check_events.pl

Project Notes

#############
Description:
#############

This plugin will scan arbitrary text files looking for down and up events.
The events are searched using Perl regular expressions. When a down event is found,
the plugin exits with either WARNING (-W) or CRITICAL (-C). This is ideal for
searching an snmp trap logfile. The plugin can run i two modes:

1) Default mode
When both a down event and an up event are added to the logfile since the
last run the plugin will exit with an OK, i.e you have missed the glitch.

2) Glitch mode ( -G | --glitch )
When both a down event and an up event are added to the logfile since the
last run the plugin will exit with WARNING or CRITICAL depending on the
-W (warning) and -C (critical) flag. The next run of the plugin will
start the search for new events after the <last> down event. This can be
useful when the glitch is shortlived.

#######
Usage:
#######

check_events.pl [ -W (warning) ] [ -C (critical)> ] [ -L <log filename> ] [ -S <seek filename> ] [ -D <down event text> ] [ -U <up event text> ]

-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[<section>[@<config_file>]]
Section and/or config_file from which to load extra options (may repeat)
-W, --warning
Report Warning if down event text is found (default)
-C, --critical
Report Critical if down event text is found
-L, --logfile
Filename to read and parse
-S, --seekfile
Filename to store last pos and other runtime things
If not specified, it is computed using an md5 hash of the down & up
event and slightly modified name of the logfile. Example:
"/var/tmp/check_events/<logfile>.seekfile.<md5hash>"
-D, --downevent
Regular expression, matching the down event text
-U, --upevent
Regular expression, matching the down event text
-G, --glitch
Enable glitch finding mode, when a new down event is found
exit with a WARNING or CRITICAL status and save the file position.
Next time the plugin executes, start the scan at the line after
down event.
-t, --timeout=INTEGER
Seconds before plugin times out (default: 30)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)

########
Output:
########

This plugin returns OK when a file is successfully scanned and no pattern
matches are found or when only up events are found.
If only down events are found, WARNING or CRITITCAL will be returned, depending
on the -W | --warning and -C | --critical flags. WARNING is the default.
Consequently executions of the plugin will return the last status until
an up event is found in the logfile.

If you specify a seekfile,
You *must* supply a different <seekfile> for each service that
you define to use this plugin script - even if the different services
check the same <logfile> for pattern matches. This is necessary
because of the way the script operates.

##########
Examples:
##########

check_events.pl -L /var/log/snmptrapd.log -D "utility power failure" -U "utility power restored"

Example output:
check_events.pl CRITICAL - SNMPv2-SMI::enterprises.318.2.3.3.0 "UPS: Switched to battery backup power; utility power failure."

Example content of a seekfile (/var/log/check_events/_var_log_snmptrapd_log.seekfile.28cf8cb1cc203a6a820121bc0a4b720e)
SNMPv2-SMI::enterprises.318.2.3.3.0 "UPS: Switched to battery backup power; utility power failure."
#param# pos=2504
#param# state=2
#param# fsize=2504

#########################################################################################