Alarms for log files
Anton Krall
akrall-lists at intruder.com.mx
Fri Sep 10 22:30:27 CEST 2004
This one looks very promising.. Ill try it out.. Thx Helmut
------------------------------------
Intruder Consulting
Anton Krall
Director General
akrall at intruder.com.mx
tel: 5781-5112
mobile: 1325-3511
IM: akrall at intruder.com.mx
www.intruder.com.mx
------------------------------------
%-----Original Message-----
%From: nagios-users-admin at lists.sourceforge.net
%[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of
%Helmut W. Januschka
%Sent: Viernes, 10 de Septiembre de 2004 11:17 a.m.
%To: Andreas Ericsson; nagios-users at lists.sourceforge.net
%Subject: AW: [Nagios-users] Alarms for log files
%
%Using a handmade log check script run it with -h
%
%Wich stores the state and the last line num and just views
%LAST_LINE - > EOF at next run :)
%
%So long
%
%--------SNIP-------
%#!/bin/bash
%
%export
%PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
%
%PROGNAME=`basename $0`
%PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
%REVISION=`echo '$Revision: 1.0 $' | sed -e 's/[^0-9.]//g'`
%
%. $PROGPATH/utils.sh
%
%print_usage() {
% echo -e "$REVISION\nWritten by Helmut
%Januschka(klewan at klewan.at)"
% echo -e "* Checks LOGFILE if given pattern is found"
% echo
%"---------------------Usage------------------------------------
%-----------"
% echo "-F LogFile Def: /var/log/messages"
% echo "-P Pattern to find (AWK LIKE REGEX)"
% echo "-w WARN if X entries found Def:1"
% echo "-c CRITICAL if X Entries found Def:2"
% echo "-h Show This Help"
% echo
%"--------------------------------------------------------------
%-----------"
% print_revision
%}
%
%
%#Defs:
%CRIT=2;
%WARN=1;
%FL=/var/log/messages
%PATTERN="klewan"
%
%while getopts F:P:w:c:h o
%do
% case $o in
% F) FL=$OPTARG;;
% P) PATTERN=$OPTARG;;
% w) WARN=$OPTARG;;
% c) CRIT=$OPTARG;;
% h) print_usage; exit $STATE_UNKOWN;;
%
% esac
%
%
%done
%####
%# Build unique tmp File :)
%UTMP=/var/tmp/nagios_`hostname`_`echo $FL|tr -s "/" "_"`.tmp
%if [ -e "$UTMP" ] then
% t=`cat $UTMP`;
% NM=`echo $t|tr -d [:blank:]`;
%else
% echo 1 > $UTMP;
% NM=1;
%fi;
%
%
%STR="cat $FL|sed '1, $NM d'|awk '{if (\$0 ~ /$PATTERN/) {print}}'"
%FOUND=`eval $STR|wc -l|tr -d [:blank:]`;
%####################################
%#
%# Update last Line FILE UTMP
%####################################
%cat $FL|wc -l > $UTMP
%
%#####################################
%# ok
%# lets do critical warn check :)
%####################################
%if [ $FOUND -ge $CRIT ]
%then
% echo "CheckILog($FL/$PATTERN $NM-EOF)[critical] found
%$FOUND CRIT: $CRIT";
% exit $STATE_CRITICAL;
%fi;
%
%if [ $FOUND -ge $WARN ]
%then
% echo "CheckILog($FL/$PATTERN Range: $NM-EOF)[warning]
%found $FOUND WARN: $CRIT";
% exit $STATE_WARNING;
%fi;
%
% echo "CheckILog($FL/$PATTERN range: $NM-EOF)[Ok] found $FOUND";
% exit $STATE_OK;
%
%-----SNIP-------
%
%
%-----Ursprüngliche Nachricht-----
%Von: Andreas Ericsson [mailto:ae at op5.se]
%Gesendet: Freitag, 10. September 2004 13:24
%An: nagios-users at lists.sourceforge.net
%Betreff: Re: [Nagios-users] Alarms for log files
%
%Anton Krall wrote:
%> Is there any way to configure a script for checking the
%logfiles every
%> X minutes and if the word error is found, send out an alarm?
%>
%> Ive thought this thru and so far seems difficult since if the word
%> error is found, the alarm will go off but even after correcting the
%> problem, the alarm would still go off since the word error
%would still be on the logfile.
%>
% > Any ideas?
% >
%
%Use check_log2.pl, which maintains state through scans and
%only scans new lines. Remember so set max_check_attempts to 1
%if you do, since it will never reach critical otherwise.
%
%An alternative would be to truncate the logfile for every
%pass, but then you would need to duplicate them by some other means.
%
%--
%Andreas Ericsson andreas.ericsson at op5.se
%OP5 AB www.op5.se
%Lead Developer
%
%
%-------------------------------------------------------
%This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of
%170 Project Admins to receive an Apple iPod Mini FREE for your
%judgement on who ports your project to Linux PPC the best.
%Sponsored by IBM.
%Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
%_______________________________________________
%Nagios-users mailing list
%Nagios-users at lists.sourceforge.net
%https://lists.sourceforge.net/lists/listinfo/nagios-users
%::: Please include Nagios version, plugin version (-v) and OS
%when reporting any issue.
%::: Messages without supporting info will risk being sent to /dev/null
%
%
%-------------------------------------------------------
%This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of
%170 Project Admins to receive an Apple iPod Mini FREE for your
%judgement on who ports your project to Linux PPC the best.
%Sponsored by IBM.
%Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
%_______________________________________________
%Nagios-users mailing list
%Nagios-users at lists.sourceforge.net
%https://lists.sourceforge.net/lists/listinfo/nagios-users
%::: Please include Nagios version, plugin version (-v) and OS
%when reporting any issue.
%::: Messages without supporting info will risk being sent to /dev/null
%
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list