[Nagiosplug-help] Usage of check_log

Server Admin admin at treenetnz.com
Mon Aug 8 09:17:34 CEST 2005


Ralph.Grothe at itdz-berlin.de wrote:
> Hello,
> 
> this may all be pretty obvious and self-explanatory to long time
> Nagios veterans.
> 
> But I beg your pardon, this ultra terse help screen doesn't
> instruct me at all on the correct usage of this particular
> plug-in.
> Does it cause the plug-in authors such hardship to spare the
> extra 80 chars or so for a lucid example line?
> 
> 
> # libexec/check_log --help                                
> check_log (nagios-plugins 1.4) 1.4
> The nagios plugins come with ABSOLUTELY NO WARRANTY. You may
> redistribute
> copies of the plugins under the terms of the GNU General Public
> License.
> For more information about these matters, see the file named
> COPYING.
> 
> Usage: check_log -F logfile -O oldlog -q query
> Usage: check_log --help
> Usage: check_log --version
> 
> Log file pattern detector plugin for Nagios
> 
> Send email to nagios-users at lists.sourceforge.net if you have
> questions
> regarding use of this software. To submit patches or suggest
> improvements,
> send email to nagiosplug-devel at lists.sourceforge.net.
> Please include version information with all correspondence (when
> possible,
> use output from the --version option of the plugin itself).
> 
> 
> 
> For instance I'm after kernel Oops and similar utters from the
> kernel that are marked on my host's OS 
> as vmunix in syslogd's main log, and almost always (except during
> system startup) indicate a critical condition.
> 
> e.g.
> 
> # grep vmunix /var/adm/syslog/syslog.log|tail -1
> Apr 29 09:44:20 terra vmunix: vxfs: mesg 001: vx_nospace -
> /dev/vg03/lvol1 file system full (1 block extent)
> 
> 
> 
> Now I would want check_nrpe to run something like
> 
> $libexec_dir/check_log -F /var/adm/syslog/syslog.log -q /vmunix/
> 
> 
> But according to the above usage synopsis this was wrong syntax
> because the -O option was lacking.
> But then I wouldn't know what -O was good for.
> Intuitively I would assosiate it with some intended output file.
> But the "oldlog" would be a bit of a misnomer.
> Or does it relate to also parsing some older, probably already
> rotated logfile.
> 
> You see, this is all highly speculative and leaves ample space
> for wild guesses.
> 

RTFM. It is in there somewhere. I found it after the same problem.

check_log is a special case in plugins being a stateful check and -O is 
part of the solution.
You see in order to check the log ofr updates it needs to keep a record 
of what the log looked like last time it checked. -O indicates the 
filename each instance of check_log needs to keep this record.

There are two catches here:
- first, you need a unique -O and thus command for every log being checked.
- second, two consecutive checks will provide different results.
	ie. the first may find entries for a WARNING/CRITICAL, further checks 
after will find none and report OKAY until a new matching log entry is 
added.


AYJ




More information about the Help mailing list