check_logfiles returns OK inspite of Error in the log file

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
kaushalshriyan
Posts: 119
Joined: Fri May 22, 2015 7:12 am

check_logfiles returns OK inspite of Error in the log file

Post by kaushalshriyan »

Hi,

I have gone through the document https://labs.consol.de/nagios/check_logfiles/index.html. I am running the below command

Code: Select all

/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/hashapi/gnipclienttest.log --criticalpattern "Error message received as stream result. Quitting connection"

OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0

Code: Select all

cat /opt/tomcat_gnip/logs/hashapi/gnipclienttest.log
[ERROR] 2016-11-24 04:02:49.176 [pool-4-thread-1] GnipClientLog   - Error message received as stream result. Quitting connection.
[ERROR] 2016-12-01 00:54:18.541 [pool-4-thread-1] GnipClientLog   - Error message received as stream result. Quitting connection.

I am not sure why the command returns OK inspite of having Error in the /opt/tomcat_gnip/logs/hashapi/gnipclienttest.log file

Code: Select all

/usr/lib/nagios/plugins/check_logfiles --version
check_logfiles v3.7.6.3

/usr/lib/nagios/plugins/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
       check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
                      --criticalpattern=<regexp> --warningpattern=<regexp>

/usr/lib/nagios/plugins/check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

You can find the complete documentation at
http://labs.consol.de/nagios/check_logfiles/

Usage: check_logfiles [-t timeout] -f <configfile>

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
  {
    tag => 'temperature',
    logfile => '/var/adm/syslog/syslog.log',
    rotation => 'bmwhpux',
    criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],
    warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],
    options => 'script,protocol,nocount',
    script => 'sendnsca_cmd'
  },
  {
    tag => 'scsi',
    logfile => '/var/adm/messages',
    rotation => 'solaris',
    criticalpatterns => 'Sense Key: Not Ready',
    criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
    options => 'noprotocol'
  },
  {
    tag => 'logins',
    logfile => '/var/adm/messages',
    rotation => 'solaris',
    criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
    criticalthreshold => 4
    warningpatterns => ['read error.*$CL_DISK02$'],
  }
);
I will appreciate if anyone can help me understand what is going wrong in my above command line. Please share me some working examples to understand more about the usage of check_logfiles nagios plugin.

Thanks in Advance.

Regards,

Kaushal
Last edited by dwhitfield on Thu Dec 01, 2016 11:16 am, edited 1 time in total.
Reason: code blocks FTW
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: check_logfiles returns OK inspite of Error in the log fi

Post by dwhitfield »

That's not our product, so we can only offer limited support.

What happens if you use --criticalpatten "Error" instead of the longer string?
kaushalshriyan
Posts: 119
Joined: Fri May 22, 2015 7:12 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by kaushalshriyan »

Hi Douglas,

I still see the same issue.

#cat /opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log
[ERROR] 2016-11-24 04:02:49.176 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
[ERROR] 2016-12-01 00:54:18.541 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.

#/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern "Error"
OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0

#/usr/lib/nagios/plugins/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
--criticalpattern=<regexp> --warningpattern=<regexp>

#/usr/lib/nagios/plugins/check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

You can find the complete documentation at
http://labs.consol.de/nagios/check_logfiles/

Usage: check_logfiles [-t timeout] -f <configfile>

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
{
tag => 'temperature',
logfile => '/var/adm/syslog/syslog.log',
rotation => 'bmwhpux',
criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],
warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],
options => 'script,protocol,nocount',
script => 'sendnsca_cmd'
},
{
tag => 'scsi',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => 'Sense Key: Not Ready',
criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
options => 'noprotocol'
},
{
tag => 'logins',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
criticalthreshold => 4
warningpatterns => ['read error.*$CL_DISK02$'],
}
);

Please let me know if you need any additional details.

Thanks in Advance.

Regards,

Kaushal
avandemore
Posts: 1597
Joined: Tue Sep 27, 2016 4:57 pm

Re: check_logfiles returns OK inspite of Error in the log fi

Post by avandemore »

The creator of the plugin is http://labs.consol.de/ so it is best to seek their help in your plugin issue.

If you want to create your own plugin, here is some information:

https://nagios-plugins.org/doc/guidelines.html
https://mathias-kettner.de/checkmk_localchecks.html
http://www.yourownlinux.com/2014/06/how ... cript.html

Using standard system tools and the negate plugin, it would be relatively easier to accomplish what you are trying to do in this specific case.
Previous Nagios employee
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by tgriep »

What that plugin does the first tile it runs, it caches the last run in to a temporary file so when it run again, it will only look for the pattern from that last run.
If you want to always check for that pattern and send a critical, you would use the --noprotocol option like below.

Code: Select all

/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern 'Error' --noprotocol
Else, you would remove the cached file from the /tmp folder and it would be called like this for example.

Code: Select all

check_logfiles.protocol-2016-12-05-14-53-17
Be sure to check out our Knowledgebase for helpful articles and solutions!
kaushalshriyan
Posts: 119
Joined: Fri May 22, 2015 7:12 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by kaushalshriyan »

Hi tgriep,

Please find the below details

root@/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern 'Error' --noprotocol
OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0
-----------------------------
root@:/home/kaushalshriyan# cat /opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log
[ERROR] 2016-11-24 04:02:49.176 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
[ERROR] 2016-12-01 00:54:18.541 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
-----------------------------
root@:/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
--criticalpattern=<regexp> --warningpattern=<regexp>

-----------------------------
root@:/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

You can find the complete documentation at
http://labs.consol.de/nagios/check_logfiles/

Usage: check_logfiles [-t timeout] -f <configfile>

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
{
tag => 'temperature',
logfile => '/var/adm/syslog/syslog.log',
rotation => 'bmwhpux',
criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],
warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],
options => 'script,protocol,nocount',
script => 'sendnsca_cmd'
},
{
tag => 'scsi',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => 'Sense Key: Not Ready',
criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
options => 'noprotocol'
},
{
tag => 'logins',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
criticalthreshold => 4
warningpatterns => ['read error.*$CL_DISK02$'],
}
);

-----------------------------
root@:/home/kaushalshriyan#

Please let me know if you need any additional information.

Regards,

Kaushal
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by tgriep »

I guess the --noprotocol option doesn't work like it should.
At this point, you will have to contact the author of the plugin for help.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
ruffsense
Posts: 140
Joined: Thu Apr 11, 2013 12:40 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by ruffsense »

I tested your problem. You need nrpe to make this work. I did it with nrpe and it gave me a critical.
I don't insult, I diagnose.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by tgriep »

Yes, to run that check on a remote Linux server you do need NRPE. Thanks for that.

The check_logfiles plugin does cache the status of the last run in either the /tmp or the /var/tmp folder so the first time it is ran, it will show the critical.
If no new entries are in the log file before the second run, it will show an OK status but the --noprotocol option says to ignore the cached data but that seems to not be working for the Original Poster.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
ruffsense
Posts: 140
Joined: Thu Apr 11, 2013 12:40 am

Re: check_logfiles returns OK inspite of Error in the log fi

Post by ruffsense »

@tgriep because he is not running it with check_nrpe.
/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern 'Error' --noprotocol
this should be in his nrpe.cfg file and it will work.
I don't insult, I diagnose.
Locked