CHeck_Logfiles Critical Threshold not working

[EchoKev]

Hello All,

I have been trying to get the criticalthreshold option working in the check_logfiles (https://labs.consol.de/nagios/check_logfiles/) plugin to work in my setup without luck. What I am trying to do it only give a critical alert when there are 30 matches of the critical paterns on a check. Currently it alerts when there are any matches (one or more). If someone could point me at what I am configuring wrong I would really appreaciate it.

I have tried both: criticalthreshold => 30 and options => ' criticalthreshold=30'


Here is an example of my configuration file:

Code: Select all

$seekfilesdir = '/tmp/nagios';
# where the state information will be saved.

$protocolsdir = '/tmp/nagios';
# where protocols with found patterns will be stored.

$scriptpath = '/usr/local/nagios/libexec:/tmp/nagios';
# where scripts will be searched for.

@searches = (
  {
    tag => 'App_Log',
    logfile => '/var/log/app-log.log',
    criticalpatterns => ['ERROR','FATAL',],
    criticalthreshold => 30
  }
);

Thanks for any help!

[rkennedy]

We're a bit limited on the Support we can provide as this is a third party plugin. Have you taken a look at the examples page to see if anything lines up? https://labs.consol.de/nagios/check_logfiles/examples/

One thing I'm noticing, is you don't have savethresholdcount defined, which I believe could affect it -

Code: Select all

[no]savethresholdcount 	Controls whether the hit counter will be saved between the runs. If yes, hit numbers are added until a threshold is reached (criticalthreshold). Otherwise the run begins with resetted counters. 	default: on

[EchoKev]

Hi,

Thanks, for the reply. I did check out their examples, but unfortunately they don't have an example for that setting.

The option that you noticed is for keeping a count between checks, I only want to get an alert if there is that many alerts within each log check period.

[rkennedy]

Hi,

Thanks, for the reply. I did check out their examples, but unfortunately they don't have an example for that setting.

The option that you noticed is for keeping a count between checks, I only want to get an alert if there is that many alerts within each log check period.

I understand that part, the caveat here is that I believe the feature is turned 'on' by default, and will impact your checks - that's why I brought it up.

[EchoKev]

Ah, that makes sense, but unfortunately still does not help, as currently it alerts critical on 1 error, not adding up to 30 per check or 30 in total.

Thanks again.

[avandemore]

Have you contacted the author of the plugin? Have you tried the verbose option from the command line to see what is happening?

Here is some information on creating your own plugin if that doesn't work for you:
https://nagios-plugins.org/doc/guidelines.html
https://mathias-kettner.de/checkmk_localchecks.html
http://www.yourownlinux.com/2014/06/how ... cript.html

[mcapra]

Judging by the docs, it looks like your configuration file has a parameter where it should instead have an option. Can you give this revision a try and see if it produces the desired results:

Code: Select all

$seekfilesdir = '/tmp/nagios';
# where the state information will be saved.

$protocolsdir = '/tmp/nagios';
# where protocols with found patterns will be stored.

$scriptpath = '/usr/local/nagios/libexec:/tmp/nagios';
# where scripts will be searched for.

@searches = (
  {
    tag => 'App_Log',
    logfile => '/var/log/app-log.log',
    criticalpatterns => ['ERROR','FATAL',],
    options => 'criticalthreshold=30'
  }
);

[EchoKev]

HI,

I have that now, but it seems to still alert when there is not 30 alerts in the log since the last check.

[EchoKev]

I am adding "nosavethresholdcount," to my options setting to see if that makes a difference. Will report back.

Thanks for the assistance.

[mcapra]

Certainly, let us know if that doesn't produce the desired behavior and we can troubleshoot further.