server log plugin

Miguel Lanz edgarosy at gmail.com
Mon Apr 16 16:45:07 CEST 2012
Previous message: server log plugin
Next message: server log plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I am just starting with nagios and so far I have learned quite a bit and
have successfully setup multiple nagios checks on several servers and all
of them are working as expected.

I've been trying to setup the check_logfiles plugin to check for a pattern
like this: where someone attempted to login to one of my applications
several times within milliseconds. is there a way that I can configure the
nagios check_logfiles plugin to parse multiple login attempts as shown
below within seconds and send me an alert? of would it be better to write a
custom script to do that?

Thanks for your help.


77.221.134.186 - - [05/Apr/2012:08:06:23 -0600] "GET
/sms/login/emailpwd?uname=bossman2040&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET
/sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET
/sms/login/emailpwd?uname=suzzie&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:26 -0600] "GET
/sms/login/emailpwd?uname=BlackBox&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:27 -0600] "GET
/sms/login/emailpwd?uname=Bigboss83&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET
/sms/login/emailpwd?uname=copcarsonline&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET
/sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41 - - [05/Apr/2012:08:06:29 -0600] "GET
/sms/login/emailpwd?uname=juanyromo&email= HTTP/1.1" 200 5608 "-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-"
176.9.53.41


On Thu, Apr 5, 2012 at 1:24 PM, Edgarosy <edgarosy at gmail.com> wrote:

> Thank you Claudio.
>
> CONFIDENTIALITY NOTICE: This message and any attachment(s) are solely for
> the use of the intended recipient(s) identified above and may contain
> information that is proprietary, privileged, or confidential. If you are
> not an intended recipient, you may not review, retransmit, or otherwise use
> this message or any attachment. If you have received this message in error,
> please immediately notify the sender by reply e-mail and delete this
> message.
>
>
>
> On Apr 5, 2012, at 1:18 PM, Claudio Kuenzler <ck at claudiokuenzler.com>
> wrote:
>
> This one is probably the best one:
> http://labs.consol.de/lang/en/nagios/check_logfiles/
>
> On Thu, Apr 5, 2012 at 6:56 PM, Parkman, Mikhail <
> Mikhail_Parkman at cable.comcast.com> wrote:
>
>>  I need to perform the following tasks:****
>>
>> ** **
>>
>> ·  Demonstrated that Nagios alert is fired when certain messages are
>> logged in the application log file on the target (remote) host****
>>
>> ·  Nagios "info message" is fired when error condition is cleared.****
>>
>> ** **
>>
>> I found out “logwarn” plugin but I didn’t find detailed configuration
>> instructions for this plugin.****
>>
>> ** **
>>
>>
>> http://exchange.nagios.org/directory/Plugins/Log-Files/check_logwarn/details
>> ****
>>
>> ** **
>>
>> And another one – “check_logfiles” – this one is described better in my
>> opinion but referring to something called OPSVIEW that I don’t have any
>> idea about.****
>>
>> ** **
>>
>> http://www.osupport.net/2011/log-files-monitoring-with-nagios-opsview/***
>> *
>>
>> ** **
>>
>> ** **
>>
>> Did somebody have experience with well documented “check log” plugin, and
>> could recommend one so that the functionality of the recommended plugin
>> matches bulleted tasks in the beginning of this email that I have to
>> accomplish?****
>>
>> ** **
>>
>> Thanks.****
>>
>> Mikhail.****
>>
>> ** **
>>
>>
>> ------------------------------------------------------------------------------
>> Better than sec? Nothing is better than sec when it comes to
>> monitoring Big Data applications. Try Boundary one-second
>> resolution app monitoring today. Free.
>> http://p.sf.net/sfu/Boundary-dev2dev
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>


-- 
Edgar Lanz

"If nobody is perfect I must be nobody"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120416/6f4e5780/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: server log plugin
Next message: server log plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list