logfile scraping

Alex Kuehne kuehne at sietec.de
Fri Sep 27 10:02:21 CEST 2002

Previous message: logfile scraping
Next message: check_nt CPULOAD unit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 > -----Original Message-----
 > From: Carroll, Jim P [Contractor] [mailto:jcarro10 at sprintspectrum.com]
 > Sent: Thursday, September 26, 2002 11:22 PM
 > To: nagios-users at lists.sourceforge.net
 > Subject: [Nagios-users] logfile scraping
 >
 >
 > I just wanted to check with everyone regarding the way
 > they're checking
 > logfiles for strings to be alerted on.  For example:
 >
 > - check /var/adm/messages for 'panic'/'PANIC'/'Panic'
 > - check /var/adm/messages for 'err'/'ERR'/'Err'
 > - check /var/adm/messages for 'warn'/'WARN'/'Warn'
 >
 > I've mentioned before that check_log doesn't work (for me)
 > and that the
 > design seems inferior to the contributed Perl-based
 > check_log2 script.  But
 > I'm open to suggestions.
 >
 > What way are you sifting through logfiles?  Standard plugin?  
 > Something you
 > wrote?  How reliable has it been?  Have you missed anything
 > you should have
 > been alerted on?  Has your solution misbehaved, or has it
 > been reasonably
 > robust?  If you did something which the average sysadmin
 > wouldn't jump on,
 > but in retrospect seems particularly clever, share your approach and
 > reasoning.
 >
 > I'd like to stay away from 3rd party utilities (eg, SWATCH)
 > where possible.
 >
 > I'm also interested in knowing whether you're scraping the
 > logfiles on the
 > hosts themselves, or whether you opted for a central syslog host for
 > scraping, and the trials and tribulations and the "if I could
 > do it over
 > again, I would (not) do it this way again" sort of feedback.

Currently I am developing as result of my Bachelor thesis a system,
which checks syslog messages. It has a perl daemon which checks
each log line for certain words implying bad things on the basis of
a MySQL database. When such a word is found the perl daemon
writes into Nagios external command file. Then Nagios sends an
email to alert me.

My Nagios host is also my central syslog host in my network.
I write all the logs into a MySQL database for later analysis. The
database is on a dedicated host.

On the frontend there is a user interface relying on Apache/mod_perl,
designed like Nagios event log page.

I am planning to release a beta in 4 -5 weeks on my homepage.

Best regards
Alex Kuehne


--
Network Manager, SAG, Berlin, Germany







-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Previous message: logfile scraping
Next message: check_nt CPULOAD unit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list