usr/bin/ps -ef|grep '/var/log/messages'|grep -v grep|wc -l` if [ $procNumber -eq 0 ]; then echo '>>/tmp/flat' nohup $(/usr/bin/tail -F /var/log/messages|awk '/out of memory/ {print $0;fflush()}' >> /tmp/flag) & else echo 'kill' pkill -9 tail && nohup $(/usr/bin/tail -F /var/log/messages|awk '/out of memory/ {print $0;fflush()}' >> /tmp/flag) & fi echo "while" while /usr/bin/inotifywait -e 'modify' /tmp/flag; do echo "intifwait" /usr/sbin/ss -s >> /alidata1/ss/ss-s.txt /usr/sbin/ss -ap >> /alidata1/ss/ss-ap.txt /usr/sbin/ss -mp >> /alidata1/ss/ss-mp.txt /usr/sbin/ss -iep >> /alidata1/ss/ss-iep.txt /usr/bin/cat /proc/net/sockstat >> /alidata1/ss/sockstat /usr/bin/cat /proc/net/snmp >> /alidata1/ss/snmp /usr/bin/cat /proc/net/dev >> /alidata1/ss/dev procN=`/usr/bin/ps -ef |grep tcpdump |grep -v grep|wc -l` IP=$(hostname -i) echo "$procN---$IP" date=$(date +%s) if [ $procN -eq 0 ]; then echo 'tcpdump' nohup $(/usr/sbin/tcpdump -i eth0 -s 0 -c 8000000 -K -n -w /alidata1/tcpdump/${IP}_${date}-sniffer.cap) & fi done