check_logfiles Problem

[abdelhafeth.mzahem]

Dears
We are monitoring log file and it seems Nagios make full scan on the log file every time it make checks so the notification on the same error received more than one time.

How We can change the read mode from always read from the beginning of the file to read from last position.

Best Regards

[Box293]

What plugin are you using? Can you please post a command line example of plugin with all the arguments.

[abdelhafeth.mzahem]

Hello


here is the service command we are using :


$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_logfiles -a "--logfile=D:\\TopupServiceLogs\\`date +%Y%m%d`-Actions.log --rotation=\d{2}\d{2}\d{2}-Actions.log --criticalpattern=ERROR --noprotocol --criticalthreshold=1 --type=virtual"

[Box293]

I'm assuming you're doing this through NSClient++ however there are some options there I am not familiar with such as --rotation.

Is this "check_logfiles" a custom plugin being run by NSClient++? Can you post a link to it?

[abdelhafeth.mzahem]

Here is the link for the check_logfiles plugin

https://exchange.nagios.org/directory/P ... es/details

we are using nrpe

[ssax]

Most likely it's because you ran it as root from the command line before and now the nagios user cannot access the seek file/dir.

When running plugins, make sure that you "su - nagios" before testing them.

Post the output of these commands:

Code: Select all

ls -l /var/tmp/check_logfiles
ls -ld /var/tmp/check_logfiles

If that is the proper directory, you might want to (as root):

Code: Select all

chown -R nagios.nagios /var/tmp/check_logfiles
rm -rf /tmp/check_logfiles*

Then it should work.

[abdelhafeth.mzahem]

Dear Sir
thank you for reply, it is working fine, but my question is how to change the read file mode

1- Read file from the beginning always.
2- Read file from the beginning First time then from the last position.
3- Read File From the last position.

[Box293]

From the plugin website:

In principle check_logfiles scans a log file until the end-of-file is reached. The offset will then be saved in a so-called seekfile. The next time check_logfiles runs, this offset will be used as the starting position inside the log file. In the event that a rotation has occurred in the meantime, the rest of the rotated archive will be scanned also.

Please re-read ssax's post, run the commands he requested and post back the output.

[abdelhafeth.mzahem]

Hi,

I read the post. We run the plugin using the Nagios HTTP Console not from the SSH console. and the results are attached.

the command we use always check file from the beginning, what we must do to keep the off-set and prevent read file from the beginning ?


I did what ssax ask:

[root@nms ~]# ls -l /var/tmp/check_logfiles
ls: cannot access /var/tmp/check_logfiles: No such file or directory
[root@nms ~]#
[root@nms ~]# ls -ld /var/tmp/check_logfiles
ls: cannot access /var/tmp/check_logfiles: No such file or directory
[root@nms ~]# chown -R nagios.nagios /var/tmp/check_logfiles
chown: cannot access `/var/tmp/check_logfiles': No such file or directory
You have new mail in /var/spool/mail/root
[root@nms ~]#
[root@nms ~]# rm -rf /tmp/check_logfiles*
[root@nms ~]#

[Box293]

When you use the "Test Check Command" button this is executing it as the "apache" user instead of the "nagios" user (this is what the monitoring engine runs as).

This is going to cause problems with the seek file which keeps a record of where it is up to.

Can you run the command from the ssh session as follows:

Code: Select all

su nagios
/usr/local/nagios/libexec/check_nrpe -H charging-op -c check_logfiles -a etc ect as per the screenshot you provided

This will execute it as the nagios user. Post back the results.