[Nagios-users] status log documentation?

Skip Montanaro skip at pobox.com
Mon Sep 15 23:38:11 CEST 2003


    Marc> Here's the format of status.sav --
    Marc> http://www.nagios.org/faqs/viewfaq.php?faq_id=66&expand=false&showdesc=true

Much appreciated.

    Marc> that's only current info though. To determine historical data you
    Marc> would need to parse nagios.log and archives/*. While I'm not
    Marc> logging all data to nagios.log, the format looks pretty
    Marc> straightforward --

    Marc> [[timestamp]] SERVICE ALERT: [hostname];[service];[STATE];[HARD |
    Marc> SOFT];[check attempt?];[plugin output]
    Marc> [[timestamp]] HOST ALERT: [hostname];[STATE];[HARD | SOFT];[check
    Marc> attempt?];[plugin output]

What do you mean when you say, "While I'm not logging all data to
nagios.log..."?  I understand that you peeked at the nagios.log file and
came up with a plausible description of the format, but don't understand how
that phrase related to that fact.  Maybe my internal English parser has a
grouping error and I'm just reading that sentence wrong.

Thanks for the clues on the format of the nagios.log files.  That looks for
the most part like what I need.  I'm mostly after current service/host
status and percent uptime for the past week.

Note to the folks working on Nagios 2.0: It would be real nice if you made
the log file format an actual CSV file (a semicolon delimiter is fine).
You're about 90% of the way there as it is.  For the most part, all you need
to do is make sure each bit of data is in its own field and make sure the
delimiter (semicolon in this case) is properly quoted wherever it appears.
For example, instead of

    [1063642433] SERVICE ALERT: ns.northwestern.edu;PH;OK;SOFT;2;OK - query succeeded

this would be nicer:

    1063642433;SERVICE ALERT;ns.northwestern.edu;PH;OK;SOFT;2;OK - query succeeded

and if the plugin output contained a semicolon, it would be quoted with
"...".  That would allow CSV parsers available for Python and Perl (and
probably several other languages) to suck that data in with no muss or fuss.
A first line containing column names in each file would also be useful.
In situations where you log varying types of data to the file, e.g.:

    [1063643414] LOG ROTATION: DAILY
    [1063643951] Auto-save of retention data completed successfully.
    [1063644861] SERVICE ALERT: mojam;HTTP;CRITICAL;SOFT;1;Socket timeout after 10 seconds

all you need to do is make sure that the second field always reflects the
type of message:

    1063643414;LOG ROTATION;DAILY
    1063643951;Message;Auto-save of retention data completed successfully.
    1063644861;SERVICE ALERT;mojam;HTTP;CRITICAL;SOFT;1;Socket timeout after 10 seconds

-- 
Skip Montanaro
Got gigs? http://www.musi-cal.com/
          http://www.mojam.com/
Got spam? http://spambayes.sf.net/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf




More information about the Developers mailing list