Check LogServer

check_logserver is a plugin to test a logs server by sending it a unique log and then checking that log was received properly.

It is flexible enough to test via either TCP or UDP on any port, and to query a MySQL database either on the same host or another host for the log to make sure it has come through the whole log server and been stored correctly. It should be flexible enough for use with any syslog implementation using a MySQL storage back end.

I wrote this originally for the typical Syslog-NG / MySQL logserver combination since the joining bit between Syslog-NG and MySQL can break and it is not easily testable without sending a log and checking if it actually comes through to the back end storage.

I may consider adding support for file based or Oracle back end log servers if there is demand.

DOCUMENTATION

Note: Requires the python MySQLdb library to be installed.
On Gentoo, a simple "emerge mysql-python" is required.
On Debian, simply "apt-get install python-mysqldb"
On Redhat, try "yum install MySQL-python"
or get the library from http://sourceforge.net/projects/mysql-python here


Basic Usage:
./check_logserver -H logservername -U mysqluser -P mysqlpassword

At the minimum, you must specify a logserver and a MySQL username and password. Chances are you may be using a different logserver port other than the standard syslog port 514, or have a different MySQL structure, in which case you will need to use some of following switches:


Full Detailed Usage:
./check_logserver -H logservername -p logserverport -U mysqluser -P mysqlpassword -M mysqlserver -m mysqlport -D mysqldatabase -T mysqltable -C mysqlcolumn -d delayinseconds -t timeoutinseconds -v

Optional Switches:

-p logserverport Useful if you run your logserver on a non-standard port
-M mysqlserver Only needed if the mysql database backend is on another server to the logserver
-m mysqlport Only needed if MySQL is listening on a non-default port, otherwise the default 3306 is used
-D mysqldatabase Needed to specify the database name. Defaults to "syslog". Specify if your database is called something else
-T mysqltable Needed to specify the table name. Defaults to "logs". Specify if your logs table is called something else
-C mysqlcolumn Is needed to specify the table column that the log body is kept in. Defaults to "msg". Specify if you have called your column something else
-v verbose mode Use 2 or 3 times for full debugging output

Recommended Switches:

-d seconds The delay between sending the log to the logserver and checking for it in the MySQL database backend. Defaults to 0 seconds. If your server does not immediately insert the log, you should specify a wait time in seconds using this switch to give the logserver a chance to insert the log into the database table, especially if you are using batch inserts or have a slow logserver
-t seconds The timeout for the whole logserver test. This defaults to 30 seconds. It is recommended that this switch be used to increase that timeout if it takes more than around 30 seconds to query the log table of the MySQL server which it probably will unless you have a fast MySQL database. Usually, the message body column in the logs table on a logserver is not suitable for indexing and so a full table scan must be done which is slow, hence you may need to use this switch to increase the default timeout value.
Recommended - Passive Service Check

If implementing as passive service check (which is recommended) then I suggest that you try NSCA Wrapper to instantly turn it into a passive service check that can be put in cron (still requires nsca to be set up but this is simple). NSCA Wrapper can be found at p_view=980 Nagios Exchange NSCA Wrapper">http://www.nagiosexchange.org/Check_Plugins.21.0.html?&tx_netnagext_pi1p_view=980 Nagios Exchange NSCA Wrapper. (This is a nice and easy way of turning any plugin into a passive check without having to write any wrapper script, hence it is a generic nsca wrapper)
Extra: MySQL Authentication etc...

You will need to use a valid username and password for the mysql database to connection to and run a query against the logs table. Remember that if you are running the check against a remote MySQL server you must grant remote logon rights to that user and check that the MySQL database is listening on 0.0.0.0 and not 127.0.0.1 otherwise you will not be able to connect to it remotely.

Recent MySQL installations may come listening on 127.0.0.1 by default, remember to change this in /etc/mysql/my.cnf or wherever your my.cnf is and change the following line

bind-address = 127.0.0.1

to

bind-address = 0.0.0.0

then restart MySQL.

Support

For support, feedback, bug reports or feature requests, you can contact me at hpsekhon(AT)googlemail.com.