log file monitoring

[lmiltchev]

Another simple example:

1. Place the "check_log3.exe" file in the NSClient++ scripts directory.

2. Define a command in the nsclient.ini (under [/settings/external scripts/scripts] section):

Code: Select all

check_log3 = scripts\check_log3.exe -l "c:\test.log" -p "failed"

Note: I copied over an old nsclient.log file to c: and renamed it to "test.log".

3. Test it from the CLI:

Code: Select all

[root@testbox libexec]# ./check_nrpe -H x.x.x.x -c check_log3
WARNING: Found 14757 lines (limit=1/0): 2015-05-13 15:58:51: error:D:\source\nscp\modules\CheckSystem\check_pdh.cpp:242: Exception in Failed to poll counter: \LogicalDisk(D:)\%Free Space PdhAddCounter failed: c0000bb9: The specified counter cou|'lines'=14757d.

You can probably play with different flags, hardcode your command or use args if needed. If you use args, you can run:

Code: Select all

./check_nrpe -H x.x.x.x -c check_log3 -a 'arg1 arg2...'

I am not sure if all of the flags with work with the "check_log3.exe" that work with "check_log3.pl". Here's the "check_log3.pl" usage:

Code: Select all

check_log3.pl version 3.5a

Usage: check_log3.pl [ -h | --help ]
Usage: check_log3.pl [ -v | --version ]
Usage: check_log3.pl -l log_file -s seek_file -p pattern | -P patternfile
        [ -n negpattern | -f negpatternfile ]
        [ -e '{ eval block}' | -E filename ]
        [ --ok ] | ( [ -w warn_count ] [ -c crit_count ] )
        [ -i ]  [-d | -D ] [ -1 ] [ --context=[-|+]nn ]


This plugin scans arbitrary log files for regular expression matches.

-l, --logfile=<logfile>
    The log file to be scanned.
-s, --seekfile=<seekfile>
    The temporary file to store the seek position of the last scan.
-p, --pattern=<pattern>
    The regular expression to scan for in the log file.
-i, --case-insensitive
    Do a case insensitive scan.
-P, --patternfile=<filename>
    File containing regular expressions, one per line, which will be combined
    into an expression of the form 'line1|line2|line3|...'.
-n, --negpattern=<negpattern>
    The regular expression to skip in the log file.
-f, --negpatternfile=<negpatternfile>
    Specifies a file with regular expressions which all will be skipped.
-w, --warning=<number>
    Return WARNING if at least this many matches found.  The default is 1.
-c, --critical=<number>
    Return CRITICAL if at least this many matches found.  The default is 0,
    i.e. don't return critical alerts unless specified explicitly.
-d, --nodiff-warn
    Return WARNING if the log file was not written to since the last scan.
-D, --nodiff-crit
    Return CRITICAL if the log was not written to since the last scan.
-1, --stop-first-match
    Stop at the first line matched, instead of the last one.
--context=[-|+]<number>
    Output <number> lines of context before or after matched line; use -N for
    N lines before the match, +N for N lines after the match (if possible) or
    an unqualified number to get N lines before and after the match.
--ok
    Always return an OK status to Nagios.
-e, --parse
-E, --parse-file
    Perl 'eval' block to parse each matched line with (EXPERIMENTAL).  The code
    should be in curly brackets and quoted.  If the return code of the block is
    non-zero, the line is counted against the threshold; otherwise it isn't.

[maddev]

5666 port is not open on the windows machine; I am looking to see if this can be achieved using check_xi_nsclient

[jdalrymple]

This is what check_nt (check_xi_nsclient) can monitor:

Code: Select all

-v, --variable=STRING
   Variable to check

Valid variables are:
 CLIENTVERSION = Get the NSClient version
  If -l <version> is specified, will return warning if versions differ.
 CPULOAD =
  Average CPU load on last x minutes.
  Request a -l parameter with the following syntax:
  -l <minutes range>,<warning threshold>,<critical threshold>.
  <minute range> should be less than 24*60.
  Thresholds are percentage and up to 10 requests can be done in one shot.
  ie: -l 60,90,95,120,90,95
 UPTIME =
  Get the uptime of the machine.
  -l <unit>
  <unit> = seconds, minutes, hours, or days. (default: minutes)
  Thresholds will use the unit specified above.
 USEDDISKSPACE =
  Size and percentage of disk use.
  Request a -l parameter containing the drive letter only.
  Warning and critical thresholds can be specified with -w and -c.
 MEMUSE =
  Memory use.
  Warning and critical thresholds can be specified with -w and -c.
 SERVICESTATE =
  Check the state of one or several services.
  Request a -l parameters with the following syntax:
  -l <service1>,<service2>,<service3>,...
  You can specify -d SHOWALL in case you want to see working services
  in the returned string.
 PROCSTATE =
  Check if one or several process are running.
  Same syntax as SERVICESTATE.
 COUNTER =
  Check any performance counter of Windows NT/2000.
        Request a -l parameters with the following syntax:
        -l "\\<performance object>\\counter","<description>
        The <description> parameter is optional and is given to a printf
  output command which requires a float parameter.
  If <description> does not include "%%", it is used as a label.
  Some examples:
  "Paging file usage is %%.2f %%%%"
  "%%.f %%%% paging file used."
 INSTANCES =
  Check any performance counter object of Windows NT/2000.
  Syntax: check_nt -H <hostname> -p <port> -v INSTANCES -l <counter object>
  <counter object> is a Windows Perfmon Counter object (eg. Process),
  if it is two words, it should be enclosed in quotes
  The returned results will be a comma-separated list of instances on
   the selected computer for that object.
  The purpose of this is to be run from command line to determine what instances
   are available for monitoring without having to log onto the Windows server
    to run Perfmon directly.
  It can also be used in scripts that automatically create Nagios service
   configuration files.
  Some examples:
  check_nt -H 192.168.1.1 -p 1248 -v INSTANCES -l Process

[maddev]

Totally understand the limitations now. Thank you.