check_log and multi-querry

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
jerome
Posts: 4
Joined: Fri Jul 29, 2016 1:54 am

check_log and multi-querry

Post by jerome »

Hello,

First, sorry for my poor english.
I used check_log 1.5 where i could make a request with multi query, like this :
-q ‘querry1|querry2|querry3′
I have recently installed check_log 2.1.1, and multi-querry does not work.

Have you any idea ?

Thank you for your time.
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: check_log and multi-querry

Post by rkennedy »

Can you show us full examples of what you're running over the CLI, or how you have your command / service definition setup?
Former Nagios Employee
jerome
Posts: 4
Joined: Fri Jul 29, 2016 1:54 am

Re: check_log and multi-querry

Post by jerome »

Hello,

For exemple. I am looking in the log file of the clamav scan result.
There is a line like : Infected files: 0 (or 1, 56, 9453543)

My command line is :

/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'

With this, if the log report :
Infected files: 32
the plugin check_log reports something.
Because it was looking for the query "Infected files: 1*" OR "Infected files: 2*" OR "Infected files: 3*", etc etc..

But, with the new version of Check_log, the plugin is looking for the query 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
Like if we were searching the all sentence.
So for "Infected files: 32" it returns nothing :
"Log check ok - 0 pattern matches found"
but if i try
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 3'
the result is ok, "Infected files: 32" is found.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: check_log and multi-querry

Post by ssax »

Please try this:

Code: Select all

/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1\|Infected files: 2\|Infected files: 3\|Infected files: 4\|Infected files: 5\|Infected files: 6\|Infected files: 7\|Infected files: 8\|Infected files: 9' 
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: check_log and multi-querry

Post by rkennedy »

I was testing this before @ssax posted, but the \ does indeed work as escaping the |.

For reference:
2.0.3 -

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
(5) < frank
2.1.2 -

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
Log check ok - 0 pattern matches found|match=0;;;0
(after escaping)

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank\|billy"
(5) < frank|match=5;;;0
Former Nagios Employee
jerome
Posts: 4
Joined: Fri Jul 29, 2016 1:54 am

Re: check_log and multi-querry

Post by jerome »

Hello,

thank you for your help, it works perfectly whith escaping with \ !
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: check_log and multi-querry

Post by tmcdonald »

Great to hear! Mind if we close this up?
Former Nagios employee
jerome
Posts: 4
Joined: Fri Jul 29, 2016 1:54 am

Re: check_log and multi-querry

Post by jerome »

No problem, you can close this post.
(sorry, i didn't know if i had to put in subject [Resolved] or something like that).
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: check_log and multi-querry

Post by tmcdonald »

We usually ask if it's okay, so for future reference just let us know in a post!
Former Nagios employee
Locked