check_log script errors

[Carroll, Jim P [Contractor]]

To find out the particulars of seek/tell, do a "man perlfunc" and search for
"seek" or "tell".  In a nutshell, 'tell' reports the current position that
perl has within a file, and 'seek' effectively moves you to that byte offset
in the file.

Instead of copying the entire logfile to a temporary location (which is what
check_log does), check_log2.pl will merely write the positional value (from
'tell') to a tempfile.  Worst case scenario is that your seekfile will be
log(n) + 1 of the size of your logfile.  E.g., if your /var/log/messages is
1,000,000 bytes long, then your seek file will be 7 bytes long.

This approach also has the advantage that you don't start each search from
the beginning of the file, doing a bytewise comparison of things which have
already been checked before.

Here's what I'm using in my nrpe.cfg (or at least, the relevant lines for my
Linux boxen - pardon the wordwrap):

command[linux_log_warn]=/home/nagios/libexec/check_log2 -l /var/log/messages
-s /home/nagios/.messages_warn.seek -p "WARN|Warn|warn|httpd.conf"

command[linux_log_err]=/home/nagios/libexec/check_log3 -l /var/log/messages
-s /home/nagios/.messages_err.seek -p "ERR|Err|err|PANIC|Panic|panic|File
system full" -n " nrpe| sshd|httpd.conf"

By now you're probably wondering a couple things.  Allow me to jump ahead of
you:

1) "What happened to the .pl extension?"

I renamed the file.  None of the other plugins show their extensions.  If
you don't want to rename it, you shouldn't need to.  Your choice.

2) "What's this check_log3 plugin?"

It's virtually an identical copy of check_log2.  Here's a diff (explanation
to follow):

$ diff check_log2 check_log3
146c146
<         exit $ERRORS{'WARNING'};
---
>         exit $ERRORS{'CRITICAL'};

I effectively use check_log2 to report on 'warning' problems, and check_log3
to report on 'critical' problems.  Ideally there would be a way to pass "-w"
and/or "-c" on the command line so that the appropriate return code is
evoked.  I'm using a kludge, but it seems to do the trick.

HTH.  Let me know if you're still having problems.

jc


> -----Original Message-----
> From: Daniel_Casey at jbhunt.com [mailto:Daniel_Casey at jbhunt.com]
> Sent: Friday, January 31, 2003 9:34 AM
> To: Carroll, Jim P [Contractor]
> Cc: nagios-users at lists.sourceforge.net
> Subject: RE: [Nagios-users] check_log script errors
> 
> 
> 
> I guess I'm not understanding how to use the script.  I type:
> 
> ./check_log2.pl -l /tmp/down.log -p Warning
> 
> I get "Seek file not specified."  What does the -s <seek file> do?
> 
> I run this and it works:
> 
> ./check_log2.pl -l /tmp/down.log -s /tmp/down.log.seek -p Warning
> 
> Is the .seek file just a place-holder the script uses?  I 
> read the comments
> about
> using the .seek file to check size...is the seek file a copy 
> of the logfile
> that you
> look at instead of the actual logfile?
> 
> Thanks. again for the help!  Script looks like it will work perfectly!
> 
> 


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com