Nagios + Logsurfer or Swatch?

[Jim Mozley]

Emmett Hogan wrote:
> Thanks for the suggestions from everyone on this.
> 
> Most folks pointed me to check_log2.pl in the contrib directory of the 
> plugins distribution.  check_log2 is great for two reasons: 1) It's 
> written in PERL, so I can hack on it, 2) it takes regular expressions, 
> so you can bundle mutilple checks in one pass.
> 
> However, the major drawback to it, is that it returns only two states: 
> OK, or WARNING.  There are some log messages which I would consider 
> CRITICAL.  So, unless someone has a better suggestion...I think I will 
> hack check_log2 to take parameters like this:
> 
> check_log2.pl -l <log_file> -s <log_seek_file> -cp <pattern> [-cn 
> <negpattern>] -wp <pattern> [-wn <negpattern>]
> 
> Where "-cp" and "-cn" indicate the CRITICAL patterns to look for, and 
> "-wp" and "-wn" are the WARNING patterns.
> 
> Anybody see any potential problems with that?

I'd still suggest something like swatch/sec to process the log and pass 
passive checks into Nagios. It has some good points:

- nearer to real time

- log files aren't scanned each time

- fits in with using a central log server such as syslog-ng very well

- you could correlate events if you use sec

- can use it for things other than providing alarms for Nagios.

Jim Mozley


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null