how does nagios log server handle corrupt logs

[pkarr]

Hi,
We are in the process of evaluating NLS for our environment and were wondering what happens
when a corrupted log file is encountered. Does it return an error to that effect or set the logfile aside?

Currently we have some checks that search for specific EventIDs and often find that windows log files are corrupted.
Now nagios (nsclient++) returns an error message saying that it couldn't find because logfile is corrupted.

thanks,
Penny

Penny Karr | IT Infrastructure Monitoring
Harvard Vanguard Medical Associates, an Affiliate of Atrius Health
254 Second Avenue | Needham, MA 02494
P (781) 292-1853 | F (781 292-1980 | http://www.harvardvanguard.org
Email: penny_karr@atriushealth.org

[scottwilkerson]

Is this a textual file?

Using the nxlog agent sending it will continuously look for new text in the log file and send that data (and yes it does handle file rotation).

I've not yet encountered any issues reading log files using nxlog

[benhank]

Hey Scott,
If the sending device itself has the corrupt log files, that is Server123@domain.org's is sending event logs to NLS. Server123's event logs get corrupted BEFORE shipping them out to NLS. Server123 then sends its corrupted event log(s) to NLS.

What does NLS do with the corrupted data after receiving it?
How will those corrupted logs affect search results?
Can NLS detect a corrupted log file?
btw pkarr and I are on the same team. i am not hijacking her post =)

[scottwilkerson]

If you can clearly define "corrupted" you could find it via the filters and add a drop {} filter to not index the message, otherwise Log Server will index the data as it receives it.

[benhank]

ok that makes sense. thanks scott