Difference between 'CURRENT SERVICE STATE' & 'SERVICE ALERT'

[maheshrm]

Hi,

I am a newbie to Nagios. I googled quite a bit and read documents related to states, notifications and so on. But I did not find answer for my questions.
Could you please help me understand the difference between 'CURRENT SERVICE STATE' & 'SERVICE ALERT'.

Background:
In our Nagios screen all the hosts and their related services are displayed properly. We are planning to use nagios.log for additional tasks.

In nagios.log file, I see that there is CURRENT SERVICE STATE and SERVICE ALERT log lines which contain the necessary information that we need.
I have few questions.

• 1. What is the difference between 'CURRENT SERVICE STATE' & 'SERVICE ALERT'?
  2. Deep diving into the log file, i noticed that CURRENT SERVICE STATE is logged only once at 00:00 AM. Where as the SERVICE ALERT is logged randomly (There is no constant time gap between log entries for a particular Service Check)
  3. Even though the checks are scheduled to run every 5 minutes, the status.dat file has entries every few seconds. This makes it hard to achieve what we need. Since single service check run info is logged multiple times.
  4. Sometimes tail -f on nagios.log stops the log file from updating further. What could be the reason for this?
  5. In one setup nagios.log file is updated every 10 minutes and in one setup it is very random. IS there any configuration to handle the update schedule?

Thanks,
Mahesh

[scottwilkerson]

The entries for "CURRENT SERVICE STATE" are logged every time nagios restarts and at log rotation for every service is you have the following directive set in the nagios.cfg

Code: Select all

log_initial_states=1

The "SERVICE ALERT" items are only logged when a state change occurs

3. Even though the checks are scheduled to run every 5 minutes, the status.dat file has entries every few seconds. This makes it hard to achieve what we need. Since single service check run info is logged multiple times.

this file is updated at the frequency in seconds define in the following nagios.cfg directive

Code: Select all

status_update_interval

More frequent changes are held in memory.

4. Sometimes tail -f on nagios.log stops the log file from updating further. What could be the reason for this?

This sounds like your console disconnecting somehow from the file, or a problem with tail, this would not be nagios related.

5. In one setup nagios.log file is updated every 10 minutes and in one setup it is very random. IS there any configuration to handle the update schedule?

The log is updated in realtime depending on the need to do so, when a state changes, notification is sent, etc. There is no setting for this and events are written as they happen

[ssax]

When nagios restarts (or nagios rotates the nagios.log file at 00:00) it writes the CURRENT HOST STATE and CURRENT SERVICE STATE to the log files so that nagios knows what the current state is for doing calculations. When a service check runs, the result is logged as SERVICE ALERT.

3. Even though the checks are scheduled to run every 5 minutes, the status.dat file has entries every few seconds. This makes it hard to achieve what we need. Since single service check run info is logged multiple times.

It should update the nagios.log file as things occur, there isn't a delayed logging setting for the nagios.log file.

4. Sometimes tail -f on nagios.log stops the log file from updating further. What could be the reason for this?

The tail command would not stop the log file from updating, it's read-only, this was likely a coincidence. Did the file get truncated? If so, try using a capital -F which should retry to read the file if it gets truncated.

5. In one setup nagios.log file is updated every 10 minutes and in one setup it is very random. IS there any configuration to handle the update schedule?

Take a look at these options at the link below:

Code: Select all

status_update_interval
retention_update_interval
log_current_states

See more options here:

https://assets.nagios.com/downloads/nag ... gmain.html