scan_daily_log

nagios plugin to scan for multiple patterns in a daily log file (ksh script)
author: Sergei Haramundanis 27-Apr-2006

Description:

This plugin will scan a daily log file (specified by the argument) for a set of patterns listed in the pattern data file (specified by the argument).

This plugin differs from the scan_log plugin in that the log file specified can contain a date template in the format of yyyymmdd and the plugin will replace the date template with the current date, e.g.:

log_file_to_scan: ncftpd_eventd_yyyymmdd.log
when run it will look for the file: ncftpd_eventd_20060427.log

This is useful to scan logs which change dynamically with the current date on a daily basis.

When initially started, this plugin creates empty .new and .old files
which are used to contain any pattern matches it finds during the scan. The pattern matches found in the log file are appended to the .new file, and a diff is executed on the .new and .old files to determine if any new patterns have been found.

Note that this potentially uses much less disk space than check_log as it does not depend on an entire copy of the log file to scan for differences.

Lines beginning with # or blank lines in the pattern data file are ignored.

Output:

During any run of the plugin, if differences between the .new and .old pattern matches found exist it will return a WARNING state and provide a message in the following format:

[line count of diff] last line of diff of .new and .old files

if no differences between .new and .old files exist it will return an OK state with the message:

0 differences found

10-Nov-2006 version 1.1 update includes:
1. returning elapsedTimeSecs performance data

10-May-2007 version 2.1 update includes:
1. support for check_from_time and check_to_time to control monitor timeframe (if you don't want to use this specify values 0000 and 2359)
2. include reinitializing .new and .old files if .new file is smaller after scan