Hello,
First, sorry for my poor english.
I used check_log 1.5 where i could make a request with multi query, like this :
-q ‘querry1|querry2|querry3′
I have recently installed check_log 2.1.1, and multi-querry does not work.
Have you any idea ?
Thank you for your time.
check_log and multi-querry
Re: check_log and multi-querry
Can you show us full examples of what you're running over the CLI, or how you have your command / service definition setup?
Former Nagios Employee
Re: check_log and multi-querry
Hello,
For exemple. I am looking in the log file of the clamav scan result.
There is a line like : Infected files: 0 (or 1, 56, 9453543)
My command line is :
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
With this, if the log report :
Infected files: 32
the plugin check_log reports something.
Because it was looking for the query "Infected files: 1*" OR "Infected files: 2*" OR "Infected files: 3*", etc etc..
But, with the new version of Check_log, the plugin is looking for the query 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
Like if we were searching the all sentence.
So for "Infected files: 32" it returns nothing :
"Log check ok - 0 pattern matches found"
but if i try
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 3'
the result is ok, "Infected files: 32" is found.
For exemple. I am looking in the log file of the clamav scan result.
There is a line like : Infected files: 0 (or 1, 56, 9453543)
My command line is :
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
With this, if the log report :
Infected files: 32
the plugin check_log reports something.
Because it was looking for the query "Infected files: 1*" OR "Infected files: 2*" OR "Infected files: 3*", etc etc..
But, with the new version of Check_log, the plugin is looking for the query 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
Like if we were searching the all sentence.
So for "Infected files: 32" it returns nothing :
"Log check ok - 0 pattern matches found"
but if i try
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 3'
the result is ok, "Infected files: 32" is found.
Re: check_log and multi-querry
Please try this:
Code: Select all
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1\|Infected files: 2\|Infected files: 3\|Infected files: 4\|Infected files: 5\|Infected files: 6\|Infected files: 7\|Infected files: 8\|Infected files: 9'
Re: check_log and multi-querry
I was testing this before @ssax posted, but the \ does indeed work as escaping the |.
For reference:
2.0.3 -
2.1.2 -
(after escaping)
For reference:
2.0.3 -
Code: Select all
[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
(5) < frank
Code: Select all
[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
Log check ok - 0 pattern matches found|match=0;;;0
Code: Select all
[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank\|billy"
(5) < frank|match=5;;;0
Former Nagios Employee
Re: check_log and multi-querry
Hello,
thank you for your help, it works perfectly whith escaping with \ !
thank you for your help, it works perfectly whith escaping with \ !
Re: check_log and multi-querry
No problem, you can close this post.
(sorry, i didn't know if i had to put in subject [Resolved] or something like that).
(sorry, i didn't know if i had to put in subject [Resolved] or something like that).
Re: check_log and multi-querry
We usually ask if it's okay, so for future reference just let us know in a post!
Former Nagios employee