Logfile Analysis

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Fri Sep 24 11:59:16 CEST 2004

Previous message: Logfile Analysis
Next message: statusmap colour for hosts with not ok services
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Sir,

I am writing to thank you for your letter and say,

On Thu, Sep 23, 2004 at 09:14:13AM -0700, nagios-users-request at lists.sourceforge.net wrote:
> 
> Message: 6
> Date: Thu, 23 Sep 2004 09:33:34 +0200
> From: "Mohr James" <james.mohr at elaxy.com>
> To: <Nagios-users at lists.sourceforge.net>
> Subject: [Nagios-users] Logfile Analysis
> 
> Hi All!
> 
> I am looking for a tool that we can intregrate with Nagios to parse log =
> files and then send events to Nagios. I've googled and found a couple of =
> tools, but I didn't find any that specifically address the issue of =
> starting an external program when certain text is found.  Any input is =
> greatly appreaciated.

There are at least 3 people that have reported good results with SEC 
(Simple Event Correlator) and Nagios, one of them in the last week.

An archive search (gmane) should find those letters.

Sec provides the ability to not only fork an external program on 
discovery of a text in the input stream but also (from the SEC man page)

Single - match input event and immediately execute an  action  that  is
specified by rule.

SingleWithScript - match input event and depending on the exit value of
an external script, execute an action.

SingleWithSuppress - match input event and execute  an  action  immedi-
ately, but ignore following matching events for the next t seconds.

Pair  -  match  input  event, execute an action immediately, and ignore
following matching events until some  other  input  event  arrives.  On
arrival of the second event execute another action.

PairWithWindow  -  match  input  event and wait for t seconds for other
input event to arrive. If that event is not observed within given  time
window,  execute  an  action.  If  the  event  arrives on time, execute
another action.

SingleWithThreshold - count matching input events during t seconds  and
if given threshold is exceeded, execute an action and ignore all match-
ing events during rest of the time window.

SingleWith2Thresholds - count matching input events during  t1  seconds
and  if  given  threshold  is exceeded, execute an action. Now start to
count matching events again and if their number per  t2  seconds  drops
below second threshold, execute another action.

Suppress  -  suppress matching input event (used to keep the event from
being matched by later rules)

Calendar - execute an action at specific times.

SEC is a very good way to front end SNMP traps (no need to write trap 
handlers).

> 
> Regards,
> 
> James Mohr
> Systembetrieb

Yours sincerely.

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Logfile Analysis
Next message: statusmap colour for hosts with not ok services
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list