Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1


Remember Me

Current Version
Last Release Date
Compatible With
  • Nagios 2.x
  • Nagios 3.x
  • Nagios 4.x
  • Nagios XI
  • Nagios Fusion
check_log3.plPlugin code (Perl)
check_log3.zipStandalone Win32 executable
check_customlog.plWrapper script for easier configuration
parameters.txtWrapper script configuration examples
nagios-plugins-check_log3-3.13-1.el7.noarch.rpmRPM package for RedHat Linux
nagios-plugins-check_log3-3.13-1.suse.noarch.rpmRPM package for SuSE Linux
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
An advanced log file regular expression-based parser plugin for Nagios (any flavour), written in Perl.
Supports variable log file names and Unicode.
Tested on Linux, AIX, Solaris and Windows.
No dependencies on third-party Perl modules.
This is version 3.13

Usage: [ -h | --help ]
Usage: [ -v | --version ]
Usage: --manual
Usage: [ -v | --list-encodings ]
Usage: -l log_file|log_directory (-p pattern [-p pattern ...])|-P patternfile)
[-i] [-n negpattern|-f negpatternfile ] [-s seek_file|seek_base_dir] [--show-filename]
([-m glob-pattern] [-t most_recent|first_match|last_match] [--timestamp=time-spec])
[-d] [-D] [-a] [-C {-|+}n] [-q] [-Q] ([-e '{ eval block }'|-E script_file]|--secure)
[--ok]|([-w warn_count] [-c crit_count] [--negate])
[--input-enc=encoding] [--output-enc=encoding] [--crlf]
[--missing=STATE [--missing-msg=message]]

This plugin scans arbitrary text files for regular expression matches.

Log file control:

-l, --logfile=
The log file to be scanned, or the fixed path component if -m is in use.
If this is a directory, -t and -m '*' is assumed.
-s, --seekfile=
The temporary file to store the seek position of the last scan. If not
specified, it will be automatically generated in /tmp, based on the
log file's base name. If this is a directory, the seek file will be auto-
generated there instead of in /tmp.
If you specify the system's null device (/dev/null), the entire log file
will be read every time.
-m, --logfile-pattern=
A glob(7) expression, used together with the -l option for selecting log
files whose name is variable, such as time stamped or rotated logs.
If you use this option, the -s option will be ignored unless it points to
either a directory or to the null device (/dev/null).
For selecting time stamped logs, you can use the following date(1)-like
expressions, which by default refer to the current date and time:
%Y = year
%y = last 2 digits of year
%m = month (01-12)
%d = day of month (01-31)
%H = hour (00-23)
%M = minute (00-59)
%S = second (00-60)
%w = week day (0-6), 0 is Sunday
%j = day of year (000-365)
Use the --timestamp option to refer to timestamps in the past.
-t, --logfile-select=most_recent|first_match|last_match
How to further select amongst multiple files when using -m:
- most_recent: select the most recently modified file
- first_match: select the first match (sorting alphabetically)
- last_match: select the last match (this is the default)
--timestamp='(X months|weeks|days|hours|minutes|seconds)... [ago]'
Use this option to make the time stamp macro's in the -m expression refer
to a time in the past, e.g. '1 day, 6 hours ago'. The shortcuts 'now' and
'yesterday' are also recognised. The default is 'now'.
If this expression is purely numerical it will be interpreted as seconds
since 1970-01-01 00:00:00 UTC.
Print the name of the actual input file in the plugin output.

Search pattern control:

-p, --pattern=
The regular expression to scan for in the log file. If specified more
than once, the patterns will be combined into an expression of the form
'pattern1|pattern2|pattern3|...' (but also see the -A option).
-P, --patternfile=
File containing regular expressions, one per line, which will be combined
into an expression of the form 'line1|line2|line3|...' (but also see -A).
-A, --and
Use AND instead of OR to combine multiple patterns specified via the -p or
-P options. A line must match all patterns to be counted as a match.
This is equivalent to '(?=.*pattern1)(?=.*pattern2)(?=.*pattern3)...'.
-n, --negpattern=
The regular expression to skip in the log file. Can be specified multiple
times, in which case they will be combined as 'pat1|pat2|pat3|...'.
-f, --negpatternfile=
Specifies a file with regular expressions which will all be skipped.
-i, --case-insensitive
Do a case insensitive scan.

Character set control:

--encoding=, --input-enc=
Force a particular encoding on the log file and pattern files (but not
custom eval scripts), such as utf-16, iso-8859-15, cp1252, koi8-r, etc.
For example, to read Windows Unicode files you probably need "utf16le".
Run the script with --list-encodings to see which encodings are supported.
Warning: if you use this option and the patterns specified on the command
line (with -p and -n) are not themselves in this encoding, you *must* use
pattern files! Also note that using this option is bad for performance.
Force a particular character encoding of the plugin output, as above.
The plugin's default output encoding is UTF-8.
Show which character set encodings this plugin supports, and exits.
Translate CRLF line endings to Unix newlines; use this if you are reading
logs generate on DOS/Windows PCs on a Unix machine and are getting '^M'
characters in the output. This option is also bad for performance.

Alerting control:

-w, --warning=
Return WARNING if at least this many matches found. The default is 1.
-c, --critical=
Return CRITICAL if at least this many matches found. The default is 0,
i.e. don't return critical alerts unless specified explicitly.
-d, --nodiff, --nodiff-warn
Return an alert if the log file was not written to since the last scan.
By default this will result in a WARNING if not at least one line was
written. If no search pattern was specified, the -w and -c options can
be used to control the number of expected lines.
-D, --nodiff-crit
Return CRITICAL if the log was not written to since the last scan. If no
search pattern was specified this is equivalent to '-d -c 1'.
--missing=STATE [ --missing-msg="message" ]
Return STATE instead of CRITICAL when no log file could be found, and
optionally output a custom message (by default "No log file found").
Note, if --missing is not specified, --missing-msg is ignored, and a
standard error message is returned.
Equivalent to --missing=OK (for backwards compatibility).
Always return an OK status to Nagios.
Inverts the meaning of the -w and -c options, i.e. returns an alert if not
at least this many matches are found. (Note: this option is not useful in
combination with --ok.)

Output control:

-N, --report-max=
Stop after matching a maximum of times.
Output a maximum of lines and skip the rest (move the seek pointer
to the end of the file). Takes precedence over --report-max.
-1, --stop-first-match
Stop at the first line matched, instead of the last one. It will make the
plugin report every single match (and implies an alerting threshold of 1).
Equivalent to --report-max=1.
Stop at the first line matched, but also skip the remainder of the file.
Use this option only when you are expecting many identical (or very similar)
matches but only want to see the first one, and to ignore all subsequent
matches until the next service check. Equivalent to --report-only=1.
-a, --output-all
Output all matching lines instead of just the last one. Note that the
plugin output may be truncated if it exceeds 4KB (1KB when using NRPE).
If used together with --report-max or --report-only, will affect output
but not stopping/EOF seeking behaviour.
-C, --context=[-|+]
Output lines of context before or after matched line; use -N for
N lines before the match, +N for N lines after the match (if possible) or
an unqualified number to get N lines before and after the match.
-e, --parse=
-E, --parse-file=
Custom Perl code block to parse each matched line with, or an external
script. If specified directly with -e the code should probably be in
curly brackets and quoted. It will be executed as a Perl 'eval' block.
If the return code of the custom code is non-zero the line is counted
against the threshold, otherwise it isn't and it will be as if the line
did not match the pattern after all (though it is counted as perfdata).
The current matching line will be passed to the eval code in $_.
Set $parse_out to generate custom output instead of the matching line.
Set $perfdata to generate custom performance data instead of the number of
matching lines. Note: if you set $parse_out, no context will be output,
but you can parse it, and indeed you must use -C if you want to parse a
line other than the current matching one. In that case you should parse
@line_buffer instead of $_.
Disable all custom eval code features. Overrides the -e and -E options.
-q, --quiet
Suppress output of matched line(s) if state is OK.
-Q, --no-header
Suppress leading state and statistics info from output.
Suppress the standard performance data output from the plugin. Use this
if your are using custom parsing code and generate your own perfdata.
Override the plugin time-out timer (by default 180 seconds). The plugin
will return UNKNOWN if the plugin runs for more than this many seconds.
Equivalent to --timeout=0.

Support information:

-h, --help
This help screen.
The full manual.

Send email to if you have questions regarding use of this software, or to submit patches or suggest improvements. Please include version information with all correspondence (the output of the --version option).

This Nagios plugin comes with ABSOLUTELY NO WARRANTY. You may redistribute copies of the plugins under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING.