Not as such, though you could extract the last X lines from the log to a temp file and process that.
tail -100 /var/log/messages > tmp.log && check_log3.pl -l tmp.log -s /dev/null -p pattern ...
For the last X minutes, assuming you are using a seek file and the log has been read before this is the default behaviour (just set the check interval to X minutes). If you want the script to interpret timestamps in the log itself, that is possible but you need the custom eval parser feature.
E.g. you only ever want to check data from the the last 5 minutes (300 seconds), no matter when the check is run:
check_log3.pl -l logfile -p pattern -e '{ use Date::Parse; my $time = substr($_, 0, 16); my $ts = str2time($time); return 1 if time - $ts < 300; }' ...
This eval block will only evaluate to true if both the pattern is found AND the timestamp (taken from the first 16 characters in the log) is less than 300 seconds ago. The script will in fact still read the log from the last seek position, but any matches which don't fit the timestamp criteria will not be counted.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there a way you can tell the script to only look at the last X number of lines or X number of minutes when looking for the pattern to match?
Not as such, though you could extract the last X lines from the log to a temp file and process that.
tail -100 /var/log/messages > tmp.log && check_log3.pl -l tmp.log -s /dev/null -p pattern ...
For the last X minutes, assuming you are using a seek file and the log has been read before this is the default behaviour (just set the check interval to X minutes). If you want the script to interpret timestamps in the log itself, that is possible but you need the custom eval parser feature.
E.g. you only ever want to check data from the the last 5 minutes (300 seconds), no matter when the check is run:
check_log3.pl -l logfile -p pattern -e '{ use Date::Parse; my $time = substr($_, 0, 16); my $ts = str2time($time); return 1 if time - $ts < 300; }' ...
This eval block will only evaluate to true if both the pattern is found AND the timestamp (taken from the first 16 characters in the log) is less than 300 seconds ago. The script will in fact still read the log from the last seek position, but any matches which don't fit the timestamp criteria will not be counted.