折腾了点时间,供参考

# -*- coding: utf-8 -*-
__author__ = 'River'
import timeit,os
import re,time
'''
'''
#被监控的文件
log_file="/var/log/messages"
#记录读取的行数
line_file="/var/log/line.log"
##计算文件行数
def linecount(log_file):
   count = 0
   with open (log_file,'rb') as thefile:
       while 1:
           buffer = thefile.read(65536)
           if not buffer:
               break
           count += buffer.count('\n')#通过读取换行符计算
       return count
try:
   ##宁愿重复报警,也不能遗漏报警,上次读取的结尾初始化为50%文件行数
   end_line=int(linecount(log_file)*0.5)
   while 1:
       with open (line_file,'r') as fileHandle_line:
           try:
               #获取上次记录的读取位置
               start_line_record=fileHandle_line.readlines()[0:1][0].strip()
               start_line = int(start_line_record)
           except:
               #start_line=int(end_line*0.5)
               start_line=int(linecount(log_file)*0.5)
       with open (log_file,'r') as fileHandle_log:
           try:
               fileList = fileHandle_log.readlines()[start_line:]
               end_line=start_line
               for line in fileList:
                   end_line=end_line+1
                   #匹配上正则规则
                   if re.match(r".*puppet-agent.*\(\/Stage",line):
                       #过滤出需要的文字:时间、主机名、变更内容
                       tmp_list=line.strip().split(" ")
                       action_time=tmp_list[0]+tmp_list[1]+"  "+tmp_list[2]+" "+tmp_list[3]
                       hostname=tmp_list[4]
                       change=line.strip().split("(")[1]
                       print  action_time +"  "+hostname+"   "+change
                   else:
                       continue
               fileList=[]
               with open (line_file,'w') as fileHandle_line_w:
                   #保存本次读到的文件位置
                   fileHandle_line_w.write(str(end_line))
           except:
               #start_line=int(end_line*0.5)
               fileHandle_line_w.write(str(end_line))
               raise "ERROR 读取文件失败%s" %(log_file)
       #以5s为间隔,再次从上次记录的位置读取文件
       time.sleep(5)
except:
   with open (line_file,'w') as fileHandle_line_w:
       #异常时保存本次读到的文件位置
       fileHandle_line_w.write(str(end_line))