Checking a log file from a current point in real time.

[digitallife]

Hello, I'm using the check_log_file.pl plugin, and it work great! However, here is my question/problem. When using the plugin to monitor my log file, and I find an error, how do I make the check_log_file script to start monitoring from that point, rather than reading the entire log again and flagging on that same error. In other words, if I get notified of an error at 5pm and another error is populated at 8pm, I want the check_log_file script to notify me only on the 8pm error, and so on any additional errors. Any suggestions?

[ssax]

Please post a link to the plugin you are using so that we know which one we are looking at.

[digitallife]

Here is the link

http://exchange.nagios.org/directory/Pl ... nt/details

[ssax]

Are the entries in your log file timestamped? Can you post a sanitized example of what two of the entries would look like?

[digitallife]

Yes, logs are time stamped. I have uploaded a sample. Here are the first set of errors and I am notified.

14:26:08,273 ERROR [STDERR] SLF4J: Class path contains multiple SLF4J bindings.
14:26:08,273 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/common/lib/slf4j-jboss-logging.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:26:08,273 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/server/xanboo/deploy/mweb_27_6_1.war/WEB-INF/lib/slf4j-simple-1.6.6.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:26:08,273 ERROR [STDERR] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
14:26:08,275 ERROR [STDERR] SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
14:26:11,060 INFO [TomcatDeployment] deploy, ctxPath=/dlweb
14:26:11,526 ERROR [STDERR] SLF4J: Class path contains multiple SLF4J bindings.
14:26:11,526 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/common/lib/slf4j-jboss-logging.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:26:11,526 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/server/xanboo/deploy/99-Web_59.5.war/WEB-INF/lib/slf4j-log4j12-1.6.2.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:26:11,526 ERROR [STDERR] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindin

Here are the errors again at 19:26 and I want to be notified for these, not the one at 14:26.

19:26:08,273 ERROR [STDERR] SLF4J: Class path contains multiple SLF4J bindings.
19:26:08,273 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/common/lib/slf4j-jboss-logging.jar/org/slf4j/impl/StaticLoggerBinder.class]
19:26:08,273 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/server/xanboo/deploy/mweb_27_6_1.war/WEB-INF/lib/slf4j-simple-1.6.6.jar/org/slf4j/impl/StaticLoggerBinder.class]
19:26:08,273 ERROR [STDERR] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
19:26:08,275 ERROR [STDERR] SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
19:26:11,060 INFO [TomcatDeployment] deploy, ctxPath=/dlweb
19:26:11,526 ERROR [STDERR] SLF4J: Class path contains multiple SLF4J bindings.
19:26:11,526 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/common/lib/slf4j-jboss-logging.jar/org/slf4j/impl/StaticLoggerBinder.class]
19:26:11,526 ERROR [STDERR] SLF4J: Found binding in [vfszip:/opt/app/jboss-as-51/server/xanboo/deploy/99-Web_59.5.war/WEB-INF/lib/slf4j-log4j12-1.6.2.jar/org/slf4j/impl/StaticLoggerBinder.class]
19:26:11,526 ERROR [STDERR] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
# A fatal error has been detected by the Java Runtime Environment:

[jdalrymple]

I don't think what you're wanting to do is going to be possible without a modified plugin. This one simply counts occurrences of a line in a file so the state change over time is impossible to interpret unless it also purges the data at the same time that it reads it - likely not what you want.

The plugin located here:

http://exchange.nagios.org/directory/Pl ... pl/details

maintains state between iterations and may work better for what you're trying to accomplish.

[digitallife]

OK, I will give it at try. Thanks

[jdalrymple]

We'll leave the thread open for now. Post back if you need help making that alternative plugin suit your needs or if you get it solved.

Thanks

[digitallife]

OK, I need a little help. I've uploaded the file to my Linux server but when try to execute it, I get the following error.

[root@nagios libexec]# . check_events.pl -L /tmp/log.test2 -D "utility power failure" -U "utility power restored"
bash: use: command not found
bash: use: command not found
bash: check_events.pl: line 5: syntax error near unexpected token `('
bash: check_events.pl: line 5: `use vars qw($PROGNAME $VERSION);'
[root@nagios libexec]#

Here are the first eleven line of the code.

1 #! /usr/bin/perl -w
2
3 use strict;
4 use warnings;
5 use vars qw($PROGNAME $VERSION);
6 use FileHandle;
7 use File::Basename qw(basename);
8 use Nagios::Plugin;
9 use Digest::MD5;
10
11 $VERSION = '0.1.6';

Thanks for your help....

[jdalrymple]

By prepending the command with a . you're using bash to interpret a perl file. This simply will not work. Instead use perl in place of the ., or just set the script to be executable.