If you are using rsyslog, here’s how to get an email notification when a certain keyword is found in the logs.
1. Edit rsyslog.conf. We are using Red Hat.
> vi /etc/rsyslog.conf
2. Add the following lines at the end of the file. An email will be sent when the keyword ERROR is found. The action runs every 5 minutes.
$ModLoad ommail $ActionMailSMTPServer localhost $ActionMailFrom rsyslog@domain.com $ActionMailTo admin@domain.com $template mailSubject,"[rsyslog] %hostname%" $template mailBody,"%msg%" $ActionMailSubject mailSubject $ActionExecOnlyOnceEveryInterval 300 if $msg contains 'ERROR' then :ommail:;mailBody
3. Restart rsyslog.
> service rsyslog restart