[Nagios-users] check_log manual
Hello, where can i find a manual for the check_log? How can I use the pattern option? Thank you. Martin Kamke Tel. +49 40 3890 4417 Fax +49 40 3890 web: http://www.snap.de www.snap.de mail: mailto:martin.ka...@snap.de martin.ka...@snap.de SNAP Innovation Softwareentwicklung GmbH, 22765 Hamburg, Max-Brauer-Allee 50 Amtsgericht Hamburg HRB 61066, Geschäftsführer: Ulrich Zimmer, Paul McCullagh -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log
I am using the check_log plugin and I am having a strange issue. When the monitor scan my log and encounters an issue, it reports it, when it scans it again and does not find the issue it still reports as an error. The only way I can clear this is by running the check command manually on the host so it displays OK then click on issue and immediate check. Then it returns the OK. Any insight? Ed -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log via check_nrpe problem
Hi, If you ran your tests with an other user than the one NRPE is using on your server, may be he can't overwrite your /tmp/messages file and trigger a CRITICAL state (I see in your tests you are logged in as root). Marc-André On 11/04/2011 04:53 AM, Brandstaetter, Sigmund wrote: Hi Guys, First of all, hello, since this is my first post to the list. I hope some of you will be able to give me some input on my problem. I have a Nagios Server to monitor some Hosts (Nagios 3.3.1) using NRPE and SNMP Checks I wanna check a logfile for eg. the string error. The check works fine when I run it locally, meaning, after the check detects the pattern, it creates an alert, then, on the next check, if no new pattern was detected, it will return OK. When I now run the check via nrpe from the nagios server, it will also detect the pattern, but it will also come back with CRITICAL on each check thereafter even if there have been no additional occurrences of it. This is what the corresponding line in the nrpe.cfg on the remote host looks like for this check: command[check_messages]=/usr/local/nagios/libexec/check_log -F /var/log/messages -O /tmp/messages -q error Note that all other checks work fine, so nrpe works fine. EG: [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error But locally on the host, using the same check_log with the same parameters that I have in my nrpe.cfg it works: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error (13) Nov 4 10:49:57 tuphlog1 nagios: SERVICE NOTIFICATION: nagiosadmin;tuphweb2;LOG - Authentication Errors;UNKNOWN;notify-service-by-email;Log check error: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error Log check ok - 0 pattern matches found Any Idea what could be the problem? Cheers Sigmund -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log via check_nrpe problem
Hi Marc, Thanks a lot, sure enough you are right J Thanks a lot, I totally overlooked that . From: MAD [mailto:m...@b-care.net] Sent: Friday, November 04, 2011 15:33 To: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] check_log via check_nrpe problem Hi, If you ran your tests with an other user than the one NRPE is using on your server, may be he can't overwrite your /tmp/messages file and trigger a CRITICAL state (I see in your tests you are logged in as root). Marc-André On 11/04/2011 04:53 AM, Brandstaetter, Sigmund wrote: Hi Guys, First of all, hello, since this is my first post to the list. I hope some of you will be able to give me some input on my problem. I have a Nagios Server to monitor some Hosts (Nagios 3.3.1) using NRPE and SNMP Checks I wanna check a logfile for eg. the string error. The check works fine when I run it locally, meaning, after the check detects the pattern, it creates an alert, then, on the next check, if no new pattern was detected, it will return OK. When I now run the check via nrpe from the nagios server, it will also detect the pattern, but it will also come back with CRITICAL on each check thereafter even if there have been no additional occurrences of it. This is what the corresponding line in the nrpe.cfg on the remote host looks like for this check: command[check_messages]=/usr/local/nagios/libexec/check_log -F /var/log/messages -O /tmp/messages -q error Note that all other checks work fine, so nrpe works fine. EG: [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error But locally on the host, using the same check_log with the same parameters that I have in my nrpe.cfg it works: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error (13) Nov 4 10:49:57 tuphlog1 nagios: SERVICE NOTIFICATION: nagiosadmin;tuphweb2;LOG - Authentication Errors;UNKNOWN;notify-service-by-email;Log check error: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error Log check ok - 0 pattern matches found Any Idea what could be the problem? Cheers Sigmund -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null smime.p7s Description: S/MIME cryptographic signature -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log via check_nrpe problem
Hi Guys, First of all, hello, since this is my first post to the list. I hope some of you will be able to give me some input on my problem. I have a Nagios Server to monitor some Hosts (Nagios 3.3.1) using NRPE and SNMP Checks I wanna check a logfile for eg. the string error. The check works fine when I run it locally, meaning, after the check detects the pattern, it creates an alert, then, on the next check, if no new pattern was detected, it will return OK. When I now run the check via nrpe from the nagios server, it will also detect the pattern, but it will also come back with CRITICAL on each check thereafter even if there have been no additional occurrences of it. This is what the corresponding line in the nrpe.cfg on the remote host looks like for this check: command[check_messages]=/usr/local/nagios/libexec/check_log -F /var/log/messages -O /tmp/messages -q error Note that all other checks work fine, so nrpe works fine. EG: [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error [root@xx libexec]# ./check_nrpe -H xx -c check_messages (2) error But locally on the host, using the same check_log with the same parameters that I have in my nrpe.cfg it works: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error (13) Nov 4 10:49:57 tuphlog1 nagios: SERVICE NOTIFICATION: nagiosadmin;tuphweb2;LOG - Authentication Errors;UNKNOWN;notify-service-by-email;Log check error: [root@xx libexec]# ./check_log -F /var/log/messages -O /tmp/messages -q error Log check ok - 0 pattern matches found Any Idea what could be the problem? Cheers Sigmund smime.p7s Description: S/MIME cryptographic signature -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log multiple pattern and filtering
Hi list, 1. any suggestions how to check multiple pattern with one command? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error|connection timed out|SCSI transport failed 2. Is there a way to ignore lines from the result? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error This will search for all errors. But what can I do to ignore lines with with spezial errors like Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @ MB.P0.F0.RS has FAILED. regards, Tobias -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log multiple pattern and filtering
On Dec 3, 2009, at 2:09 AM, Tobias Exner wrote: 1. any suggestions how to check multiple pattern with one command? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error|connection timed out|SCSI transport failed check_log uses egrep to search for the pattern. Your example will work. You should be able to test this -- $ ./check_log -F /var/log/messages -O /tmp/foo.log -q notfound|winbind|this really works (313) Dec 3 08:59:57 noctools sshd[10928]: pam_winbind(sshd:account): request failed $ echo $? 2 Remember the check_log only parses lines seen _after_ each successive run. 2. Is there a way to ignore lines from the result? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error This will search for all errors. But what can I do to ignore lines with with spezial errors like Not with check_log but you can with check_log2.pl -- $ ./check_log2.pl --help check_log2.pl (nagios-plugins 1.4.3) 1.2 The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute copies of the plugins under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Scan arbitrary log files for regular expression matches. Usage: check_log2.pl -l log_file -s log_seek_file -p pattern [-n negpattern] -c | --critical Usage: check_log2.pl [ -v | --version ] Usage: check_log2.pl [ -h | --help ] -l, --logfile=logfile The log file to be scanned -s, --seekfile=seekfile The temporary file to store the seek position of the last scan -p, --pattern=pattern The regular expression to scan for in the log file -n, --negpattern=negpattern The regular expression to skip in the log file -- Marc -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log multiple pattern and filtering
Marc, thank you... point 1 is now clear for me.. point 2 I checked my plugins version. It's 1.4.13,REV=2009.04.26 from blastwave. Is there an other repository available or do I have to compile it all by my self? regards, Tobias Marc Powell schrieb: On Dec 3, 2009, at 2:09 AM, Tobias Exner wrote: 1. any suggestions how to check multiple pattern with one command? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error|connection timed out|SCSI transport failed check_log uses egrep to search for the pattern. Your example will work. You should be able to test this -- $ ./check_log -F /var/log/messages -O /tmp/foo.log -q notfound|winbind|this really works (313) Dec 3 08:59:57 noctools sshd[10928]: pam_winbind(sshd:account): request failed $ echo $? 2 Remember the check_log only parses lines seen _after_ each successive run. 2. Is there a way to ignore lines from the result? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error This will search for all errors. But what can I do to ignore lines with with spezial errors like Not with check_log but you can with check_log2.pl -- $ ./check_log2.pl --help check_log2.pl (nagios-plugins 1.4.3) 1.2 The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute copies of the plugins under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Scan arbitrary log files for regular expression matches. Usage: check_log2.pl -l log_file -s log_seek_file -p pattern [-n negpattern] -c | --critical Usage: check_log2.pl [ -v | --version ] Usage: check_log2.pl [ -h | --help ] -l, --logfile=logfile The log file to be scanned -s, --seekfile=seekfile The temporary file to store the seek position of the last scan -p, --pattern=pattern The regular expression to scan for in the log file -n, --negpattern=negpattern The regular expression to skip in the log file -- Marc -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log multiple pattern and filtering
Hi, echo Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] POWER_FAN @MB.P0.F0.RS has FAILED. messages echo Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @MB.P0.F0.RS has FAILED. messages echo Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @MB.P0.F0.RS has FAILED. messages echo Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @MB.P0.F0.RS has FAILED. messages echo Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN @MB.P0.F0.RS has FAILED. messages $ check_logfiles --tag miscerrors --logfile messages --criticalpattern error|connection timed out|SCSI transport failed --criticalexception CPU_FAN @MB.P0.F0.RS has FAILED --report long CRITICAL - (2 errors in check_logfiles.protocol-2009-12-03-17-34-46) - Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN @MB.P0.F0.RS has FAILED. ...|miscerrors_lines=5 miscerrors_warnings=0 miscerrors_criticals=2 miscerrors_unknowns=0 tag miscerrors CRITICAL Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] POWER_FAN @MB.P0.F0.RS has FAILED. Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN @MB.P0.F0.RS has FAILED. with check_logfiles you can define special cases (criticalexceptions) which do not count even if they match in the first place. As you see from the performance data miscerrors_lines=5 5 lines of the messages-file were scanned. The last match is shown in the 1st line of the plugin's output. With the option --report long you get the complete list of all matched lines. (2 errors in check_logfiles.protocol-2009-12-03-17-34-46) means, the matched lines were also written in a protocol file for later analysis. This can be switched off with --noprotocol. You find the plugin at http://labs.consol.de/nagios/check_logfiles Cheers, Gerhard -Ursprüngliche Nachricht- Von: Tobias Exner [mailto:tex...@eoipso.com] Gesendet: Donnerstag, 3. Dezember 2009 09:09 An: Nagios-Users Mailinglist Betreff: [Nagios-users] check_log multiple pattern and filtering Hi list, 1. any suggestions how to check multiple pattern with one command? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error|connection timed out|SCSI transport failed 2. Is there a way to ignore lines from the result? example: check_log -F /var/adm/messages -O /var/adm/nagios_messages -q error This will search for all errors. But what can I do to ignore lines with with spezial errors like Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @ MB.P0.F0.RS has FAILED. regards, Tobias -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log multiple pattern and filtering
On Dec 3, 2009, at 9:31 AM, Tobias Exner wrote: Marc, thank you... point 1 is now clear for me.. point 2 I checked my plugins version. It's 1.4.13,REV=2009.04.26 from blastwave. Is there an other repository available or do I have to compile it all by my self? I don't use repositories and always compile from source myself. I have none that I can recommend. -- Marc -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log + mysqld.log
Hi, On 10/12/2007, Roger [EMAIL PROTECTED] wrote: I'm thinking about using check_log to monitor mysqld.log I've found it more useful to check the status of the mysql processes themselves rather than the log file. So I monitor the number of active connections, and those in a locked state and alert when either of these values gets too high. I therefore use the following :- 1) a basic perl script to process the 'processlist' command (it could be improved by parameterising the thresholds, I've just never felt the need to do so) :- #!/usr/bin/perl # mysql-procs.pl use vars qw($PROGNAME); use lib /usr/local/nagios/libexec ; use utils qw (%ERRORS print_revision support); my(@res) = ` mysqladmin --user=??? --password=??? processlist`; my($tcount) = 0; my($lcount) = 0; my($status) = OK; foreach(@res) { $tcount++ if(m/auser/); # check for a specific user connecting $tcount++ if(m/buser/); # check for another specific user connecting $lcount++ if(m/Locked/); # check for Locked processes } $status = WARNING if($tcount 200); $status = CRITICAL if($lcount 5); print MYSQL-PROCS . $status . - . $tcount . processes, . $lcount . locked\n; exit $ERRORS{$status}; which is run out of nrpe on the server hosting the mysql database. 2) an nrpe.cfg entry on the server :- command[check_mysqlprocs]=/home/nagios/mysql-procs/mysql-procs.pl 3) a service within the nagios configuration :- define service { nameops-mysql-procs use ops-service service_description MYSQL-PROCS max_check_attempts 3 normal_check_interval 5 retry_check_interval2 check_command check_nrpe!check_mysqlprocs register0 } 4) a service line for each host with a mysql database running :- define host { use live-host host_name mysql-dbserver aliasmysql server parents big-switch address ???.???.???.??? check_command check-host-alive } ... define service { use ops-mysql-procs host_name mysql-dbserver } The log file monitoring is okay, but knowing when the entire database is locked out is far more useful I feel. regards, Mark - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log + mysqld.log
Hi Roger, I don't know much about MySQL to know which types of errors that I should be looking for and am hoping others here might have some recipes / hacks that they use that they might share what has worked well for them. if you use check_logfiles instead of check_log, you can squeeze multiple patterns to look for in a service. You call it with a configuration file which for example looks like this: @searches = ( { tag = 'mysqlerr', logfile = '/var/log/mysql/mysql.log', # wherever your logfile is rotation = 'mysql\.log\.old', # must match the rotated logfile(s) criticalpatterns = [ 'Error', 'you hit a bug', 'Disk is full', 'find out where mysqld died', 'Number of processes running now: 0', ], warningpatterns = [ 'should be repaired', 'try to repair it', 'InnoDB: Database was not shut down normally' ], }, { tag = 'mysqlrecover', logfile = '/var/log/mysql/mysql.log', rotation = 'mysql\.log\.old', criticalpatterns = [ 'InnoDB: Starting crash recovery', ], okpatterns = [ 'InnoDB: Apply batch completed' ] } ); And where check_log didn't work (say you needed more intelligent log watching), I don't know if this can already be called intelligence, but in the last lines you can see an example for a so-called okpattern which is able to remedy a criticalpattern found shortly before. Another feature is the possibility to call external scripts or a perl subroutine if specific patterns are found. This could be used to automatically restart mysqld or maybe automatically repair tables. You can find it at http://www.consol.com/opensource/nagios/check-logfiles Greetings from Munich, Gerhard - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log + mysqld.log
I'm thinking about using check_log to monitor mysqld.log e.g. check_log -F /var/log/mysqld.log -O /tmp/mysqdLogTest.log -q STRING_TO_LOOK_FOR I don't know much about MySQL to know which types of errors that I should be looking for and am hoping others here might have some recipes / hacks that they use that they might share what has worked well for them. And where check_log didn't work (say you needed more intelligent log watching), what did you use in its place? Some log checking program like Swatch or SEC? - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log problems
Hi, I am trying to use check_log on a solaris box but without luck. Any advise from this group ? % ./check_log -F /home/oracle/admin/cdocs/bdump/alert_cdocs.log -O /tmp/alert_cdocs.log -q ORA-00600 Log check data initialized... % ./check_log -F /home/oracle/admin/cdocs/bdump/alert_cdocs.log -O /tmp/alert_cdocs.log -q ORA-00600 ./check_log[191]: 0403-057 Syntax error at line 206 : ``' is not matched. % ./check_log --version check_log (nagios-plugins 1.4.5) The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute copies of the plugins under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Thank Martin - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log and notifications
having a bit of trouble with notifications and the check_log command. i got the command working, so it is actually reporting the correct error (from my nagios log): [1151941987] SERVICE ALERT: Appserver1;Message Log;CRITICAL;SOFT;1;(1) [ERROR ] however, there is no email notification triggered for this critical warning. i have double and triple checked my config files... and can't find the problem. here are my configs: ***services config snip*** notification_optionsw,c,r contact_groups ProdNotification this contact group has a member that IS set up for email notification. the interesting part about all of this is that i am getting email's from other services that report critical problems so it only seems to be this one command causing me trouble. any help would be greatly appreciated. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log and notifications
Hi Ryan, Nagios won't execute notifications on SOFT states. Try to decrease the max_check_attempt of this Log checking Service to something like 1 and have a look. Best wishes Hendrik Ryan Wilcox schrieb: having a bit of trouble with notifications and the check_log command. i got the command working, so it is actually reporting the correct error (from my nagios log): [1151941987] SERVICE ALERT: Appserver1;Message Log;CRITICAL;SOFT;1;(1) [ERROR ] however, there is no email notification triggered for this critical warning. i have double and triple checked my config files... and can't find the problem. here are my configs: ***services config snip*** notification_optionsw,c,r contact_groups ProdNotification this contact group has a member that IS set up for email notification. the interesting part about all of this is that i am getting email's from other services that report critical problems so it only seems to be this one command causing me trouble. any help would be greatly appreciated. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log and check_logfiles
Hi, I want to monitor a certain pattern in a log file so I've been testing check_logfiles and check_log but what I want it to do is that when the pattern repeats itself 5 times (for example) then give an alert not just with one time, I can't figure out how to do this with nagios plugins. Has anyone done anything like this before with those plugins or should I write my own plugin? Thanks for your help Jorge This message was sent using IMP, the Internet Messaging Program. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log and check_logfiles
Hi Jorge, do you mean _this_ check_logfiles? http://www.nagiosexchange.org/Misc.54.0.html?tx_netnagext_pi1%5Bp_view%5D=5 38 to do is that when the pattern repeats itself 5 times (for example) then give an alert not just with one time, I can't figure out how to do this with nagios plugins. Has anyone done anything like this before with those plugins or should I write my own plugin? you can define an action for the pattern which updates a counter and stores it in a temporary file. unfortunately the script also must do the alarming with send_nsca. I am the author of the above plugin. In the moment i'm a bit busy, but if you can wait some days, i will try to add such functionality. Greetings from munich, Gerhard Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log and check_logfiles
Thanks for your reply Gerhard, yes I meant that check_logfiles. You see I have an application running on a linux server and I want to search the logs for a specific error message but I only want it to raise an alarm (status change to critical) if in a single check it finds more than five of that type of error in that execution of the plugin. Your plugin is pretty good so if you modify it let me know to try it out. Thanks a lot! Jorge Quoting Gerhard Lausser [EMAIL PROTECTED]: Hi Jorge, do you mean _this_ check_logfiles? http://www.nagiosexchange.org/Misc.54.0.html?tx_netnagext_pi1%5Bp_view%5D=5 38 to do is that when the pattern repeats itself 5 times (for example) then give an alert not just with one time, I can't figure out how to do this with nagios plugins. Has anyone done anything like this before with those plugins or should I write my own plugin? you can define an action for the pattern which updates a counter and stores it in a temporary file. unfortunately the script also must do the alarming with send_nsca. I am the author of the above plugin. In the moment i'm a bit busy, but if you can wait some days, i will try to add such functionality. Greetings from munich, Gerhard -- This message was sent using IMP, the Internet Messaging Program. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log
in check_log, find lines: if [ $count = 0 ]; then # no matches, exit with no error $ECHO Log check ok - 0 pattern matches found\n exitstatus=$STATE_OK change $count = 0 to $count = 5. change Log check ok - 5 pattern matches found\n Ken A Pacific.Net Julie S. Lin wrote: Hi i am trying set up montoring, i'd like check_log to looks for 5 instances of a string to be successful (i.e for an oracle backup, each table space must be backed up successfully) is there an easy way to do this? I'd greatly appreciate any advice or documention that could help. --julie ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log false alarms
Hi I am running Nagios 1.2 on RedHat 9. I have check_log set up to monitor oracle errors. A cron jobs copies a fresh copy of the appropriate log file to the nagios server every 5 min; The service is checked every 12 minutes. Every once in a while (no pattern) I'll get a very odd and false alarm, indicating many instances of the string. Since I'm a relative newbie, perhaps I don't have this optimally configured? I have another check_log set up in the same manner, just different log file and different string, and that works fine! If anyone has any suggestions or ideas why this would be behaving differently, I'd greatly appreciate it. thanks much in advance. here is the error message * Nagios * Notification Type: PROBLEM Service: LOGCHECK-Ora Host: database Address: 192.168.x.x State: CRITICAL Date/Time: Thu May 18 12:52:19 PDT 2006 Additional Info: (547) ORA-959 signalled during: alter tablespace DATAEXCHDBO coalesce... here is my services.cfg entry define service{ use generic-service hostgroup_name db-server service_description LOGCHECK-Ora is_volatile 0 check_period24x7 max_check_attempts 1 normal_check_interval 12 retry_check_interval1 contact_groups joe, julie notification_interval 120 notification_period 24x7 notification_optionsw,c check_command check_log_ora } here is my checkcommands.cfg entry # 'check_log' command definition define command{ command_namecheck_log_ora command_line$USER1$/check_log -F /tmp/dbmessages -O /tmp/check_log_dbmessages -q ORA- } --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log
Hello: Newbie question here: Is it possible to perform a check_log on a remote host and check to see if the log tail is scrolling? I have a perl script to parse for strings but I need to be able to identify if the logs are advancing? Many Thanks, David
[Nagios-users] check_log
Can anybody give me an example of a correct command definition for check_log ? I'm looking to locate the word 'Error' in /var/log/messages on each machine. If anyone can forward example portions of their services.cfg and checkcommand.cfg files I would be most grateful! So far I've been able to get the correct syntax :( Many thanks in advance Mark --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_log
Maccy wrote: Can anybody give me an example of a correct command definition for check_log ? I'm looking to locate the word 'Error' in /var/log/messages on each machine. If anyone can forward example portions of their services.cfg and checkcommand.cfg files I would be most grateful! So far I've been able to get the correct syntax :( Many thanks in advance Mark --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null what i am trying to get to work as it seems to do the job much better. /opt/nagios/libexec/check_log2.pl -l /var/adm/messages -s /tmp/seekfile -p auth from nrpe on my solaris 5.9 box: command[check_log_warning]=/opt/nagios/libexec/check_log -F /var/adm/messages -O /tmp/messages.warning -q warning --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
RE: [Nagios-users] Check_Log - SOLUTION
All, Thanks for all the help/information regarding this subject. I have found a solution that works in this case. The problem is that the % is a directive for printf. Since the % was in the string, printf thinks it should be a directive. Since I had no need for the % in the output string, I removed it. I changed the check_log script with the following: OLD: $ECHO ($count) $lastentry NEW: $ECHO ($count) $lastentry | /bin/sed 's/%//' I'm sure there is probably a more efficient way of doing this, but it was a quick fix for me. Thanks! Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Koponick Sent: Saturday, March 04, 2006 7:59 AM To: James Turnbull Cc: Nagios Users Subject: RE: [Nagios-users] Check_Log Sure. Here is the service check command: define service { use Sensor-Log hostgroup_name Firewalls service_description Check_Log check_command check_log!/var/log/messages!/usr/local/nagios/var/PIX-Deny.log!Deny register1 } Here is the template that I am using: define service{ nameSensor-Log is_volatile 0 max_check_attempts 1 normal_check_interval 1 retry_check_interval1 passive_checks_enabled 0 active_checks_enabled 1 check_period24x7 parallelize_check 1 obsess_over_service 1 check_freshness 0 event_handler_enabled 0 flap_detection_enabled 0 process_perf_data 1 retain_status_information 1 retain_nonstatus_information1 contact_groups Support notification_interval 0 notification_period 24x7 notification_optionsw,c notifications_enabled 0 register0 } Here is my check command: define command { command_namecheck_log command_line$USER1$/check_log -F $ARG1$ -O $ARG2$ -q $ARG3$ Thanks! Mike -Original Message- From: James Turnbull [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 6:33 PM To: Mike Koponick Cc: Nagios Users Subject: Re: [Nagios-users] Check_Log Mike Koponick wrote: I wanted to say thanks to all who responded to my question regarding parsing syslog files. Thanks! But, I was wondering about check_log. It seems that it would work for my environment. However I see that I have run into a snag of sorts. Can you post the command/etc you are using check_log in to parse the log? Regards James Turnbull -- James Turnbull [EMAIL PROTECTED] --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/159059/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0C42DF40) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=kkid0944bid$1720dat1642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
RE: [Nagios-users] Check_Log
Sure. Here is the service check command: define service { use Sensor-Log hostgroup_name Firewalls service_description Check_Log check_command check_log!/var/log/messages!/usr/local/nagios/var/PIX-Deny.log!Deny register1 } Here is the template that I am using: define service{ nameSensor-Log is_volatile 0 max_check_attempts 1 normal_check_interval 1 retry_check_interval1 passive_checks_enabled 0 active_checks_enabled 1 check_period24x7 parallelize_check 1 obsess_over_service 1 check_freshness 0 event_handler_enabled 0 flap_detection_enabled 0 process_perf_data 1 retain_status_information 1 retain_nonstatus_information1 contact_groups Support notification_interval 0 notification_period 24x7 notification_optionsw,c notifications_enabled 0 register0 } Here is my check command: define command { command_namecheck_log command_line$USER1$/check_log -F $ARG1$ -O $ARG2$ -q $ARG3$ Thanks! Mike -Original Message- From: James Turnbull [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 6:33 PM To: Mike Koponick Cc: Nagios Users Subject: Re: [Nagios-users] Check_Log Mike Koponick wrote: I wanted to say thanks to all who responded to my question regarding parsing syslog files. Thanks! But, I was wondering about check_log. It seems that it would work for my environment. However I see that I have run into a snag of sorts. Can you post the command/etc you are using check_log in to parse the log? Regards James Turnbull -- James Turnbull [EMAIL PROTECTED] --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/159059/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0C42DF40) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
AW: [Nagios-users] Check_Log
Hi Mike, i have no answer to your question why the text is being cut off, maybe the string with the % inside ends up somewhere in a printf command, so the % is treated like part of a format string. Look at the notification command of contact_group Support for that. But what i saw is the is_volatile option in your template. You should set it to 1, because each time you read the logfile, you remove the cause of the alert by not reading the same lines of the logfile again. If you get an alert when you run check_log next time, then another match has been found which must be treated as a separate event. Greetings from munich, Gerhard Here is the service check command: define service { use Sensor-Log hostgroup_name Firewalls service_description Check_Log check_command check_log!/var/log/messages!/usr/local/nagios/var/PIX-Deny.log!Deny register1 } Here is the template that I am using: define service{ nameSensor-Log is_volatile 0 max_check_attempts 1 normal_check_interval 1 retry_check_interval1 passive_checks_enabled 0 active_checks_enabled 1 check_period24x7 parallelize_check 1 obsess_over_service 1 check_freshness 0 event_handler_enabled 0 flap_detection_enabled 0 process_perf_data 1 retain_status_information 1 retain_nonstatus_information1 contact_groups Support notification_interval 0 notification_period 24x7 notification_optionsw,c notifications_enabled 0 register0 } Here is my check command: define command { command_namecheck_log command_line$USER1$/check_log -F $ARG1$ -O $ARG2$ -q $ARG3$ Thanks! Mike -Original Message- From: James Turnbull [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 6:33 PM To: Mike Koponick Cc: Nagios Users Subject: Re: [Nagios-users] Check_Log Mike Koponick wrote: I wanted to say thanks to all who responded to my question regarding parsing syslog files. Thanks! But, I was wondering about check_log. It seems that it would work for my environment. However I see that I have run into a snag of sorts. Can you post the command/etc you are using check_log in to parse the log? Regards James Turnbull -- James Turnbull [EMAIL PROTECTED] --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/159059/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0C42DF40) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Check_Log
I wanted to say thanks to all who responded to my question regarding parsing syslog files. Thanks! But, I was wondering about check_log. It seems that it would work for my environment. However I see that I have run into a snag of sorts. Im parsing out Cisco PIX logs, and was able to parse out Deny type logs successfully. However, Im only getting part of the syslog message. Here is what I receive in MySQL: (36) Mar 3 14:22:11 secure-primary Mar 03 2006 14:59:44: If I look at the Nagios log (External Commands) I also see the chopped line, so it appears to be occurring during the parsing process. Here is the syslog entry: Mar 3 14:22:11 secure-primary Mar 03 2006 14:59:44: %PIX-4-106023: Deny udp src inside:10.xxx.xxx.xxx/12346 dst EXTRANET:192.168.xx.xx/12345 by access-group inside It appears to be failing at the % on the syslog entry. Thanks in advance, Mike
Re: [Nagios-users] Check_Log
Mike Koponick wrote: I wanted to say thanks to all who responded to my question regarding parsing syslog files. Thanks! But, I was wondering about check_log. It seems that it would work for my environment. However I see that I have run into a snag of sorts. Can you post the command/etc you are using check_log in to parse the log? Regards James Turnbull -- James Turnbull [EMAIL PROTECTED] --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/159059/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0C42DF40) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_log usage
Hi All I have two solaris boxen in my group eagle-servers. however, they claims 0 pattern match and check OK under service detail even though I edited the log file and put it Memory Error for testing purposes.. Could someone kindly have a look at let me know what small change I need to make? thanks. julie I have configured check_log in services.cfg follows : define service{ use generic-service hostgroup_name eagle-servers service_description LOGCHECK-Mem is_volatile 0 check_periodworkhours max_check_attempts 1 normal_check_interval 10 retry_check_interval1 contact_groups julie notification_interval 120 notification_period workhours notification_optionsw,u,c check_command check_log } I have configured the check_log in checkcommands.cfg as follows: # 'check_log' command definition define command{ command_namecheck_log command_line$USER1$/check_log -F /var/adm/messages -O /tmp/check_log_messages -q Memory Error } --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null