log file monitoring

[maddev]

Hi,

I have a fresh install of XI in place with which I would like to monitor a log file present on remote node(linux and windows).

How do I go about it. I saw check_log and check_logfiles plugins available in my XI machine where as only check_log is present in the remote machine which has NRPE installed.

I am looking for a step by step guidance on this. Whatever I tried foo last 2 days did not yield any results.

[jolson]

What I would do in this case is get on your remote host and begin crafting the command that you want to run. The first thing I would do is pull up the help page for check_log:

Code: Select all

[root@localhost ~]# /usr/local/nagios/libexec/check_log -h

Usage: check_log -F logfile -O oldlog -q query
Usage: check_log --help
Usage: check_log --version

If this will work for your purposes, try a few commands on the remote machine to ensure that it will work fine. Some example commands:

Code: Select all

/usr/local/nagios/libexec/check_log -F /var/log/httpd/error_log -O oldlog -q error
/usr/local/nagios/libexec/check_log -F /var/log/cron -O oldlog -q concern

check_log3 is a little more feature-rich if you're looking for something more advanced: https://exchange.nagios.org/directory/P ... pl/details

Once you have crafted the appropriate check (or checks) on your remote box, report back with what they look like and we'll take it from there.

[maddev]

Hi Jolson,

Thank you for the response.

check_log3 seems great and feature rich; I am going to move forward with this. I have copied the check_log3 to one of my linux node; please see below the output for a basic check command executed locally on the node.

Code: Select all

 ./check_log3.pl -l /var/log/messages -p error -p warning
WARNING: Found 1 lines (limit=1/0): May 26 03:43:35 testbox00 ndo2db: mysql_error: 'MySQL server has gone away'|lines=1

I am not able to get the same executed through NRPE;
below is what I did in CM new service
check command: check_nrpe
arg1 : check_log3.pl
arg2 : -a '-l /var/log/messages -p a'

Output seems to be as below

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_nrpe -H testbox -t 30 -c check_log3.pl -a '-l /var/log/messages -p a'
OUTPUT: NRPE: Command 'check_log3.pl' not defined

I did not do any changes in nrpe.cfg or any other files for that matter

[tmcdonald]

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_nrpe -H testbox -t 30 -c check_log3.pl -a '-l /var/log/messages -p a'
OUTPUT: NRPE: Command 'check_log3.pl' not defined

I did not do any changes in nrpe.cfg or any other files for that matter

https://assets.nagios.com/downloads/nag ... utions.pdf

Bottom of page 9.

[maddev]

Thank you very much tmcdonald. I was able to configure log monitoring successfully on linux.

How to achieve the same in windows machines where I use nsclient++

[jdalrymple]

That would be a new topic as nsclient++ has it's own event log monitoring built in. I'm assuming that's what you want?

Code: Select all

[/modules]
CheckEventLog = 1

Is it OK to lock this one?

[maddev]

No; What I am looking for is monitoring application log files in windows for patterns as we just did on linux using log3.pl

[jolson]

What I am looking for is monitoring application log files in windows for patterns as we just did on linux using log3.pl

You can definitely use check_log3.exe, which can be downloaded here - this can be called through NSClient and monitors flat files for strings: http://sourceforge.net/projects/pma-oss ... s-plugins/

If you're talking about Windows event logs, that's a little bit different. NSClient can be used to monitor event logs: http://docs.nsclient.org/reference/CheckEventLog.html

Let us know if you need additional help!

[maddev]

Hi Jolson,

Link for check_log3 is good, documentation is extensive. But I am not that nagios aware. Can you guide me through where should I place the check_log2.exe, which files to modify and what should be the configuration in XI service

[jdalrymple]

Add this to your nsclient.ini:

Code: Select all

[/modules]
CheckExternalScripts = 1
[/settings/external scripts/scripts]
check_nsclient_log=scripts\check_nsclient_log.bat

Create scripts\check_nsclient_log.bat with the following contents:

Code: Select all

"c:\Program Files\NSClient++\scripts\check_log3.exe" -l "c:\Program Files\NSClient++\nsclient.log" -p "Failed"

Copy check_log3.exe to scripts\

Code: Select all

[jdalrymple@localhost libexec]$ ./check_nrpe -H <winhost> -c check_nsclient_log

C:\Program Files\NSClient++>"c:\Program Files\NSClient++\scripts\check_log3.exe" -l "c:\Program Files\NSClient++\nsclient.log" -p "Failed"
WARNING: Found 3 lines (limit=1/0): 2015-05-28 12:27:15: error:D:\source\nscp\include\nscapi\nscapi_core_helper.cpp:95: Failed to execute command: help|'lines'=3
[jdalrymple@localhost libexec]$ ./check_nrpe -H <winhost> -c check_nsclient_log

C:\Program Files\NSClient++>"c:\Program Files\NSClient++\scripts\check_log3.exe" -l "c:\Program Files\NSClient++\nsclient.log" -p "Failed"
OK: Found 0 lines (limit=1/0): No matches found.|'lines'=0

Simple example - adjust to suit your needs.