check_log3.pl

This is check_log3.pl version 3.16.1

Usage: check_log3.pl [ -v | --version ]
Usage: check_log3.pl [ -h | --help ]
Usage: check_log3.pl --manual
Usage: check_log3.pl --list-encodings
Usage: check_log3.pl -l log_file|log_directory (-p pattern [-p pattern ...])|-P patternfile)
	[-i] [-n negpattern|-f negpatternfile ] [-s seek_file|seek_base_dir] [--show-filename]
	([-m glob-pattern] [-t most_recent|first_match|last_match] [--timestamp=time-spec] [-S string])
        [-d] [-D] [-a] [-C {-|+}n] [-q] [--ultraq] [-Q] ([-e '{ eval block }'|-E script_file]|--secure)
	([-N|--report-max=N]|[--report-only=N])|([-1|--stop-first-match]|[--report-first-match])
	[--ok]|([-w warn_count] [-c crit_count] [--negate])
	[--input-enc=encoding] [--output-enc=encoding] [--crlf]
	[--missing=STATE [--missing-msg=message]]
	[-R|--restartcommand] [-M|--returnmessage]



This plugin scans arbitrary text files for regular expression matches.

Log file control:

-l, --logfile=
    The log file to be scanned, or the fixed path component if -m is in use.
    If this is a directory, -t and -m '*' is assumed.
-s, --seekfile=
    The temporary file to store the seek position of the last scan.  If not
    specified, it will be automatically generated in /tmp, based on the
    log file's base name.  If this is a directory, the seek file will be auto-
    generated there instead of in /tmp.
    If you specify the system's null device (/dev/null), the entire log file
    will be read every time.
-m, --log-pattern=
    A glob(7) expression, used together with the -l option for selecting log
    files whose name is variable, such as time stamped or rotated logs.
    If you use this option, the -s option will be ignored unless it points to
    either a directory or to the null device (/dev/null).
    For selecting time stamped logs, you can use the following date(1)-like
    expressions, which by default refer to the current date and time:
	  %Y = year
	  %y = last 2 digits of year
	  %m = month (01-12)
	  %d = day of month (01-31)
	  %H = hour (00-23)
 	  %M = minute (00-59)
  	  %S = second (00-60)
	  %w = week day (0-6), 0 is Sunday
	  %j = day of year (000-365)
    Use the --timestamp option to refer to timestamps in the past.
	Note that the plugin only ever selects one log file to read.
	See also the -S option.
-S, --seekfile-id=
	For checks using -m, add this string to the generated seek file name to
	make different service checks using the same log patterns unique.
-t, --log-select=most_recent|first_match|last_match
    How to further select amongst multiple files when using -m:
     - most_recent: select the most recently modified file
     - first_match: select the first match (sorting alphabetically)
     - last_match: select the last match (this is the default)
--timestamp='(X months|weeks|days|hours|minutes|seconds)... [ago]'
    Use this option to make the time stamp macros in the -m expression refer
    to a time in the past, e.g. '1 day, 6 hours ago'.  The shortcuts 'now' and
    'yesterday' are also recognised.  The default is 'now'.
    If this expression is purely numerical it will be interpreted as seconds
    since 1970-01-01 00:00:00 UTC.

Search pattern control:

-p, --pattern=
    The regular expression to scan for in the log file.  If specified more
    than once, the patterns will be combined into an expression of the form
    'pattern1|pattern2|pattern3|...' (but also see the -A option).
-P, --patternfile=
    File containing regular expressions, one per line, which will be combined
    into an expression of the form 'line1|line2|line3|...' (but also see -A).
-A, --and
    Use AND instead of OR to combine multiple patterns specified via the -p or
    -P options.  A line must match all patterns to be counted as a match.
    This is equivalent to '(?=.*pattern1)(?=.*pattern2)(?=.*pattern3)...'.
-n, --negpattern=
    The regular expression to skip in the log file.  Can be specified multiple
    times, in which case they will be combined as 'pat1|pat2|pat3|...'.
-f, --negpatternfile=
    Specifies a file with regular expressions which will all be skipped.
-i, --case-insensitive
    Do a case insensitive scan.  Note, this is bad for performance.

Character set control:

--encoding=, --input-enc=
    Force a particular encoding on the log file and pattern files (but not
    custom eval scripts), such as utf-16, iso-8859-15, cp1252, koi8-r, etc.
    For example, to read Windows Unicode files you probably need "utf16le".
    Run the script with --list-encodings to see which encodings are supported.
    Warning: if you use this option and the patterns specified on the command
    line (with -p and -n) are not themselves in this encoding, you *must* use
    pattern files!  Also note that using this option is bad for performance.
--output-enc=
    Force a particular character encoding of the plugin output, as above.
    The plugin's default output encoding is UTF-8.
--list-encodings
    Show which character set encodings this plugin supports, and exits.
--crlf
    Translate CRLF line endings to Unix newlines; use this if you are reading
    logs generate on DOS/Windows PCs on a Unix machine and are getting '^M'
    characters in the output.  This option is also bad for performance.

Alerting control:

-w, --warning=
    Return WARNING if at least this many matches found.  The default is 1.
-c, --critical=
    Return CRITICAL if at least this many matches found.  The default is 0,
    i.e. don't return critical alerts unless specified explicitly.
-d, --nodiff, --nodiff-warn
    Return an alert if the log file was not written to since the last scan.
    By default this will result in a WARNING if not at least one line was
    written.  If no search pattern was specified, the -w and -c options can
    be used to control the number of expected lines.
-D, --nodiff-crit
    Return CRITICAL if the log was not written to since the last scan.  If no
    search pattern was specified this is equivalent to '-d -c 1'.
--missing=STATE [ --missing-msg="message" ]
    Return STATE instead of CRITICAL when no log file could be found, and
    optionally output a custom message (by default "No log file found").
    STATE must be one of OK, WARNING, CRITICAL or UNKNOWN.
    Note, if --missing is not specified, --missing-msg is ignored, and a
    standard error message is returned.
--missing-ok
    Equivalent to --missing=OK (for backwards compatibility).
--ok
    Always return an OK status to Nagios, unless there was an I/O error.
--negate
    Inverts the meaning of the -w and -c options, i.e. returns an alert if not
    at least this many matches are found.  (Note: this option is not useful in
    combination with --ok.)

Output control:

-N, --report-max=
    Stop after matching a maximum of  times.  The log may not be read
    all the way to the end of the file when using this option.
--report-only=
    Output a maximum of  lines and skip the rest (move the seek pointer
    to the end of the file).  Takes precedence over --report-max.
-1, --stop-first-match
    Stop at the first line matched, instead of the last one.  It will make the
    plugin report every single match (and implies an alerting threshold of 1).
    Equivalent to --report-max=1.
--report-first-only
    Stop at the first line matched, but also skip the remainder of the file.
    Use this option only when you are expecting many identical (or very similar)
    matches but only want to see the first one, and to ignore all subsequent
    matches until the next service check.  Equivalent to --report-only=1.
-a, --output-all
    Output all matching lines instead of just the last one.  Note that the
    plugin output may be truncated if it exceeds 4KB (1KB when using NRPE).
    Other agent software may impose other limits.  Note that you will lose
    performance data if output is truncated.
    If used together with --report-max or --report-only, will affect output
    but not stopping/EOF seeking behaviour.
-C, --context=[-|+]
    Output  lines of context before or after matched line; use -N for
    N lines before the match, +N for N lines after the match (if possible) or
    an unqualified number to get N lines before and after the match.
-R, --restartcommand=
    If the the log was not written to since the last scan and the -D option was
    used, prefix the status output with this string.  This is meant to be the
    name of a control script or systemd service that can be used by an event
    handler to restart the application the log file belongs to.
-M, --returnmessage=
    If the the log was not written to since the last scan and the -D option was
    used, append this message to the end of the service check output.  This can
    be used to provide instructions to operators or links to documentation.
    Make sure to use quotes to avoid problems.
-e, --parse=
-E, --parsefile=
    Custom Perl code block to parse each matched line with, or an external
    script.  If specified directly with -e the code should probably be in
    curly brackets and quoted.  It will be executed as a Perl 'eval' block.
    If the return code of the custom code is non-zero the line is counted
    against the threshold, otherwise it isn't and it will be as if the line
    did not match the pattern after all (though it is counted as perfdata).
    The current matching line will be passed to the eval code in $_.
    Set $parse_out to generate custom output instead of the matching line.
    Set $perfdata to generate custom performance data instead of the number of
    matching lines.  Note: if you set $parse_out, no context will be output,
    but you can parse it, and indeed you must use -C if you want to parse a
    line other than the current matching one.  In that case you should parse
    @line_buffer instead of $_.
-q, --quiet
    Suppress output of matched line(s) if state is OK.
--ultraq
    Suppress all output if state is OK, this option is suitable for cronjobs.
-Q, --no-header
    Suppress leading state and statistics info from output.
--no-perfdata
    Suppress the standard performance data output from the plugin.  Use this
    if your are using custom parsing code and generate your own perfdata.
--show-filename
    Print the name of the actual input file in the plugin output.  Useful in
    combination with dynamic filenames.

Other options:

--secure
    Disable all custom eval code features.  Overrides the -e and -E options.
--timeout=
    Override the plugin time-out timer (by default 15 seconds).  The plugin
    will return UNKNOWN if the plugin runs for more than this many seconds.
--no-timeout
    Equivalent to --timeout=0.


Support information:

-h, --help
    This help screen.
--manual
    The full manual.
-v, --version
    Print plugin version number and exit.

Send email to pmcaulay@evilgeek.net if you have questions regarding use of this
software, or to submit patches or suggest improvements.  Please include version
information with all correspondence (the output of the --version option).

This Nagios plugin comes with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.