check_log multiple pattern and filtering

[Gerhard Lausser]

Hi,

echo "Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] POWER_FAN
@MB.P0.F0.RS has FAILED." >> messages
echo "Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN
@MB.P0.F0.RS has FAILED." >> messages
echo "Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN
@MB.P0.F0.RS has FAILED." >> messages
echo "Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN
@MB.P0.F0.RS has FAILED." >> messages
echo "Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN
@MB.P0.F0.RS has FAILED." >> messages

$ check_logfiles --tag miscerrors --logfile messages --criticalpattern
"error|connection timed out|SCSI transport failed" --criticalexception
"CPU_FAN @MB.P0.F0.RS has FAILED" --report long
CRITICAL - (2 errors in check_logfiles.protocol-2009-12-03-17-34-46) - Dec 3
07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN @MB.P0.F0.RS has
FAILED. ...|miscerrors_lines=5 miscerrors_warnings=0 miscerrors_criticals=2
miscerrors_unknowns=0
tag miscerrors CRITICAL
Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] POWER_FAN @MB.P0.F0.RS
has FAILED.
Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] DISK_FAN @MB.P0.F0.RS
has FAILED.

with check_logfiles you can define special cases (criticalexceptions) which
do not count even if they match in the first place.
As you see from the performance data miscerrors_lines=5 5 lines of the
messages-file were scanned.
The last match is shown in the 1st line of the plugin's output.
With the option --report long you get the complete list of all matched
lines.
(2 errors in check_logfiles.protocol-2009-12-03-17-34-46) means, the matched
lines were also written in a protocol file for later analysis. This can be
switched off with --noprotocol.

You find the plugin at http://labs.consol.de/nagios/check_logfiles

Cheers,
Gerhard

> -----Ursprüngliche Nachricht-----
> Von: Tobias Exner [mailto:texner at eoipso.com] 
> Gesendet: Donnerstag, 3. Dezember 2009 09:09
> An: Nagios-Users Mailinglist
> Betreff: [Nagios-users] check_log multiple pattern and filtering
> 
> Hi list,
> 
> 
> 
> 1.
> 
> any suggestions how to check multiple pattern with one command?
> 
> 
> example:
> 
> check_log -F /var/adm/messages -O /var/adm/nagios_messages -q 
> "error|connection timed out|SCSI transport failed"
> 
> 
> 
> 
> 2.
> 
> Is there a way to ignore lines from the result?
> 
> example:
> 
> check_log -F /var/adm/messages -O /var/adm/nagios_messages -q "error"
> 
> This will search for all errors.
> But what can I do to ignore lines with with spezial errors like
> 
> Dec 3 07:26:23 SERVER rmclomv: [ID 431010 kern.error] CPU_FAN @ 
> MB.P0.F0.RS has FAILED.
> 
> 
> 
> 
> regards,
> 
> Tobias
> 
> 
> --------------------------------------------------------------
> ----------------
> Join us December 9, 2009 for the Red Hat Virtual Experience,
> a free event focused on virtualization and cloud computing. 
> Attend in-depth sessions from your desk. Your couch. Anywhere.
> http://p.sf.net/sfu/redhat-sfdev2dev
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS 
> when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 


------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null