check_log

[pccwglobalit]

we need to check string in /var/log/secure e.g. Invalid and Failed etc.
i have added the below to /etc/sudoers.d/11-nagios

Defaults:nagios !requiretty
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_log

and then i add nrpe cfg in /usr/local/nagios/etc/nrpe/log.cfg
command[check_syslog]=sudo /usr/local/nagios/libexec/check_log -F /var/log/secure -O /tmp/invalid -q Invalid

i then restarted xinetd.

after that, when i check the log using nrpe, it gave the following
/usr/local/nagios/libexec/check_nrpe -H 192.168.88.2 -c check_syslog
(1) < May 24 09:10:01 nls sudo: nagios : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/nagios/libexec/check_log -F /var/log/secure -O /tmp/invalid -q Invalid

The log will have some wording e.g. Failed, Invalid but seems it will not check and prompt.

please help to see what i am missing.
thanks

[rkennedy]

From the remote machine, can you execute sudo /usr/local/nagios/libexec/check_log -F /var/log/secure -O /tmp/invalid -q Invalid as the nagios user and post the full input / output?

[pccwglobalit]

it will be same result as local.

[rkennedy]

Does it execute properly though? I'd like to see the full output returned, because usually something like this is related to permissions.