[Nagiosplug-help] checking logs

Ralph.Grothe at itdz-berlin.de Ralph.Grothe at itdz-berlin.de
Tue Jun 26 08:07:45 CEST 2007

Previous message: [Nagiosplug-help] checking logs
Next message: [Nagiosplug-help] check_nrpe and check_mailq
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Robert,

I am quite content with the Perl plugin check_log2.pl,
which I successfully employ on all kinds of Unix hosts that I
need to monitor,
such as HP-UX, Solaris, AIX, and various Linux distros.

For instance on one of my nrpe Linux hosts which has an rpm based
distro (viz. RHES4)
I got these installed out of the package without any ado:

$ rpm -ql nagios-plugins|grep check_log
/usr/lib/nagios/plugins/check_log
/usr/lib/nagios/plugins/contrib/check_log2.pl

of which the first is a shell script and the latter the Perl
script that I employ.
Perl can compile this without any complains and prerequisites.

$ perl -cw /usr/lib/nagios/plugins/contrib/check_log2.pl
/usr/lib/nagios/plugins/contrib/check_log2.pl syntax OK

Because I am interested in getting notifications when there
appear messages from the kernel
in the host's syslog file (which almost always are indications
for some trouble ahead),
I defined this nrpe command.
As you can see the only pattern here is the word "kernel",
whereas on my hpux boxes it would be "vmunix"
(thus the name).
Of course you are totally free to parse for more intricate
regexes than this.
Also note that this plugin requires an interim "caching" file
where to store the diffs between invocatios,
given by the -s switch.


$ grep VMUNIX /etc/nagios/nrpe.cfg 
command[check_syslog_VMUNIX]=/usr/lib/nagios/plugins/check_log2.p
l -l /var/log/messages -s /tmp/messages_seek_kernel.txt -p kernel


As the nrpe service is usually spawned by inetd and running with
minor priveleges
(e.g. nagios:nagios instead of root)
it is essential that your logfile you need to monitor is readable
by that user
and the interim cache file writable.
If you hesitate to make your logfile world readable (for it might
contain security or audit data etc.)
you could also set up an ACL rule for the user nrpe is run as.

$ grep -E user\|group\|port /etc/xinetd.d/nrpe 
        port            = 5666
        user            = nagios
        group           = nagios
 
$ netstat -tln|grep \.5666
tcp        0      0 0.0.0.0:5666                0.0.0.0:*
LISTEN      


HTH

> -----Original Message-----
> From: nagiosplug-help-bounces at lists.sourceforge.net
> [mailto:nagiosplug-help-bounces at lists.sourceforge.net]On Behalf
Of
> Robert Cole
> Sent: Monday, June 25, 2007 10:04 PM
> To: nagiosplug-help at lists.sourceforge.net
> Subject: [Nagiosplug-help] checking logs
> 
> 
> Ok, I'm going nuts here because no matter what check log type 
> of script 
> I use on nagiosexchange.org none seem to work. I just tried 
> check_logs.pl and that's even listed in the nagios book I 
> have with an 
> example yet I get this when I try to run it:
> 
> [root at tui001 ~]# /usr/lib64/nagios/plugins/check_logs.pl -c 
> /etc/nagios/check_logs.cfg
> Error: can not load configuration file.
> [root at tui001 ~]#
> 
> The configuration file looks like this:
> 
> # /etc/nagios/check_logs.cfg
> $seek_file_template='/home/nagios/$log_file.check_log.seek
> 
> @log_files = (
>         {'file_name' => '/var/log/youmail/login.log',
>          'reg_exp' => 'No ManagedConnections available within 
> configured 
> blocking timeout',
>         },
> );
> 
> I use to have a 1; down at the bottom using an example right 
> out of the 
> book "Nagios System and Network Monitoring" by Wolfgang Barth
on page 
> 143 but it still didn't work and I got the same error there.
The 
> permissions on the file I even set to 777 so its not
permissions.
> 
> Can anyone help me please? All I'm trying to do is look for
specific 
> strings of text in various log files and NOTHING I've found 
> works. I've 
> tried these plugins on Gentoo, RHEL v5, Fedora 7, CentOS 5 
> and nothing 
> is working to simply look for strings of text. I'm not a 
> scripter by any 
> stretch and I have nagios working pretty well for anything that
I can 
> test from a remote station but getting anything that looks 
> for strings 
> of text via check_by_ssh or nrpe is a complete no go.
> 
> Please help.
> 
> Thanks,
> Robert
> 
> --------------------------------------------------------------
> -----------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and
take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting 
> any issue. 
> ::: Messages without supporting info will risk being sent to
/dev/null
>

Previous message: [Nagiosplug-help] checking logs
Next message: [Nagiosplug-help] check_nrpe and check_mailq
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list