Alarms for log files

Richard Luys richard.luys at vanderlet.nl
Fri Sep 10 13:10:22 CEST 2004

Previous message: Alarms for log files
Next message: Alarms for log files
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Sep 2004 04:57:47 -0500, Anton Krall 
<akrall-lists at intruder.com.mx> wrote:

> Is there any way to configure a script for checking the logfiles every X
> minutes and if the word error is found, send out an alarm?

Yes, there is. It's called check_log, and it's in the plugin-tarball (of 
not in the 1.3xx version it's in the 1.4.xxx).

Unfortunately, I found a problem in it:
It works with a copy of the logfile to check. Every time the check runs it 
uses diff to check what the new lines are, and greps those lines for the 
string you specified (ie error). This works fine until, for some reason, 
the original logfile is emptied. Then the diff matches all lines in the 
copy, and sends out a lot of notifications!

What I did to stop this from happening is this:
modify the line containing the diff statement, so that after the diff it 
greps only those lines that are in the original and not in the (older) 
copy. This can be done with 'grep \^\<'.

Also thought the tail-syntax was a bit weird, it uses tail -lines=1 
instead of just tail -1 (which is afaik a known option to most, if not 
all, tail's).

I did not post these modifications to the developers-list yet, but I guess 
that's the right place for it. So, I document it, and upload to that list, 
so the issue will hopefully be solved in the next release :)

Richard
>
> Ive thought this thru and so far seems difficult since if the word error 
> is
> found, the alarm will go off but even after correcting the problem, the
> alarm would still go off since the word error would still be on the 
> logfile.
>
> Any ideas?
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when 
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null

-- 
R. Luys
Vanderlet BV

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Alarms for log files
Next message: Alarms for log files
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list