Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_logfiles
== check_logfiles Nagios Plugin README
This plugin looks for patterns in files. It is capable of detecting
logfile rotation. If you tell it how the rotated archives look like, it
will also examine these files. Traditional logfile plugins were not aware
of the gap which could occur, so under some circumstances they ignored
what had happened between their checks. In a production environment
this is not tolerable, that's why check_logfiles came into being.
Send mail to gerhard.lausser@consol.de or use the sourceforge forum
for assistance. Please include the OS type and version that you are using.
Also, run the plugin with the '-d' option and provide the resulting
version information. Of course, there may be additional diagnostic information
required as well. Use good judgment.
== Command line parameters
--logfile=
This is the logfile which will be scanned.
--criticalpattern=
This is the regular expression which will raise a critical error if found.
--warningpattern=
This is the regular expression which will raise a critical error if found.
Usage is optional.
--tag=
This is a unique identifier for this logfile/pattern combination.
You _must_ use it if you plan to call check_logfiles with more than one
of these combinations.
Usage is optional but strongly recommended.
--noprotocol
If you do not want all the matching lines being written to a protocol file,
set this option.
Usage is optional.
--syslogserver
If the server this script is running on is a syslogserver with messages from
several hosts in the logfile, you can limit the scan to lines originationg
from the local host.
Usage is optional.
-f
Instead of describing on the command line what you search and where you
search, you can describe much more complex configurations in a file.
-d
With this option you can turn on debugging. A file /tmp/check_logfiles.trace
will be created and check_logfile's inner working will be logged into it.
An alternative way to turn on debugging is to create the tracefile yourself.
This is the preferred method to debug on the fly if you don't want to
change your nagios configuration and add the "-d" to your command_line.
== Examples:
#
# This is a simple example where you look for messages indicating
# an overheated cpu in a hp-ux box
#
/opt/nagios/libexec/check_logfiles --tag=toohot
--logfile=/var/adm/syslog/syslog.log --rotation=HPUX
--criticalpattern=OVERTEMP --noprotocol
#
# In this example check_logfiles is used as a standalone program.
# It reads it's rules from this config file.
# Scan /var/adm/messages for SAN-related errors and send an alert
# via the send_nsca command.
#
$scriptpath = '/usr/bin/nagios/libexec:/usr/local/nagios/contrib';
$MACROS = {
NAGIOS_HOSTNAME => "oaschgeign.muc",
CL_NSCA_HOST_ADDRESS => "lpmon1.muc",
CL_NSCA_PORT => 5778
};
$postscript = 'send_nsca';
$postscriptparams = '-H $CL_NSCA_HOST_ADDRESS$ -p $CL_NSCA_PORT$
-to $CL_NSCA_TO_SEC$ -c $CL_NSCA_CONFIG_FILE$';
$postscriptstdin = '$CL_HOSTNAME$\t$CL_SERVICEDESC$\t$CL_SERVICESTATEID$\t$CL_SERVICEOUTPUT$\n';
@logs = (
{
tag => 'san',
logfile => '/var/adm/messages',
criticalpatterns => [
'Link Down Event received',
'Loop OFFLINE',
'fctl:.*disappeared from fabric',
'.*Lun.*disappeared.*'
],
},
);
#
# This config file implements checking if a syslog daemon really
# works. In the startup phase a message is sent to syslog.
# After a delay of five seconds this message will be searched for.
# If it cannot be found, this means syslogd is not running properly
# or not running at all. An alert will then be generated.
#
$scriptpath = '/usr/bin';
$prescript = 'logger';
$prescriptparams = '-t nagios';
$prescriptstdin = 'braver syslog ($CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$ $CL_DATE_HH$:$CL_DATE_MI$:$CL_DATE_SS$)';
$prescriptdelay = 5;
@logs = (
{
tag => 'syslogworks',
logfile => '/var/log/messages',
rotation => 'SUSE',
criticalpatterns => ['!nagios:\s+braver\s+syslog'],
options => 'noprotocol',
},
);
#
# This config file implements a simple method to monitor the
# hardware health of a solaris machine.
# From the prtdiag(1M) manpage:
# -l Log output. If failures or errors exist in the system,
# output this information to syslogd(1M) only.
# This means, if you run prtdiag and you find something
# prtdiag-related in the messages file, then there must be
# an error somewhere in the system.
#
$scriptpath = '/usr/platform/sun4u/sbin';
$prescript = 'prtdiag';
$prescriptparams = '-l';
@logs = (
{
tag => 'prtdiag',
logfile => '/var/adm/messages',
rotation => 'SOLARIS',
criticalpatterns => 'prtdiag:',
},
);
This plugin looks for patterns in files. It is capable of detecting
logfile rotation. If you tell it how the rotated archives look like, it
will also examine these files. Traditional logfile plugins were not aware
of the gap which could occur, so under some circumstances they ignored
what had happened between their checks. In a production environment
this is not tolerable, that's why check_logfiles came into being.
Send mail to gerhard.lausser@consol.de or use the sourceforge forum
for assistance. Please include the OS type and version that you are using.
Also, run the plugin with the '-d' option and provide the resulting
version information. Of course, there may be additional diagnostic information
required as well. Use good judgment.
== Command line parameters
--logfile=
This is the logfile which will be scanned.
--criticalpattern=
This is the regular expression which will raise a critical error if found.
--warningpattern=
This is the regular expression which will raise a critical error if found.
Usage is optional.
--tag=
This is a unique identifier for this logfile/pattern combination.
You _must_ use it if you plan to call check_logfiles with more than one
of these combinations.
Usage is optional but strongly recommended.
--noprotocol
If you do not want all the matching lines being written to a protocol file,
set this option.
Usage is optional.
--syslogserver
If the server this script is running on is a syslogserver with messages from
several hosts in the logfile, you can limit the scan to lines originationg
from the local host.
Usage is optional.
-f
Instead of describing on the command line what you search and where you
search, you can describe much more complex configurations in a file.
-d
With this option you can turn on debugging. A file /tmp/check_logfiles.trace
will be created and check_logfile's inner working will be logged into it.
An alternative way to turn on debugging is to create the tracefile yourself.
This is the preferred method to debug on the fly if you don't want to
change your nagios configuration and add the "-d" to your command_line.
== Examples:
#
# This is a simple example where you look for messages indicating
# an overheated cpu in a hp-ux box
#
/opt/nagios/libexec/check_logfiles --tag=toohot
--logfile=/var/adm/syslog/syslog.log --rotation=HPUX
--criticalpattern=OVERTEMP --noprotocol
#
# In this example check_logfiles is used as a standalone program.
# It reads it's rules from this config file.
# Scan /var/adm/messages for SAN-related errors and send an alert
# via the send_nsca command.
#
$scriptpath = '/usr/bin/nagios/libexec:/usr/local/nagios/contrib';
$MACROS = {
NAGIOS_HOSTNAME => "oaschgeign.muc",
CL_NSCA_HOST_ADDRESS => "lpmon1.muc",
CL_NSCA_PORT => 5778
};
$postscript = 'send_nsca';
$postscriptparams = '-H $CL_NSCA_HOST_ADDRESS$ -p $CL_NSCA_PORT$
-to $CL_NSCA_TO_SEC$ -c $CL_NSCA_CONFIG_FILE$';
$postscriptstdin = '$CL_HOSTNAME$\t$CL_SERVICEDESC$\t$CL_SERVICESTATEID$\t$CL_SERVICEOUTPUT$\n';
@logs = (
{
tag => 'san',
logfile => '/var/adm/messages',
criticalpatterns => [
'Link Down Event received',
'Loop OFFLINE',
'fctl:.*disappeared from fabric',
'.*Lun.*disappeared.*'
],
},
);
#
# This config file implements checking if a syslog daemon really
# works. In the startup phase a message is sent to syslog.
# After a delay of five seconds this message will be searched for.
# If it cannot be found, this means syslogd is not running properly
# or not running at all. An alert will then be generated.
#
$scriptpath = '/usr/bin';
$prescript = 'logger';
$prescriptparams = '-t nagios';
$prescriptstdin = 'braver syslog ($CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$ $CL_DATE_HH$:$CL_DATE_MI$:$CL_DATE_SS$)';
$prescriptdelay = 5;
@logs = (
{
tag => 'syslogworks',
logfile => '/var/log/messages',
rotation => 'SUSE',
criticalpatterns => ['!nagios:\s+braver\s+syslog'],
options => 'noprotocol',
},
);
#
# This config file implements a simple method to monitor the
# hardware health of a solaris machine.
# From the prtdiag(1M) manpage:
# -l Log output. If failures or errors exist in the system,
# output this information to syslogd(1M) only.
# This means, if you run prtdiag and you find something
# prtdiag-related in the messages file, then there must be
# an error somewhere in the system.
#
$scriptpath = '/usr/platform/sun4u/sbin';
$prescript = 'prtdiag';
$prescriptparams = '-l';
@logs = (
{
tag => 'prtdiag',
logfile => '/var/adm/messages',
rotation => 'SOLARIS',
criticalpatterns => 'prtdiag:',
},
);
Reviews (0)
Be the first to review this listing!
