AW: Alarms for log files

Helmut W. Januschka h.januschka at krone.at
Fri Sep 10 18:16:44 CEST 2004
Previous message: Alarms for log files
Next message: Alarms for log files
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Using a handmade log check script run it with -h

Wich stores the state and the last line num and just views LAST_LINE - > EOF at next run :)

So long

--------SNIP-------
#!/bin/bash

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

PROGNAME=`basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION=`echo '$Revision: 1.0 $' | sed -e 's/[^0-9.]//g'`

. $PROGPATH/utils.sh

print_usage() {
        echo -e "$REVISION\nWritten by Helmut Januschka(klewan at klewan.at)"
        echo -e "* Checks LOGFILE if given pattern is found"
        echo "---------------------Usage-----------------------------------------------"
        echo "-F LogFile Def: /var/log/messages"
        echo "-P Pattern to find (AWK LIKE REGEX)"
        echo "-w WARN if X entries found Def:1"
        echo "-c CRITICAL if X Entries found Def:2"
        echo "-h  Show This Help"
        echo "-------------------------------------------------------------------------"
        print_revision
}


#Defs:
CRIT=2;
WARN=1;
FL=/var/log/messages
PATTERN="klewan"

while getopts F:P:w:c:h o
do
        case $o in
        F) FL=$OPTARG;;
        P) PATTERN=$OPTARG;;
        w) WARN=$OPTARG;;
        c) CRIT=$OPTARG;;
        h) print_usage; exit $STATE_UNKOWN;;

        esac


done
####
# Build unique tmp File :)
UTMP=/var/tmp/nagios_`hostname`_`echo $FL|tr -s "/" "_"`.tmp
if [ -e "$UTMP" ]
then
        t=`cat $UTMP`;
        NM=`echo $t|tr -d [:blank:]`;
else
        echo 1 > $UTMP;
        NM=1;
fi;


STR="cat $FL|sed '1, $NM d'|awk '{if (\$0 ~ /$PATTERN/) {print}}'"
FOUND=`eval $STR|wc -l|tr -d [:blank:]`;
####################################
#
# Update last Line FILE UTMP
####################################
cat $FL|wc -l > $UTMP

#####################################
# ok
# lets do critical warn check :)
####################################
if [ $FOUND -ge $CRIT ]
then
        echo "CheckILog($FL/$PATTERN $NM-EOF)[critical] found $FOUND CRIT: $CRIT";
        exit $STATE_CRITICAL;
fi;

if [ $FOUND -ge $WARN ]
then
        echo "CheckILog($FL/$PATTERN Range: $NM-EOF)[warning] found $FOUND WARN: $CRIT";
        exit $STATE_WARNING;
fi;

        echo "CheckILog($FL/$PATTERN range: $NM-EOF)[Ok] found $FOUND";
        exit $STATE_OK;

-----SNIP-------


-----Ursprüngliche Nachricht-----
Von: Andreas Ericsson [mailto:ae at op5.se] 
Gesendet: Freitag, 10. September 2004 13:24
An: nagios-users at lists.sourceforge.net
Betreff: Re: [Nagios-users] Alarms for log files

Anton Krall wrote:
> Is there any way to configure a script for checking the logfiles every X
> minutes and if the word error is found, send out an alarm?
> 
> Ive thought this thru and so far seems difficult since if the word error is
> found, the alarm will go off but even after correcting the problem, the
> alarm would still go off since the word error would still be on the logfile.
> 
 > Any ideas?
 >

Use check_log2.pl, which maintains state through scans and only scans 
new lines. Remember so set max_check_attempts to 1 if you do, since it 
will never reach critical otherwise.

An alternative would be to truncate the logfile for every pass, but then 
you would need to duplicate them by some other means.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Alarms for log files
Next message: Alarms for log files
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list