We are using check_log3 plugin for monitoring the logs fo the servers.log monitoring is working fine but some times raising duplicate incident for the same error alert riased by nagios pluggin
we are getting multiple triggers for same error- that has been logged only once in the log.
below is the check interval time,retrly interval time etc configured in the service check
check_interval 5
retry_interval 1
max_check_attempts 1
notification_interval 0
Details of the incident raised is as below
1659214 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 53 lines (limit=1/1): 2018 4 18 04:30:21.839 This is a duplicate of 1658826
1659146 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 53 lines (limit=1/1): 2018 4 18 04:30:21.839 This is a duplicate of 1658826
1659002 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 53 lines (limit=1/1): 2018 4 18 04:30:21.839 This is a duplicate of 1658826
1658827 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 53 lines (limit=1/1): 2018 4 18 04:30:21.839 This is a duplicate of 1658826
1658826 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 53 lines (limit=1/1): 2018 4 18 04:30:21.839 A lot more errors in the log
1658810 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 13 lines (limit=1/1): 2018 4 18 01:06:07.681 More errors appearing in the log
1658809 PROBLEM: Log file error detected on retail server XXXXX ... Closed Found 5 lines (limit=1/1): 2018 4 18 00:25:25.594 Build up of issues begins
duplicate incident for the same error alert riased by nagios
Re: duplicate incident for the same error alert riased by na
There are a couple of plugins called check_log3 available, could you post more information on where you found the plugin?
Also, can you post how you are running the plugin and it's options?
Some log plugins use a seek file to keep track of the number of changes to the log file and only test if the pattern is in the changes, make sure the seek file exists and that the nagios user can update it when the plugin runs.
It sounds like the seek file is not getting updated when the plugin runs and it returns the previous check data.
Also, can you post how you are running the plugin and it's options?
Some log plugins use a seek file to keep track of the number of changes to the log file and only test if the pattern is in the changes, make sure the seek file exists and that the nagios user can update it when the plugin runs.
It sounds like the seek file is not getting updated when the plugin runs and it returns the previous check data.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: duplicate incident for the same error alert riased by na
attached is the application used for the monitoring the log.below given is the usage of the pluggin
[/settings/external scripts/scripts]
allow arguments = true
allow_nasty_meta_chars = true
port = 5666
timeout = 900
check_logcontent_POSLogImporter=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "*POSLogImporter.txt" -p "File has been moved to" -t most_recent -c 1
;check_logcontent_Tillincoming=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "Tillincoming*" -p "Error - Trans :" -t most_recent -c 1
[/settings/external scripts/scripts]
allow arguments = true
allow_nasty_meta_chars = true
port = 5666
timeout = 900
check_logcontent_POSLogImporter=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "*POSLogImporter.txt" -p "File has been moved to" -t most_recent -c 1
;check_logcontent_Tillincoming=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "Tillincoming*" -p "Error - Trans :" -t most_recent -c 1
- Attachments
-
- check_log3.7z
- attached pluggin
- (1.5 MiB) Downloaded 155 times
Re: duplicate incident for the same error alert riased by na
Without the Seekfile option, the check will always check through the whole file and generate the same output.
Try adding the -s option to the command definition in the nsclient.ini file.
To stop them, run the following as root on the Nagios server.
Thanks.
Try adding the -s option to the command definition in the nsclient.ini file.
Also, make sure there is not a duplicate nagios process running which could cause the duplicate incidelt.-s, --seekfile=<seekfile|base_dir>
The temporary file to store the seek position of the last scan. If not
specified, it will be automatically generated in $tmpdir, based on the
log file's base name. If this is a directory, the seek file will be auto-
generated there instead of in $tmpdir.
To stop them, run the following as root on the Nagios server.
Code: Select all
service nagios stop
killall -9 nagios
service nagios startBe sure to check out our Knowledgebase for helpful articles and solutions!
Re: duplicate incident for the same error alert riased by na
Thanks for the input
"Without the Seekfile option, the check will always check through the whole file and generate the same output.
Try adding the -s option to the command definition in the nsclient.ini file."
where shouuld i add -s on below commans in nsclient.ini
check_logcontent_POSLogImporter=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "*POSLogImporter.txt" -p "File has been moved to" -t most_recent -c 1
"Without the Seekfile option, the check will always check through the whole file and generate the same output.
Try adding the -s option to the command definition in the nsclient.ini file."
where shouuld i add -s on below commans in nsclient.ini
check_logcontent_POSLogImporter=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "*POSLogImporter.txt" -p "File has been moved to" -t most_recent -c 1
Re: duplicate incident for the same error alert riased by na
You should be able to put the -s on the end if the command like the example below.
Try it out and let us know if you have any further questions.
Code: Select all
check_logcontent_POSLogImporter=scripts\check_log3.exe -logfile=d:\DRSApps\logfiles\ -m "*POSLogImporter.txt" -p "File has been moved to" -t most_recent -c 1 -sBe sure to check out our Knowledgebase for helpful articles and solutions!