check_logfiles

== check_logfiles Nagios Plugin README This plugin looks for patterns in files. It is capable of detecting logfile rotation. If you tell it how the rotated archives look like, it will also examine these files. Traditional logfile plugins were not aware of the gap which could occur, so under some circumstances they ignored what had happened between their checks. In a production environment this is not tolerable, that's why check_logfiles came into being. Send mail to gerhard.lausser@consol.de or use the sourceforge forum for assistance. Please include the OS type and version that you are using. Also, run the plugin with the '-d' option and provide the resulting version information. Of course, there may be additional diagnostic information required as well. Use good judgment. == Command line parameters --logfile= This is the logfile which will be scanned. --criticalpattern= This is the regular expression which will raise a critical error if found. --warningpattern= This is the regular expression which will raise a critical error if found. Usage is optional. --tag= This is a unique identifier for this logfile/pattern combination. You _must_ use it if you plan to call check_logfiles with more than one of these combinations. Usage is optional but strongly recommended. --noprotocol If you do not want all the matching lines being written to a protocol file, set this option. Usage is optional. --syslogserver If the server this script is running on is a syslogserver with messages from several hosts in the logfile, you can limit the scan to lines originationg from the local host. Usage is optional. -f Instead of describing on the command line what you search and where you search, you can describe much more complex configurations in a file. -d With this option you can turn on debugging. A file /tmp/check_logfiles.trace will be created and check_logfile's inner working will be logged into it. An alternative way to turn on debugging is to create the tracefile yourself. This is the preferred method to debug on the fly if you don't want to change your nagios configuration and add the "-d" to your command_line. == Examples: # # This is a simple example where you look for messages indicating # an overheated cpu in a hp-ux box # /opt/nagios/libexec/check_logfiles --tag=toohot --logfile=/var/adm/syslog/syslog.log --rotation=HPUX --criticalpattern=OVERTEMP --noprotocol # # In this example check_logfiles is used as a standalone program. # It reads it's rules from this config file. # Scan /var/adm/messages for SAN-related errors and send an alert # via the send_nsca command. # $scriptpath = '/usr/bin/nagios/libexec:/usr/local/nagios/contrib'; $MACROS = { NAGIOS_HOSTNAME => "oaschgeign.muc", CL_NSCA_HOST_ADDRESS => "lpmon1.muc", CL_NSCA_PORT => 5778 }; $postscript = 'send_nsca'; $postscriptparams = '-H $CL_NSCA_HOST_ADDRESS$ -p $CL_NSCA_PORT$ -to $CL_NSCA_TO_SEC$ -c $CL_NSCA_CONFIG_FILE$'; $postscriptstdin = '$CL_HOSTNAME$t$CL_SERVICEDESC$t$CL_SERVICESTATEID$t$CL_SERVICEOUTPUT$n'; @logs = ( { tag => 'san', logfile => '/var/adm/messages', criticalpatterns => [ 'Link Down Event received', 'Loop OFFLINE', 'fctl:.*disappeared from fabric', '.*Lun.*disappeared.*' ], }, ); # # This config file implements checking if a syslog daemon really # works. In the startup phase a message is sent to syslog. # After a delay of five seconds this message will be searched for. # If it cannot be found, this means syslogd is not running properly # or not running at all. An alert will then be generated. # $scriptpath = '/usr/bin'; $prescript = 'logger'; $prescriptparams = '-t nagios'; $prescriptstdin = 'braver syslog ($CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$ $CL_DATE_HH$:$CL_DATE_MI$:$CL_DATE_SS$)'; $prescriptdelay = 5; @logs = ( { tag => 'syslogworks', logfile => '/var/log/messages', rotation => 'SUSE', criticalpatterns => ['!nagios:s+bravers+syslog'], options => 'noprotocol', }, ); # # This config file implements a simple method to monitor the # hardware health of a solaris machine. # From the prtdiag(1M) manpage: # -l Log output. If failures or errors exist in the system, # output this information to syslogd(1M) only. # This means, if you run prtdiag and you find something # prtdiag-related in the messages file, then there must be # an error somewhere in the system. # $scriptpath = '/usr/platform/sun4u/sbin'; $prescript = 'prtdiag'; $prescriptparams = '-l'; @logs = ( { tag => 'prtdiag', logfile => '/var/adm/messages', rotation => 'SOLARIS', criticalpatterns => 'prtdiag:', }, );

You must be logged in to submit a review.

Your review has been submitted and is pending approval.

Your recommendation has been sent.

Project Overview Project Notes Reviews