#!/usr/bin/perl -wT
#
# Log file regular expression detector for Nagios.
# Written by Aaron Bostick (abostick@mydoconline.com)
# Last modified: 05-02-2002
#
# Thanks and acknowledgements to Ethan Galstad for Nagios and the check_log
# plugin this is modeled after.
#
# Usage: check_log2 -l <log_file> -s <seek_file> -p <pattern> [-n <negpattern>]
#
# Description:
#
# This plugin will scan arbitrary text files looking for regular expression 
# matches.  The text file to scan is specified with <log_file>.
# <log_seek_file> is a temporary file used to store the seek byte position
# of the last scan.  This file will be created automatically on the first 
# scan.  <pattern> can be any RE pattern that perl's s/// syntax accepte.  Be
# forewarned that a bad pattern will send this script into never never land!
#
# Output:
#
# This plugin returns OK when a file is successfully scanned and no pattern
# matches are found.  WARNING is returned when 1 or more patterns are found 
# along with the pattern count and the line of the last pattern matched.
# CRITICAL is returned when an error occurs, such as file not found, etc.
#
# Notes (paraphrased from check_log's notes):
#
#    1.  The "max_attempts" value for the service should be 1, as this
#        will prevent Nagios from retrying the service check (the
#        next time the check is run it will not produce the same results).
#
#    2.  The "notify_recovery" value for the service should be 0, so that
#        Nagios does not notify you of "recoveries" for the check.  Since
#        pattern matches in the log file will only be reported once and not
#        the next time, there will always be "recoveries" for the service, even
#        though recoveries really don't apply to this type of check.
#
#    3.  You *must* supply a different <log_Seek_file> for each service that
#        you define to use this plugin script - even if the different services
#        check the same <log_file> for pattern matches.  This is necessary
#        because of the way the script operates.
#
# Examples:
#
# Check for error notices in messages
#   check_log2 -l /var/log/messages -s ./check_log2.messages.seek -p 'err'
#

require 5.004;
use strict;
use lib utils.pm ;
use Plugin;
use Plugin::Parameter qw(:DEFAULT);

use vars qw($opt_l $opt_s $opt_p $opt_n $opt_t $PROGNAME);

use utils qw(%ERRORS &usage);

my $l_opt = new Plugin::Parameter(-name => "logfile", -flags => [ 'l', 'logfile' ],
				  -optional => "no", -valueoptional => "no", -type => "FILENAME",
				  -description => "The log file to be scanned");
my $s_opt = new Plugin::Parameter(-name => "seekfile", -flags => [ 's', 'seekfile' ],
				  -optional => "no", -valueoptional => "no", -type => "FILENAME",
				  -checker => sub { my ($opt, $parameter, $plugin) = @_;
						    $$opt =~ m/(.*)/;
						    $$opt = $1; },
				  -description => "The temporary file to store the seek position of the last scan");
my $p_opt = new Plugin::Parameter(-name => "pattern", -flags => [ 'p', 'pattern' ],
				  -optional => "no", -valueoptional => "no", -type => "REGEX",
				  -description => "The regular expression to scan for in the log file");
my $n_opt = new Plugin::Parameter(-name => "negpattern", -flags => [ 'n', 'negpattern' ],
				  -optional => "yes", -valueoptional => "no", -type => "REGEX",
				  -description => "The regular expression to skip in the log file");
my $plugin = new Plugin(-revision => '$Revision: 1.1 $',
			-copyright => "2002 Aaron Bostick <abostick\@mydoconline.com>, 2004 Howard Wilkinson <howard\@cohtech.com>",
			-shortcomment => "Scan arbitary log giles for regular expression matches",
			-parameterlists => [ [ $l_opt, $s_opt, $p_opt, $n_opt, $t_opt ], $h_opts, $V_opts ]);

my $pattern_count = 0;
my $pattern_line = '';


$plugin->init();

$plugin->start_timeout($opt_t, "Timed out while scanning log file");

# Open log file
open LOG_FILE, $opt_l || die "Unable to open log file $opt_l: $!";

# Try to open log seek file.  If open fails, we seek from beginning of
# file by default.
if (open(SEEK_FILE, $opt_s)) {
  my @seek_pos = ();
  chomp(@seek_pos = <SEEK_FILE>);
  close(SEEK_FILE);
  #  If file is empty, no need to seek...
  if ($seek_pos[0] && $seek_pos[0] != 0) {
    # Compare seek position to actual file size.  If file size is smaller
    # then we just start from beginning i.e. file was rotated, etc.
    my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) = stat(LOG_FILE);

    if ($seek_pos[0] <= $size) {
      seek(LOG_FILE, $seek_pos[0], 0);
    }
  }
}

# Loop through every line of log file and check for pattern matches.
# Count the number of pattern matches and remember the full line of 
# the most recent match.
while (<LOG_FILE>) {
  if ($opt_n) {
    if ((/$opt_p/) && !(/$opt_n/)) {
      $pattern_count += 1;
      $pattern_line = $_;
    }
  } elsif (/$opt_p/) {
    $pattern_count += 1;
    $pattern_line = $_;
  }
}

# Overwrite log seek file and print the byte position we have seeked to.
# Allow this to fail silently
if (open(SEEK_FILE, "> $opt_s")) {
  print SEEK_FILE tell(LOG_FILE);
  # Close seek file.
  close(SEEK_FILE);
}

# Close the log file.
close(LOG_FILE);

$plugin->stop_timeout();

# Print result and return exit code.
if ($pattern_count) {
  print "$PROGNAME WARNING: ($pattern_count): $pattern_line";
  exit $ERRORS{'WARNING'};
} else {
  print "$PROGNAME OK: No matches found.\n";
  exit $ERRORS{'OK'};
}