check_log not working properly
Neil
neil-on-nagios at restricted.dyndns.org
Thu Feb 12 14:58:28 CET 2004
Hi Jim,
Thank you very much. I really appreciate it. I will look and implement it
once I get back to the office. :)
Jim Mozley writes:
> Neil wrote:
>
>> Jim Mozley writes:
>>
>>> Based on fictitious example for monitoring sonet network events using
>>> syslog (I have a plugin to do this via SNMP but the principle is the
>
> ... <snip explanation> ...
>
>>> is one unified set of notification mechanisms, etc. Otherwise using just
>>> swatch (email alerts for instance) you have a second system to
>>> administer.
>>
>>
>> First of all, thanks for the explanation above. I got your idea although,
>> I am a little lost. If it's alright with you, can you provide me with a
>> sample entry of each line for each configuration files. You can obscure
>> the ip addresses if there are any listed. You also mentioned on the other
>> emails that you can provide me with syslog-ng conf too. Is it ok too? :)
>> This will speed me up about understanding how this process works.
>> Thanks.
>> Neil
>
> Better late than never I hope. The following is a setup for using
> syslog-ng, swatch and a script to pass passive events into Nagios. This is
> based on getting syslog messages from a set of network devices, although
> the same principle would apply to hosts. I've tried to make the example
> fairly generic, for instance we generate the nagios config for this
> automatically from device configurations, so please don't copy/paste this
> without understanding what's going on.
>
> 1. Define services in Nagios. For instance if you want to monitor MPLS
> messages for each network device define an MPLS service as below.
>
> #Service definition template
> define service{
> name mpls-service-template
> active_checks_enabled no
> passive_checks_enabled 1
> parallelize_check 1
> obsess_over_service 0
> check_freshness 0
> freshness_threshold 28800
> notifications_enabled 1
> event_handler_enabled 1
> flap_detection_enabled 1
> process_perf_data 1
> retain_status_information 1
> retain_nonstatus_information 1
> register 0
> is_volatile 1
> check_period none
> max_check_attempts 1
> normal_check_interval 5
> retry_check_interval 1
> contact_groups network-admins
> notification_interval 120
> notification_period 24x7
> notification_options w,c,r
> }
>
> define service{
> use mpls-service-template ; template
> host_name host1
> service_description mpls
> check_command ""
> }
>
>
> 2. Configure syslog-ng. Once you have got your config file ready you will
> need to disable the native syslog daemon and start syslog-ng.
>
> syslog-ng config; this is for Solaris the source may need to change for
> linux/BSD:
>
> options {
> keep_hostname(off);
> long_hostnames(off);
> sync(1);
> log_fifo_size(2048);
> bad_hostname("%");
> };
>
> source all {
> sun-stream("/dev/log" door("/etc/.syslog_door"));
> internal();
> udp();
> };
>
>
> # Put each day's log in a separate file within a directory for
> # each host.
> destination d_hosts {
> file("/var/log/hosts/$HOST/$HOST-$YEAR$MONTH$DAY"
> owner(root) group(syslog) perm(0660) dir_perm(0750)
> create_dirs(yes));
> };
>
>
> # To send messages to swatch
> destination d_swatch {
> program("/usr/local/bin/swatch --config-file=/etc/swatchrc
> --read-pipe=\
> "cat /dev/fd/0\"");
> };
>
>
> # log all messages in a directory per host
> log {
> source(all);
> destination(d_hosts);
> };
>
> # send all logs to swatch
> log {
> source(all);
> destination(d_swatch);
> };
>
>
>
> 3. Install and configure swatch.
>
> Sample line from swatchrc
>
> watchfor /pattern-i-want-to-match/
> exec /path/to/my/script.pl $*
>
> So for instance if you are looking out for MPLS messages and your devices
> include "MPLS" in these syslog message match the pattern /MPLS/
>
> 4. Create the script
>
> This should build a passive command based on the contents of the syslog
> message.
>
> For instance it might contain element such as:
>
> if ( $syslogmsg =~ /down/ ) {
> $nagios_code = 2; # Critical
> }
>
> You will need to extract the hostname from the syslog message (and
> possibly the service unless this is hardcoded - it is in this example).
>
> In the end you want to build a message such as:
>
> my $cmd = "[$epoch]
> PROCESS_SERVICE_CHECK_RESULT;$host;$service;$nagios_code;$msg";
>
> And fire it into nagios:
>
> my $echo = '/usr/bin/echo';
> my $pipe = '/usr/local/nagios/var/rw/nagios.cmd';
>
> system "$echo \"$cmd\" >> $pipe";
>
> (As an aside I tried the perl way of doing this rather than a system
> command and had a problem on Solaris I couldn't resolve.)
>
> I would recommend you take a look at Al Toby's module on CPAN for passing
> commands to Nagios.
>
> There are also some shell script examples of passing Nagios commands
> supplied with the distribution.
>
> Jim
>
>
>
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list