Releasing – Smart piping of command output to email for alerting


Today we are releasing a small but useful tool, This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe.

The tool was developed for cases where you want a simple and robust way of being alerted whenever something interesting happens on a system, but you don’t have the luxury of a fancy SIEM or other alerting system.

Try it out yourself

We have published on GitHub, along with all information to get started:

The readme file on GitHub contains a set of concrete examples for which could be useful. We give concrete example commands for alerting on high severity IDS alerts, a disk being about to fill up, a Raspberry Pi running hot or a suspicious VPN logon occurring.

An alert recieved through whenever our Raspberry Pi runs too hot.
Includes automatic timestamp extraction!

We have found the use of to be especially useful in combination with cron jobs: run a command each minute, pipe its standard output of, and be alerted of changes by email (a suspicious logon or a new IDS hit for example). The possibilities however are endless: as long as you can pipe it to standard output, you can receive an alert.

We welcome any suggestions, bug reports or contributions on GitHub! 🐀

About the author

Daan Raman is in charge of NVISO Labs, the research arm of NVISO. Together with the team, he drives initiatives around innovation to ensure we stay on top of our game; innovating the things we do, the technology we use and the way we work form an essential part of this. Daan doesn’t like to write about himself in third-person. You can contact him at and find him on Twitter and LinkedIn.

One thought on “Releasing – Smart piping of command output to email for alerting

Leave a Reply