check_log3.pl

This is check_log3.pl version 3.16.1





Usage: check_log3.pl [ -v | --version ]


Usage: check_log3.pl [ -h | --help ]


Usage: check_log3.pl --manual


Usage: check_log3.pl --list-encodings


Usage: check_log3.pl -l log_file|log_directory (-p pattern [-p pattern ...])|-P patternfile)


	[-i] [-n negpattern|-f negpatternfile ] [-s seek_file|seek_base_dir] [--show-filename]


	([-m glob-pattern] [-t most_recent|first_match|last_match] [--timestamp=time-spec] [-S string])


        [-d] [-D] [-a] [-C {-|+}n] [-q] [--ultraq] [-Q] ([-e '{ eval block }'|-E script_file]|--secure)


	([-N|--report-max=N]|[--report-only=N])|([-1|--stop-first-match]|[--report-first-match])


	[--ok]|([-w warn_count] [-c crit_count] [--negate])


	[--input-enc=encoding] [--output-enc=encoding] [--crlf]


	[--missing=STATE [--missing-msg=message]]


	[-R|--restartcommand] [-M|--returnmessage]











This plugin scans arbitrary text files for regular expression matches.





Log file control:





-l, --logfile=


    The log file to be scanned, or the fixed path component if -m is in use.


    If this is a directory, -t and -m '*' is assumed.


-s, --seekfile=


    The temporary file to store the seek position of the last scan.  If not


    specified, it will be automatically generated in /tmp, based on the


    log file's base name.  If this is a directory, the seek file will be auto-


    generated there instead of in /tmp.


    If you specify the system's null device (/dev/null), the entire log file


    will be read every time.


-m, --log-pattern=


    A glob(7) expression, used together with the -l option for selecting log


    files whose name is variable, such as time stamped or rotated logs.


    If you use this option, the -s option will be ignored unless it points to


    either a directory or to the null device (/dev/null).


    For selecting time stamped logs, you can use the following date(1)-like


    expressions, which by default refer to the current date and time:


	  %Y = year


	  %y = last 2 digits of year


	  %m = month (01-12)


	  %d = day of month (01-31)


	  %H = hour (00-23)


 	  %M = minute (00-59)


  	  %S = second (00-60)


	  %w = week day (0-6), 0 is Sunday


	  %j = day of year (000-365)


    Use the --timestamp option to refer to timestamps in the past.


	Note that the plugin only ever selects one log file to read.


	See also the -S option.


-S, --seekfile-id=


	For checks using -m, add this string to the generated seek file name to


	make different service checks using the same log patterns unique.


-t, --log-select=most_recent|first_match|last_match


    How to further select amongst multiple files when using -m:


     - most_recent: select the most recently modified file


     - first_match: select the first match (sorting alphabetically)


     - last_match: select the last match (this is the default)


--timestamp='(X months|weeks|days|hours|minutes|seconds)... [ago]'


    Use this option to make the time stamp macros in the -m expression refer


    to a time in the past, e.g. '1 day, 6 hours ago'.  The shortcuts 'now' and


    'yesterday' are also recognised.  The default is 'now'.


    If this expression is purely numerical it will be interpreted as seconds


    since 1970-01-01 00:00:00 UTC.





Search pattern control:





-p, --pattern=


    The regular expression to scan for in the log file.  If specified more


    than once, the patterns will be combined into an expression of the form


    'pattern1|pattern2|pattern3|...' (but also see the -A option).


-P, --patternfile=


    File containing regular expressions, one per line, which will be combined


    into an expression of the form 'line1|line2|line3|...' (but also see -A).


-A, --and


    Use AND instead of OR to combine multiple patterns specified via the -p or


    -P options.  A line must match all patterns to be counted as a match.


    This is equivalent to '(?=.*pattern1)(?=.*pattern2)(?=.*pattern3)...'.


-n, --negpattern=


    The regular expression to skip in the log file.  Can be specified multiple


    times, in which case they will be combined as 'pat1|pat2|pat3|...'.


-f, --negpatternfile=


    Specifies a file with regular expressions which will all be skipped.


-i, --case-insensitive


    Do a case insensitive scan.  Note, this is bad for performance.





Character set control:





--encoding=, --input-enc=


    Force a particular encoding on the log file and pattern files (but not


    custom eval scripts), such as utf-16, iso-8859-15, cp1252, koi8-r, etc.


    For example, to read Windows Unicode files you probably need "utf16le".


    Run the script with --list-encodings to see which encodings are supported.


    Warning: if you use this option and the patterns specified on the command


    line (with -p and -n) are not themselves in this encoding, you *must* use


    pattern files!  Also note that using this option is bad for performance.


--output-enc=


    Force a particular character encoding of the plugin output, as above.


    The plugin's default output encoding is UTF-8.


--list-encodings


    Show which character set encodings this plugin supports, and exits.


--crlf


    Translate CRLF line endings to Unix newlines; use this if you are reading


    logs generate on DOS/Windows PCs on a Unix machine and are getting '^M'


    characters in the output.  This option is also bad for performance.





Alerting control:





-w, --warning=


    Return WARNING if at least this many matches found.  The default is 1.


-c, --critical=


    Return CRITICAL if at least this many matches found.  The default is 0,


    i.e. don't return critical alerts unless specified explicitly.


-d, --nodiff, --nodiff-warn


    Return an alert if the log file was not written to since the last scan.


    By default this will result in a WARNING if not at least one line was


    written.  If no search pattern was specified, the -w and -c options can


    be used to control the number of expected lines.


-D, --nodiff-crit


    Return CRITICAL if the log was not written to since the last scan.  If no


    search pattern was specified this is equivalent to '-d -c 1'.


--missing=STATE [ --missing-msg="message" ]


    Return STATE instead of CRITICAL when no log file could be found, and


    optionally output a custom message (by default "No log file found").


    STATE must be one of OK, WARNING, CRITICAL or UNKNOWN.


    Note, if --missing is not specified, --missing-msg is ignored, and a


    standard error message is returned.


--missing-ok


    Equivalent to --missing=OK (for backwards compatibility).


--ok


    Always return an OK status to Nagios, unless there was an I/O error.


--negate


    Inverts the meaning of the -w and -c options, i.e. returns an alert if not


    at least this many matches are found.  (Note: this option is not useful in


    combination with --ok.)





Output control:





-N, --report-max=


    Stop after matching a maximum of  times.  The log may not be read


    all the way to the end of the file when using this option.


--report-only=


    Output a maximum of  lines and skip the rest (move the seek pointer


    to the end of the file).  Takes precedence over --report-max.


-1, --stop-first-match


    Stop at the first line matched, instead of the last one.  It will make the


    plugin report every single match (and implies an alerting threshold of 1).


    Equivalent to --report-max=1.


--report-first-only


    Stop at the first line matched, but also skip the remainder of the file.


    Use this option only when you are expecting many identical (or very similar)


    matches but only want to see the first one, and to ignore all subsequent


    matches until the next service check.  Equivalent to --report-only=1.


-a, --output-all


    Output all matching lines instead of just the last one.  Note that the


    plugin output may be truncated if it exceeds 4KB (1KB when using NRPE).


    Other agent software may impose other limits.  Note that you will lose


    performance data if output is truncated.


    If used together with --report-max or --report-only, will affect output


    but not stopping/EOF seeking behaviour.


-C, --context=[-|+]


    Output  lines of context before or after matched line; use -N for


    N lines before the match, +N for N lines after the match (if possible) or


    an unqualified number to get N lines before and after the match.


-R, --restartcommand=


    If the the log was not written to since the last scan and the -D option was


    used, prefix the status output with this string.  This is meant to be the


    name of a control script or systemd service that can be used by an event


    handler to restart the application the log file belongs to.


-M, --returnmessage=


    If the the log was not written to since the last scan and the -D option was


    used, append this message to the end of the service check output.  This can


    be used to provide instructions to operators or links to documentation.


    Make sure to use quotes to avoid problems.


-e, --parse=


-E, --parsefile=


    Custom Perl code block to parse each matched line with, or an external


    script.  If specified directly with -e the code should probably be in


    curly brackets and quoted.  It will be executed as a Perl 'eval' block.


    If the return code of the custom code is non-zero the line is counted


    against the threshold, otherwise it isn't and it will be as if the line


    did not match the pattern after all (though it is counted as perfdata).


    The current matching line will be passed to the eval code in $_.


    Set $parse_out to generate custom output instead of the matching line.


    Set $perfdata to generate custom performance data instead of the number of


    matching lines.  Note: if you set $parse_out, no context will be output,


    but you can parse it, and indeed you must use -C if you want to parse a


    line other than the current matching one.  In that case you should parse


    @line_buffer instead of $_.


-q, --quiet


    Suppress output of matched line(s) if state is OK.


--ultraq


    Suppress all output if state is OK, this option is suitable for cronjobs.


-Q, --no-header


    Suppress leading state and statistics info from output.


--no-perfdata


    Suppress the standard performance data output from the plugin.  Use this


    if your are using custom parsing code and generate your own perfdata.


--show-filename


    Print the name of the actual input file in the plugin output.  Useful in


    combination with dynamic filenames.





Other options:





--secure


    Disable all custom eval code features.  Overrides the -e and -E options.


--timeout=


    Override the plugin time-out timer (by default 15 seconds).  The plugin


    will return UNKNOWN if the plugin runs for more than this many seconds.


--no-timeout


    Equivalent to --timeout=0.








Support information:





-h, --help


    This help screen.


--manual


    The full manual.


-v, --version


    Print plugin version number and exit.





Send email to pmcaulay@evilgeek.net if you have questions regarding use of this


software, or to submit patches or suggest improvements.  Please include version


information with all correspondence (the output of the --version option).





This Nagios plugin comes with ABSOLUTELY NO WARRANTY. You may redistribute


copies of the plugins under the terms of the GNU General Public License.


For more information about these matters, see the file named COPYING.