Anyone using syslog-ng / sec for host log monitoring?

Daniel maher dmaher at acetechnology.com
Fri Jun 3 15:20:32 CEST 2005

Previous message: Anyone using syslog-ng / sec for host log monitoring?
Next message: how to send a single alert to one contact, and multiple to another?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, I can't speak to your configuration (i.e. sec), but what worked
for me was just writing a little script (as a plugin) to check the logs
for whatever given pattern.

Basically, I pass two variables to the script from the plugin
definition: the target log file (i.e. host), and the pattern I'm
interested in, such as "[CRITICAL] Backup Exec failed!" (or whatever),
via a simple regex.

The script maintains a tiny flat-file with the names of the logs it has
read, and the last byte it read from them.  It then reads the log from
the next character, looking for the pattern.  It then returns the
appropriate error code and message, updates the flat-file, and that's
that.

I'm sure I could have used check_log, but at the time, I was pretty new
to Nagios, and I didn't know it existed. :P


Daniel Maher
System Engineer
ACE TECHNOLOGY INC.
 
 
-----Original Message-----
From: Brian Huffman [mailto:bhuffman at incyte.com] 
Sent: June 3, 2005 9:09 AM
To: Daniel maher; nagios-users at lists.sourceforge.net
Subject: RE: [Nagios-users] Anyone using syslog-ng / sec for host log
monitoring?

What do you use to do the actual filtering / pattern matching?
Currently I have syslog-ng running on my nagios box but with two
destinations:  1 file per machine and then one stream which I pipe to
sec.  This works, but makes it tricky to maintain a configuration file
for sec, which takes into account differences in each server.

Thanks,
Brian

-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Daniel
maher
Sent: Thursday, June 02, 2005 5:07 PM
To: nagios-users at lists.sourceforge.net
Subject: RE: [Nagios-users] Anyone using syslog-ng / sec for host log
monitoring?

I've currently got a site set up where numerous Windows and Linux
machines are reporting to the Nagios box, which is running syslog-ng.
I've got syslog-ng set up to pipe each log stream to a separate file,
which helps to keep things nice and segregated; this, of course, also
means that I don't have to worry about writing match strings with the
server name, since each server has it's own file.


Daniel Maher
System Engineer
ACE TECHNOLOGY INC.
 
 

-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Brian
Huffman
Sent: June 2, 2005 4:25 PM
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] Anyone using syslog-ng / sec for host log
monitoring?

If so, are you running sec locally for each host or are you using
syslog-ng to consolidate all logs on one central host and then running
sec there?  I am currently consolidating all syslogs on one server (my
nagios server) and then using sec to parse all messages as they come in.
I'm finding that it's a little trickier to write the match strings when
you have to take the server name into account.

Thanks,
Brian


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=fad-ysdn-ostg-q22005
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=fad-ysdn-ostg-q22005
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Anyone using syslog-ng / sec for host log monitoring?
Next message: how to send a single alert to one contact, and multiple to another?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list