NAGIOS reporting through SAWMILL
'Sebastien Barbereau'
barbereau at easynet.fr
Fri Apr 23 13:15:22 CEST 2004
Well I forgot the attachment ... :)
sorry
Install instruction may also be usefull:
"
To use this log format plug-in, put it in the LogFormats folder of the LogAnalysisInfo folder in your Sawmill installation folder. Some mail programs may add a .dat extension on this file; if this happens, remove that extension-- the filename should have no extension. Then create a new configuration using your log data. Sawmill should automatically recognize the format, and set up the configuration appropriately. Please let me know if you have any problem with this plug-in.
"
Again sorry I've forgot the attachment.
On Fri, Apr 23, 2004 at 11:49:34AM +0200, Thomas Guldener wrote:
> Who is the attachement?
>
> Greats
> Thomas
>
> *********************************************************************
> Thomas Guldener T: +41 (0)43 388 99 99
> Network Operations Engineer direct 99 07
> Monzoon Networks AG F: +41 (0)43 388 99 88
> Riedhofstrasse 124 M: +41 (0)76 339 93 17
> CH-8105 Regensdorf
>
> mailto:tguldener at monzoon.net http://www.monzoon.net
> *********************************************************************
> ------------>> sent via monzoon secure wireless access <<------------
> > -----Original Message-----
> > From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
> > admin at lists.sourceforge.net] On Behalf Of Sebastien Barbereau
> > Sent: Freitag, 23. April 2004 09:29
> > To: nagios-users at lists.sourceforge.net
> > Subject: [Nagios-users] NAGIOS reporting through SAWMILL
> >
> > Hi,
> > for those interested the sawmill product team: http://sawmill.net/ has
> > provided
> > a Nagios logFormat analysis package (see attachment).
> >
> > From the website: "Sawmill is a powerful, hierarchical log analysis tool
> > that runs on every major platform. It is particularly well suited to web
> > server logs, but can process almost any log. The reports that Sawmill
> > generates are hierarchical, attractive, and heavily cross-linked for easy
> > navigation. Complete documentation is built directly into the program."
> >
> > I've put some screenshot here: http://barbich.net/sawmill
> >
> > Regards,
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> > For a limited time only, get FREE Ground shipping on all orders of $35
> > or more. Hurry up and shop folks, this offer expires April 30th!
> > http://www.thinkgeek.com/freeshipping/?cpg=12297
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> > reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
> ** ACCEPT: CRM114 PASS Markovian Matcher **
> CLASSIFY succeeds; success probability: 1.0000 pR: 19.9612
> Best match to file #0 (nonspam.css) prob: 1.0000 pR: 19.9612
> Total features in input file: 10288
> #0 (nonspam.css): features: 1445968, hits: 41531322, prob: 1.00e+00, pR: 19.96
> #1 (spam.css): features: 1860048, hits: 50620449, prob: 1.09e-20, pR: -19.96
>
>
> -=-Extra Stuff-=-
>
> From seb Fri Apr 23 11:50:08 2004
> Return-path: <tguldener at monzoon.net>
> Delivery-date: Fri, 23 Apr 2004 11:49:37 +0200
> Received: from pop.easynet.fr [212.180.1.61]
> by localhost with POP3 (fetchmail-5.9.0)
> for seb at localhost (single-drop); Fri, 23 Apr 2004 11:50:08 +0200 (CEST)
> Received: from [10.0.1.57] (helo=easyradius3.easyradius.easynet.fr)
> by mailhub1.mail.easynet.fr with esmtp (Exim 3.35 #1 (Debian))
> id 1BGxJR-0001RL-00
> for <barbereau at easynet.fr>; Fri, 23 Apr 2004 11:49:37 +0200
> Received: from [80.254.79.155] (helo=mail.monzoon.net)
> by easyradius3.easyradius.easynet.fr with esmtp (Exim 4.31)
> id 1BGxJQ-0003Is-Cc
> for barbereau at easynet.fr; Fri, 23 Apr 2004 11:49:37 +0200
> Received: from [127.0.0.1] (helo=localhost)
> by mail.monzoon.net with esmtp (Exim 4.31; FreeBSD)
> id 1BGxJP-000CF4-Qg
> for barbereau at easynet.fr; Fri, 23 Apr 2004 09:49:35 +0000
> Received: from mail.monzoon.net ([127.0.0.1])
> by localhost (ziq00mx0.zh.ch.monzoon.net [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id 42545-03 for <barbereau at easynet.fr>;
> Fri, 23 Apr 2004 09:49:35 +0000 (GMT)
> Received: from [81.6.3.134] (helo=shorty001)
> by mail.monzoon.net with esmtp (Exim 4.31; FreeBSD)
> id 1BGxJP-000CEz-1P
> for barbereau at easynet.fr; Fri, 23 Apr 2004 09:49:35 +0000
> From: "Thomas Guldener" <tguldener at monzoon.net>
> To: "'Sebastien Barbereau'" <barbereau at easynet.fr>
> Subject: RE: [Nagios-users] NAGIOS reporting through SAWMILL
> Date: Fri, 23 Apr 2004 11:49:34 +0200
> Organization: MONZOON Networks AG
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Mailer: Microsoft Office Outlook, Build 11.0.5510
> In-Reply-To: <20040423092918.A10749 at ns3531.ovh.net>
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2096
> Thread-Index: AcQpBWUKVaQNwJ59S2qv8Kq7iz2xDQAEtXuw
> X-Virus-Scanned: by Monzoon Virus Scanner at monzoon.net
> X-Spam-Score: -4.5
> X-Spam-Report: Content analysis details: (-4.5 points, 10.0 required)
> pts rule name description
> ---- ---------------------- -------------------------------------------
> -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.4 AWL AWL: Auto-whitelist adjustment
> X-Spam-Level: ----
> Message-Id: <E1BGxJR-0001RL-00 at mailhub1.mail.easynet.fr>
> Delivered-To: barbereau at easynet.fr
>
> Who is the attachement?
>
> Greats
> Thomas
>
> *********************************************************************
> Thomas Guldener T: +41 (0)43 388 99 99
> Network Operations Engineer direct 99 07
> Monzoon Networks AG F: +41 (0)43 388 99 88
> Riedhofstrasse 124 M: +41 (0)76 339 93 17
> CH-8105 Regensdorf
>
> mailto:tguldener at monzoon.net http://www.monzoon.net
> *********************************************************************
> ------------>> sent via monzoon secure wireless access <<------------
> > -----Original Message-----
> > From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
> > admin at lists.sourceforge.net] On Behalf Of Sebastien Barbereau
> > Sent: Freitag, 23. April 2004 09:29
> > To: nagios-users at lists.sourceforge.net
> > Subject: [Nagios-users] NAGIOS reporting through SAWMILL
> >
> > Hi,
> > for those interested the sawmill product team: http://sawmill.net/ has
> > provided
> > a Nagios logFormat analysis package (see attachment).
> >
> > From the website: "Sawmill is a powerful, hierarchical log analysis tool
> > that runs on every major platform. It is particularly well suited to web
> > server logs, but can process almost any log. The reports that Sawmill
> > generates are hierarchical, attractive, and heavily cross-linked for easy
> > navigation. Complete documentation is built directly into the program."
> >
> > I've put some screenshot here: http://barbich.net/sawmill
> >
> > Regards,
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
> > For a limited time only, get FREE Ground shipping on all orders of $35
> > or more. Hurry up and shop folks, this offer expires April 30th!
> > http://www.thinkgeek.com/freeshipping/?cpg=12297
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> > reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
>
> -0-0-0-
-------------- next part --------------
#
# Nagios Log Format
#
# Sawmill log format description file. Copyright (c) 2004 Flowerfire.
#
# The name of the log format
log_file_format "Nagios Log Format"
log_data_type generic
# This log format cannot meaningfully track the following types of database data.
# Possible options for $notsupported are daybyday, individualhosts,
# sessions, sessionpages, hits, bandwidth, pageviews, and visitors.
$notsupported individualhosts
$notsupported sessions
$notsupported sessionpages
$notsupported bandwidth
$notsupported visitors
$notsupported pageviews
# The log is in this format if any of the first ten lines match this regular expression
log_format_autodetect_regular_expression
'^\[[0-9]+\] LOG ROTATION'
# The format of dates and times in this log
log_date_format seconds_since_jan1_1970
log_time_format seconds_since_jan1_1970
# All log field parsing will be done using the parsing filters
parse_only_with_filters true
# A log entry is called an event
entry_name event
#
# LOG FIELDS INFORMATION
#
# This describes the fields of the log file.
#
# The log fields have the following parameters:
#
# TYPE: the log field type. Valid types include page, date/time,
# host, url, agent, size, integer, hierarchical, and flat.
# INDEX: the position of the field in the log entry. The first field is index 1, second is 2, etc.
# SUBINDEX: the position of the subfield inside the quoted field. The first subfield is subindex 1, etc.
# DIVIDERS: the characters which divide hierarchy levels in this field; e.g. / for page and . for hostname.
# LEFT-TO-RIGHT: true if the field is structured left-to-right, with enclosing items at the left (like a URL).
# LEADING-DIVIDER: true if the field has a leading divider (like a page field, /dir1/file.html).
# CASE-SENSITIVE: true if the field is case sensitive
#
log_field_info
standard
# NAME TYPE INDEX SUBINDEX DIVIDERS LEFT-TO-RIGHT LEADING-DIVIDER CASE-SENSITIVE (leave blank)
date/time date/time 0 0 "" false false false ""
type flat 0 0 "" false false false ""
host flat 0 0 . false false false ""
service flat 0 0 "" false false false ""
status flat 0 0 "" false false false ""
state flat 0 0 "" false false false ""
retry flat 0 0 "" false false false ""
"notification command" flat 0 0 "" false false false ""
message flat 0 0 "" false false false ""
contact flat 0 0 "" false false false ""
field_end
#
# LOG PARSING FILTERS
#
# This describes the log parsing filters.
#
# The filers have the following layout:
#
# (type)
# (A:) (left-exp) (left-exp-val) (operator) (right-exp) (right-exp-val)
# (B:) (then-stmt-type) (then-value1) (then-value2) (then-field1) (then-field2)
# (C:) (else-stmt-type) (else-value1) (else-value2) (else-field1) (else-field2)
#
#
log_parsing_filters
standard
# Parse first fields
do_b
"" "" "" "" ""
collect_multiple_fields_regexp "()\[([0-9]+)\] ([^:]+): ([^;]+);" "*KEY*,date/time,type" "" ""
goto_next_filter "" "" "" ""
""
# Parse SERVICE ALERT lines
do_b
"" "" "" "" ""
collect_multiple_fields_regexp "()\[[0-9]+\] SERVICE ALERT: ([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);([^;]+)$" "*KEY*,host,service,status,state,retry,message" "" ""
goto_next_filter "" "" "" ""
""
# Parse HOST ALERT lines
do_b
"" "" "" "" ""
collect_multiple_fields_regexp "()\[[0-9]+\] HOST ALERT: ([^;]+);([^;]+);([^;]+);([^;]+);([^;]+)$" "*KEY*,host,status,state,retry,message" "" ""
goto_next_filter "" "" "" ""
""
# Parse NOTIFICATION lines
do_b
"" "" "" "" ""
collect_multiple_fields_regexp "()\[[0-9]+\] [A-Z]+ NOTIFICATION: ([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);([^;]+)$" "*KEY*,contact,host,status,notification command,message" "" ""
goto_next_filter "" "" "" ""
""
# Accept this line
do_b
"" "" "" "" ""
accept_multiple_fields_regexp "()" "" "" ""
goto_next_filter "" "" "" ""
""
filter_end
#
# DATABASE FIELDS INFORMATION
#
# This describes the fields of the database (the data which will be tracked and summarized in the statistics)
#
# The database fields have the following parameters. See Hierarchies in the docs for information about hierarchies.
#
# LOG-FIELD: the name of the log field to track (may be a derived field)
# SUPPRESS-TOP: the number of levels to suppress at the top of the hierarchy
# SUPPRESS-BOTTOM: the number of levels to suppress at the bottom of the hierarchy
# INCLUDE_BOTTOM: true to always include all bottom-level items, regardless of SUPPRESS-BOTTOM
#
database_field_info
standard
# LOG-FIELD SUPPRESS-TOP SUPPRESS-BOTTOM INCLUDE-BOTTOM (leave-blank)
date/time 0 3 false ""
"day of week" 0 2 false ""
"hour of day" 0 2 false ""
type 0 2 false ""
host 0 2 false ""
service 0 2 false ""
status 0 2 false ""
state 0 2 false ""
retry 0 2 false ""
"notification command" 0 2 false ""
message 0 2 false ""
contact 0 2 false ""
field_end
#
# LOG FILTERS
#
# This describes the log filters.
#
# The filters have the following layout:
#
# (type)
# (A:) (left-exp) (left-exp-val) (operator) (right-exp) (right-exp-val)
# (B:) (then-stmt-type) (then-value1) (then-value2) (then-field1) (then-field2)
# (C:) (else-stmt-type) (else-value1) (else-value2) (else-field1) (else-field2)
# ""
#
log_filters
standard
# This filter copies the hostname field to the "visitor id" field, so Sawmill will use hostnames as visitor ids.
do_b
"" "" "" "" ""
copy_field "" "" "visitor id" host
goto_next_filter "" "" "" ""
""
filter_end
More information about the Users
mailing list