Getting issue with check_logfile plugin

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
ericssonvietnam
Posts: 239
Joined: Mon Jun 27, 2016 11:05 pm

Getting issue with check_logfile plugin

Post by ericssonvietnam »

I am using the below configuration file in order to generate the alert for the mentioned pattern but it is not giving the alert as mentioned threshold count.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++===

Code: Select all

[ericsson@euc-3-3-uc-00-0 conf]$ cat Error_code_404.conf
$seekfilesdir = '/home/ericsson/logfile_basedir/tmp';
$protocolsdir = '/home/ericsson/logfile_basedir/tmp';
$scriptpath = '/home/ericsson/bin';
#$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };
@searches = (
        {
                tag => 'Error_code_404',
                criticalpatterns => ['HTTP/1.1" 404'] ,
                logfile =>'/opt/universalcache/logs/access.log',
                #options => 'sticky=1800,noprotocol,report=long,allyoucaneat',
                rotation => 'REDHAT',
                #warningthreshold => 100,
                criticalthreshold => 3500
        }
);
++++++++++
check interval 3 minutes

Code: Select all

-C "sudo /home/ericsson/bin/check_logfiles -f /home/ericsson/logfile_basedir/conf/Error_code_404.conf"
-t 60 -o StrictHostKeyChecking=no -l ericsson -E
++++++++++++++++++++++++++++++++++++++++++++
let me know if i am missing anything in configuration file.let me know if you required logfile to verify the same.
Last edited by dwhitfield on Fri Feb 09, 2018 4:03 pm, edited 1 time in total.
Reason: code blocks FTW
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Getting issue with check_logfile plugin

Post by cdienger »

It looks like you just need to escape the quotes in the pattern. Try:

criticalpatterns => ['HTTP/1.1\" 404'] ,
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
ericssonvietnam
Posts: 239
Joined: Mon Jun 27, 2016 11:05 pm

Re: Getting issue with check_logfile plugin

Post by ericssonvietnam »

cdienger wrote:It looks like you just need to escape the quotes in the pattern. Try:

criticalpatterns => ['HTTP/1.1\" 404'] ,
After changing the pattern as well i am getting alert at very less count can you suggest how can i fix this as it is pending from long time

Below is how i have done the analysis for the check.
Alerts which are mentioned in state history i have observed that check interval is 3 min but time large time difference between OK pattern and alert generated if i am calculating the count in between the OK pattern and alert that only it is crossing the threshold defined
2/9/2018 4:24 EUC-3-3-UC00-0 Error_code_403 1 CRITICAL HARD 1 1 OK OK CRITICAL - (1 errors in Error_code_403.protocol-2018-02-09-04-24-51) - - CDN 1.152.111.190 203.36.130.179 racingviconlinehlslive3968.ngcdn.telstra.com - - - [08/Feb/2018:17:24:43.826 +0000] GET /out/u/protected/rcnsyn-mo-000-c3063-delpkg1-delogg1-abr1/63"
2/9/2018 3:25 EUC-3-3-UC00-0 Error_code_403 1 OK HARD 1 1 CRITICAL CRITICAL OK - no errors or warnings
2/9/2018 3:22 EUC-3-3-UC00-0 Error_code_403 1 CRITICAL HARD 1 1 OK OK CRITICAL - (1 errors in Error_code_403.protocol-2018-02-09-03-22-23) - - CDN 110.140.95.84 203.36.130.179 racingviconlinehlslive3968.ngcdn.telstra.com - - - [08/Feb/2018:16:19:48.717 +0000] GET /out/u/protected/rcnsyn-mo-000-c3063-delpkg1-delogg1-abr1/63"
2/9/2018 2:25 EUC-3-3-UC00-0 Error_code_403 1 OK HARD 1 1 CRITICAL CRITICAL OK - no errors or warnings
2/9/2018 2:22 EUC-3-3-UC00-0 Error_code_403 1 CRITICAL HARD 1 1 OK OK CRITICAL - (1 errors in Error_code_403.protocol-2018-02-09-02-22-56) - - CDN 110.140.95.84 203.36.130.179 racingviconlinehlslive3968.ngcdn.telstra.com - - - [08/Feb/2018:15:22:19.827 +0000] GET /out/u/protected/rcnsyn-mo-000-c3063-delpkg1-delogg1-abr1/63"
2/9/2018 1:35 EUC-3-3-UC00-0 Error_code_403 1 OK HARD 1 1 CRITICAL CRITICAL OK - no errors or warnings

let me know if you require something else
Analysis done is as shown below.
########################################
Alert
2/9/2018 3:22 EUC-3-3-UC00-0 Error_code_403 1 CRITICAL HARD 1 1 OK OK CRITICAL - (1 errors in Error_code_403.protocol-2018-02-09-03-22-23) - - CDN 110.140.95.84 203.36.130.179 racingviconlinehlslive3968.ngcdn.telstra.com - - - [08/Feb/2018:16:19:48.717 +0000] GET /out/u/protected/rcnsyn-mo-000-c3063-delpkg1-delogg1-abr1/63"
2/9/2018 2:25 EUC-3-3-UC00-0 Error_code_403 1 OK HARD 1 1 CRITICAL CRITICAL OK - no errors or warnings
###########################################
Logfile count in 3 min befor alert generation
[evigaur@chw-com0-nagfm-00 ~]$ sed -n '/2018:16:15/,/2018:16:20/p' /home/evigaur/access.1518102601.11723.log > /home/evigaur/logtime2.txt
[evigaur@chw-com0-nagfm-00 ~]$ grep -i "403" logtime2.txt |wc -l
412
#############################################################
If i am taking the logs for the time window of one hour is giving me the alert above threshold value am suspecting that check is not taking the data for the 3 min time interval
[evigaur@chw-com0-nagfm-00 ~]$ sed -n '/2018:15:20/,/2018:16:20/p' /home/evigaur/access.1518102601.11723.log > /home/evigaur/logtime2-new.txt
[evigaur@chw-com0-nagfm-00 ~]$ grep -i "403" logtime2-new.txt |wc -l
4077
++++++++++++++++++++++++++++++++++++++++++++++++++
Can you suggest how i can fix this ASAP as its pending from long time.
Hope will get the fix ASAP Let me know if you required anything else form my side.
Top
kyang

Re: Getting issue with check_logfile plugin

Post by kyang »

Can you suggest how i can fix this ASAP as its pending from long time.
Is this service pending from this plugin correct? Was it like this before, or did it happen after you made changing the pattern?

Could you give us a screenshot just to be sure?
Top
Locked

Return to “Nagios XI”