I am attempting to find the best way to determine when the second file (of a matching criteria) is created. The context is an audit log rotation.

Given a directory where audit logs are created every hour, I need to execute a parsing awk script upon the audit log that has been closed off. What I mean by that, is that every hour a new audit log is created, and the old audit log is closed, containing up to an hours worth of information. The new log file is to be left alone until it too is closed and a new one created.

I could create a bash shell script and use "find /home/tomcat/openam/openam/log -name amAuthentication.* -mmin -60" and then have this executed every 10 minutes via a crontab entry but I'm not sure how to write the rest of it.

I suppose the script could start off by saving the contents of that find to a temp file, and upon every crontab execution, compare the new find command contents and when it changes, use the temp file as the input to the awk script. When the awk script is complete, save the contents of the new find to the file.

If anyone can complete that idea or come up with a better idea, I would appreciate it.