Log Files

check_timed_logs

Write a Review

Description:

Script searches a text file for the appearance of a given RegEx within a given time period.
Using additional parameters you can adjust: Time string format,
time string position, number of pattern matches required to be “successful”.

Current Version

1.0.2

Last Release Date

2013-10-07

Compatible With

  • Nagios 3.x

Owner

gradecke

License

GPL

Copy Page Link Recommend Contact Owner Login to Add to Favorites
Project Files
FileDescription
check_timed_logs.pl

check_timed_logs.pl

Project Notes
Script searches a text file for the appearance of a given RegEx within a given time period. Using additional parameters you can adjust: Time string format, time string position, number of pattern matches required to be "successful", REQUIRES: perl-Time-Piece perl-File-ReadBackwards ON RHEL-based systems you can run: yum install perl-Time-Piece perl-File-ReadBackwards Return Values for NRPE: OK - There are only 0 instances of $pattern in the last $interval minutes (0) CRITICAL - There are $hits instances of $pattern in the last $interval minutes (2) WARNING - There are $hits instances of $pattern in the last $interval minutes (1) UNKNOWN - There were no files matching the passed filename (3) check_timed_logs.pl -h Usage: check_timed_logs.pl -pattern -logfile -interval [-timepattern ] [-warning|w ] [-critical|c ] [-timeposition ] To allow for rotating logfiles, any file that matches the passed filename and was changed within the passed interval is checked. e.g. If you pass /var/log/applog, this could match /var/log/applog.0, /var/log/applog.old and so on. However, it does not handle compressed (e.g. gzip/bzip) files. Default time pattern is: %Y-%m-%d %H:%M:%S => 2012-12-31 17:20:40 Example Time patterns (from a RHEL system): BSD/Syslog: %b %d %H:%M:%S => Dec 31 17:20:40 Apache Logs: %d/%b/%Y:%H:%M:%S (with -timeposition 3) => 31/Dec/2012:17:20:40 Websphere Logs: %d-%b-%Y %I:%M:%S %p => 31-Dec-2012 05:20:40 PM Nagios logs: %s => 1361260238 (seconds since 01-01-1970) For a posix time format documentation check out: http://linux.die.net/man/3/strftime Default warning/critical threshold of pattern matches to find is: 1 -> unless you change this, you will only get OK or CRITICAL, but never WARNING Default time position is 0 Time Position: each line is split into an array of strings on the space character, this provides the index for the first time string. Note: If the line starts with the time, that means we start at index 0. The values for interval and warning/critical need to be larger than zero CHANGELOG: 1.0 2013-02-19 - initial version 1.0.1 2013-02-27 - fixed false variable reference 1.0.2 2013-10-07 - integrated threshold-comparison fix by Christoph Tavan - thanks ;)
Reviews (1) Add a Review
Inconsistent
by Citrus07, April 30, 2013

I'm trying to do a search of strings with a DATE Field in the first column, but in my case, the log file i'm searching is a mix of information/logging with and without the timestamp as first field.. My search is succesful only if the last lines contain the timestamp, otherwise it gives me this error Error parsing time at /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/Time/Piece.pm line 465.


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
1.7 (3)
Favorites
0
Views
47,960