Grep Logfile on RHEL Server

[stonkers]

Several years ago, we had an older version of nagios set up and it would grep our WebSphere logs for occurrences of specific strings and alert us if they had been entered. In fact, it would send us an alert if one string was found and a recovery if another was found. With the latest version of nagiosxi, we have a new administrator who is having trouble finding this functionality. I would assume this to be a highly sought after alert. Can someone point me in the right direction. Note that in the old world we were on AIX and are now on RHEL if that makes a difference. Thanks!

[npolovenko]

Hi, @stonkers.
Try running the following command from the command line:

/usr/local/nagios/libexec/check_log -F /var/log/messages -O /tmp/oldlog -q Session

Replace /var/log/messages with the log file that you want to search for a string, and replace -q with a sting that you're looking for.
The plugin will either return:

Code: Select all

Log check ok - 0 pattern matches found

If no new occurrences of the string happened.
Or it will actually return the line containing the string.

[stonkers]

Thanks npolovenko! When I run this, I get a copy of the log file as /tmp/oldlog and the following result:

[tmp]$ /usr/local/nagios/libexec/check_log -F /var/log/applogs/app_1/SystemOut.log -O /tmp/oldlog -q Error
Log check data initialized...
[tmp]$

The string exists in the file several times.

[npolovenko]

@stonkers, Yep, the copy is supposed to get created. Run the same command one more time and you should get a different message.

[stonkers]

Actually, as root, I get better results but not correct:

[root@machine ~]# /usr/local/nagios/libexec/check_log -F /var/log/applogs/app_1/SystemOut.log -O /tmp/oldlog -q Error
Log check ok - 0 pattern matches found
[root@machine ~]# grep Error /var/log/applogs/app_1/SystemOut.log
at com.versata.tl.vfc.servlet.PLSServlet.handleServerDownError(PLSServlet.java:513)
at com.versata.tl.vfc.servlet.PLSServlet.handleServerDownError(PLSServlet.java:513)
[root@nn200was001 ~]#

What am I doing wrong? Thanks!

[stonkers]

Oh, I get the reason for the copy. It wants to only include new occurrences...

[npolovenko]

@stonkers, Correct. Were you looking for a plugin that shows how many occurences are in a particular log file instead?

[stonkers]

Nope, this is exactly what I'm looking for. I want it to watch for specific errors to occur and alert me when they do. However, it isn't working. When I tell it to look for the occurrence of "Error" it says "0 pattern matches". When I grep, I see 2 pattern matches. Any clue why it's missing the matches? Oh wait, I get it. It's because the pattern matches exist in /tmp/oldlog already. If I clear that file I should get better results. Let me test that theory. Thanks!

[stonkers]

Yep, that was the case, thanks @npolovenko!

So one more question. How would my nagios admin (also very new at this) set up a call in nagios for this exact same query? Thanks!!!

[npolovenko]

@stonkers, Glad you figured it out. To add this command to XI:
1. Create a new command in Core Configurations Manager

Untitled.png

2. Assign the command to a localhost service check.

Untitled2.png