Create Parser Nagios

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
rubensc79
Posts: 1
Joined: Wed May 20, 2015 10:55 am

Create Parser Nagios

Post by rubensc79 »

I have to do a parser to create an alert for the following logs but do not know how.

You can help me.

Log lines are ...

[1423038266] Unable to send check for host 'Server1' to worker (ret=-2)
[1423038266] Unable to send check for host 'Server2' to worker (ret=-2)
[1423007052] Unable to run check for service 'PING' on host 'Server3'

Thanks...
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Create Parser Nagios

Post by jolson »

Are these logs arriving in Nagios Log Server already? If so, are the lines that you have reported available in the 'Message' field?
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Jklre
Posts: 163
Joined: Wed May 28, 2014 1:56 pm

Re: Create Parser Nagios

Post by Jklre »

rubensc79 wrote:I have to do a parser to create an alert for the following logs but do not know how.

You can help me.

Log lines are ...

[1423038266] Unable to send check for host 'Server1' to worker (ret=-2)
[1423038266] Unable to send check for host 'Server2' to worker (ret=-2)
[1423007052] Unable to run check for service 'PING' on host 'Server3'

Thanks...
I had a bit of trouble with the learning curve for some crazy log files. I detailed what I did to get them running in the below thread.

http://support.nagios.com/forum/viewtop ... 37&t=31227

Here is the recap i hope it helps:

re-cap for anyone else interested in this:

I had to create the custom grok rules in a file in the "/usr/local/nagioslogserver/logstash/patterns/" folder

Create a file and create whatever custom rules I want.

ruleName regex-match (1 per line) example :
COMPANY_CODE (CoCode=[A-Z0-9]{2}|coCode=[A-Z0-9]{2})

Then when I create the input filter I need to have the grok rules as %{CustomGrokRule:Whatever_I_want_the_table_to_be_named}

if [type] == 'syslog' {
grok {
patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/."
match => [ 'message', '%{SYSLOG5424PRI}%{MITCH_HOST:Mitch_host}%{DATA:syslog_message}%%{CSTTERROR:CSTTError}%%%{MITCHERRORNUM}%%%{MITCHPRIORITY:Mitch_Priority}%%%{MITCH_ORG_HOST:Mitch_org_host}%{MITCHPROG:Mitch_prog}%{MITCHTIME:Mitchell_time}%{MITCHMESSAGE:Mitch_Message}%{MITCHMESSAGE2:Mitch_Message1}' ]
}
}

Grok Debugger
https://grokdebug.herokuapp.com/

Regex helper
http://regexpal.com/
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Create Parser Nagios

Post by jolson »

Thanks Jklre. rubensc79, I will await any further questions that you have.
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Locked

Return to “Nagios Log Server”