centralized syslogging & notifications

Jamie Baddeley jamie.baddeley at vpc.co.nz
Fri Jul 18 08:48:25 CEST 2003


Hi Jim,

Having syslog on the same host as nagios IMHO is a good idea. Faffing around 
with syslog's conf to copy the right messages to nagios_host syslog instead 
of a full move is an alternative. I assume you've looked at check_log2?

jamie

On Fri, 18 Jul 2003 10:03, Carroll, Jim P wrote:
> Greets to all.
>
> Lately I've been pondering/revisiting the whole issue of how best to
> manage/respond to lines worthy of critical/warning events which show
> up in /var/log/messages.  Here's what I'm doing today:
>
> - all hosts log to xloghost (alias for another host)
> - xloghost is running NRPE client
> - NRPE kicks off the Perl version of check_log
> - if match found return string/code to NRPE
>
> Sounds good so far.  However:
>
> - Nagios reports a problem on 'xloghost', not on the host in question
> - if notifications for host 'foobar' have been disabled, this doesn't
>   stop notifications being relayed by from 'xloghost'; if check_log finds
>   a matching string, it doesn't care about host details
>
> Possible steps to improve the situation:
>
> - move xloghost (centralized syslogging) to Nagios host
> - munge check_log (Perl version) to inject proper details into nagios.cmd
>   (reporting on actual host, not xloghost), and run from cron
> - additional munge to check_log to possibly report first (not last)
>   line of log output
>
> Wish list:
>
> - when syslog catches multiple lines of related output:
>   - the whole lot would be forwarded to the appropriate contacts
>     via e-mail
>   - a modest snippet gets sent to the pager contacts (longer pages
>     can be split into 2 or 3 chunks and sent as separate pages)
>   - the whole lot gets appended (with a separator) to an HTML file
>     which can be accessed via notes_url
>
> Comments?  Critiques?  Suggestions and improvements?  Enlightened input?
>
> jc
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
> ::: Please include Nagios version, plugin version (-v) and OS when
> ::: reporting any issue. Messages without supporting info will risk being
> ::: sent to /dev/null


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list