Reduce Cron Email Noise with logdiff

3 min read Original article ↗

If your cron jobs or scheduled scanners flood your inbox with the same output every run, it becomes hard to spot the important changes. logdiff is a tiny open-source Rust tool that caches streamed output per key and emits only the differences from the previous run - either as a unified diff or as changed lines only. That makes email notifications and alerts far more actionable.

Why this matters

  • Reduce noise: only changed output gets reported, so you stop receiving repeated identical scans or log dumps.
  • Easy integration: it acts as a simple filter in any pipe, so you can add it to existing cron lines without changing the producer.
  • Lightweight: single binary, easy to install with Cargo or build from source.

What logdiff does

  • Reads stdin and stores it in a cache file keyed by a user-specified identifier.
  • On subsequent runs it compares the previous and current input using diff -u (or a fallback manual comparison) and prints the differences.
  • Options include --only-lines to show only added/removed lines and --cache-dir to override the cache location.

Quick install

Install with Cargo:

cargo install --git https://codeberg.org/chapati/logdiff logdiff

Or build from source:

git clone https://codeberg.org/chapati/logdiff
cd logdiff
cargo build --release
# binary will be in target/release/logdiff

Usage examples

Pipe a logfile into logdiff with a key. The first run creates the baseline and prints nothing:

cat logfile.log | logdiff mykey

On the next run it prints the unified diff between the previous and current input. To receive only the changed lines (prefixed with + or -) use:

cat logfile.log | logdiff --only-lines mykey

Cron example (practical)

Here is a real-world cron line that runs lynis daily at 04:30, filters the output through logdiff and mails only the changed lines:

30 4 * * * (lynis --cronjob 2>&1 | logdiff --only-lines lynis | mail -s "san: lynis" [email protected])

How this helps

  • If lynis reports the same findings as yesterday, logdiff suppresses the output and the received email will be empty (or absent if your mailer suppresses empty bodies). Only when scan results change will your inbox get a concise diff of additions/removals.
  • Use one key per job (for example lynis, backup, db-check) so caches remain separated and meaningful.

Advanced tips

  • Customize cache location with --cache-dir /path/to/cache when running in environments with restricted home directories.
  • Prune or rotate cache files if you have many distinct job keys to avoid unbounded storage growth.
  • Combine logdiff with notification systems that can suppress empty payloads, or only trigger alerts when output is non-empty.

Cache location and fallback

By default logdiff stores cache files in $XDG_CACHE_HOME/logdiff or ~/.cache/logdiff. It relies on the system diff tool; when diff is unavailable logdiff falls back to a manual comparison implementation.

License & repo

logdiff is open source under the AGPL-3.0 license. Check the project, file issues, or contribute at:

https://codeberg.org/chapati/logdiff

This small CLI tool is ideal for anyone who wants fewer, more useful notifications from scheduled tasks. Drop it into your cron pipelines and get alerts that actually matter.