Logs Monitoring

[haile711]

Hey guys,
I'm trying to use the following link from Nagios to do a log monitoring. My -p 'OutOfMemory' -p 'deadlock' and such, the issue is within the same server I have 20 logs to monitor. All these get written to /tmp/Seek.log. So everytime, I issue the check command. The Seek.log is from a different logs, meaning I everytime i check for these parameter it check for the whole entire logs, instead from the last check entry. I hope this make sense. I am using nrpe agent to do the monitoring on the log. If anyone know a better way to handle this, please help me out or give me some suggestion. I have could point to a different seek.log everytime, but i have 24 logs per server and i have 25 servers for one environment. Thanks you everyone in advance.

https://exchange.nagios.org/directory/P ... pl/details

[jolson]

The Seek.log is from a different logs, meaning I everytime i check for these parameter it check for the whole entire logs, instead from the last check entry.

This is where things get a little confusing for me.

Do you want to:

A) Check the logfile from the beginning every time?

or

B) Check the logfile from the last check entry?

In terms of advanced log monitoring, I'm a big advocate of Nagios Log Server, which allows you to store up to 500MB of logs per day for free.

Your procedure overall seems fine - do you have 25 seperate checks per server, looking at the same log file for different strings? This process could be simplified by separating the logs into distinct files (Seek.log, Seek1.log, etc).

[haile711]

to jolson,
I want to check the logfile from the last entry. I have already thought of separating the seek.log to multiple seek1.log, but with this I cannot automate with the nrpe agent deployment. since i have already specified in the nrpe.cfg as follow

Code: Select all

command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a

There are 25 logfiles within 1 server just with different location, and within each log im searching for the above strings.
Example,
/a/SystemOut.log
/b/SystemOut.log
/c/SystemOut.log

and they all "SystemOut.log" therefore the seek.log is always "SystemOut.log.seek"

and from Nagios server im calling

Code: Select all

./check_nrpe -H xxx -c check_log -a '/a/SystemOut.log'

[jolson]

You are capable of explicitly defining a seekfile using the '-s' option. Try changing your command definitions to something like this:

Code: Select all

command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -s /tmp/Seeklog1 -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a

Code: Select all

command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -s /tmp/Seeklog2 -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a

Let me know if this allows you to generate seperate seekfiles. You will need to ensure that the 'nagios' user has appropriate rights to the /tmp directory, or you could use a different directory completely.

[haile711]

To jolson,
Thanks your for ure suggestion, that would be my last resource to tackle this task.

[jolson]

That sounds good - let me know if it works out for you. Thanks!