Passive Check for a Windows File - Log Parsing

[ecarrasq]

Linux Distribution and version? CentOS, 2.6.18-308.8.2.el5PAE
32 or 64bit? 32bit
VMware Image or Manual Install of XI? VMware Image
Are there specials configurations on your system, ie; is Gnome installed? No
Are you using a proxy? No
Are you using SSL? No
Nagios Version? NagiosXi 2001R3.1


Issue:

We need to do a passive check to "parse" and alert on key words such as "Error", "Fail", "Down", "Up" on a Windows File.

Tibco Hawk is the monitoring tool that monitors Tibco applications. When it detects an error, it can send the output to a file in Windows. We would like to use Nagios to monitor that file and send notifications based on different key words found in the file.

Please provide me with instructions on how to do this.

Thank you,
Eddie

[yancy]

ecarrasq,

Here is a log parse plugin that has a windows executable

http://exchange.nagios.org/directory/Pl ... es/details

you can use this in conjunction with a passive windows agent such as NRDS_win:

http://exchange.nagios.org/directory/Ad ... in/details


Regards,

-Yancy

[ecarrasq]

I need help in getting all this to work. I did the following, but I'm stumped:


1. downloaded nrds_win from:
http://exchange.nagios.org/directory/Ad ... in/details

2. Installed NRDS_win.exe
3. Go to the installation directory. example: C:\Program Files (x86)\Nagios\NRDS_win
4. Open the "ReadMe.txt" file for instructions.
5. Modified the Config.ini file accordingly with the NagiosXI URL, Token, etc….

***********************************************************************
Check_logfiles

6. downloaded check_logfiles plugin from: http://labs.consol.de/nagios/check_logfiles/

at the bottom of the page:

• check_logfiles-3.5.1.tar.gz
• check_logfiles-3.5.1.zip

If you use nsclient++ under Windows, the entry in the NSC.ini looks like that:
check_logfiles=C:\Perl\bin\perl C:\libexec\check_logfiles --config $ARG1$

This entry is not in the NSC.ini file.

Under Windows you build the plugin with perl winconfig.pl. This will result in plugins-scripts/check_logfiles.

How would I do this?

The file README.exe contains instructions how to build a Windows ninary check_logfiles.exe.

I cannot run this README.exe file on a 64bit Windows OS.

Is there a simpler method of achieving?

"to do a passive check to "parse" and alert on key words such as "Error", "Fail", "Down", "Up" on a Windows File."

[yancy]

Eddie,

Have you been successful in running check_logfiles from the command line?


-Yancy

[ecarrasq]

?

We need to do a passive check to "parse" and alert on key words such as "Error", "Fail", "Down", "Up" on a Windows File.

Tibco Hawk is the monitoring tool that monitors Tibco applications. When it detects an error, it can send the output to a file in Windows. We would like to use Nagios to monitor that file and send notifications based on different key words found in the file.

Please provide me with detailed instructions on how to do this.

Thank you

[yancy]

ecarrasq,

Let's make sure your check_logfiles works. Then we can setup your passive agent

check_logfiles can use a configuration file or take command line arguments. A simple example from the windows command line would be:

Code: Select all

check_logfiles -logfile=c:\tmp\NRDS_debug.log --tag=NRDS -criticalpattern="ERROR" --type virtual

in this example:
- the test logfile is c:\tmp\NRDS_debug.log
- the keyword we are scanning for is "ERROR"

feel free to change those for your logfile.

note that I added --type virtual at the end. This forces check_logfiles to check the ENTIRE file. In a normal environment you wouldn't want to include this, because new lines are being added to the logfile, so you would only want to know what is "new".

Regards,

-Yancy

[ecarrasq]

Thank you very much for the detailed instructions, as I think I got that piece working <see attached screenshot>

parse_log.jpeg

1. I created a test.log file with the words "test555" in it, and edited your command string.

What should the next steps be in getting a "Passive Check" setup to parse for certain words and alerts when they are found?

Thank you,
Eddie

[yancy]

ecarrasq,

I'm glad you found the instructions helpful!

Next install the NRDS component:

download:
http://assets.nagios.com/downloads/nagi ... anager.zip

-http://nagiosip/nagiosxi/admin/
-select manage components on the left hand side
-upload nrds

run post install (SSH to Nagios machine and run the following)

Code: Select all

cd /usr/local/nagiosxi/html/includes/components/nrdsconfigmanager 
chmod +x installnrds
./installnrds

Lastly, enable passive checks
http://nagiosip/nagiosxi/admin/
select "inbound transfers" and create a password on NSCA tab

At this point Nagios is ready to recieve passive checks.
NRDS config manager will have the download link for NRDS windows agent.


To configure your checks, use NRDS config manager:

http://nagiosip/nagiosxi/admin
select "NRDS Core Config"

Here an example plugin command for check_logfiles:
command[check_logfiles] = $PLUGIN_DIR$\check_logfiles.exe -logfile=c:\tmp\NRDS_debug.log --tag=NRDS -criticalpattern = "ERROR"

Note: you'll also need to place your plugin in "/usr/local/nrdp/plugins/plugins"

[ecarrasq]

I did the following, but received an error:

Completed:

download: http://assets.nagios.com/downloads/nagi ... anager.zip

Completed:

http://nagiosip/nagiosxi/admin/ > -select manage components on the left hand side > -upload nrds

Completed:

run post install (SSH to Nagios machine and run the following)

Code: Select all
cd /usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
chmod +x installnrds
./installnrds

Error was received after I ran ./installnrds:

100%[======================================>] 19,399,006 3.37M/s in 5.8s

2012-08-23 13:13:33 (3.16 MB/s) - “nrds.tar.gz.2” saved [19399006/19399006]

./installnrds: line 23: cd: nrds: No such file or directory
root@nagios:/usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
#

[ecarrasq]

k, I deleted the older nrds:

# rm nrds.*
rm: remove regular file `nrds.tar.gz'? y
rm: remove regular file `nrds.tar.gz.1'? y
rm: remove regular file `nrds.tar.gz.2'? y

Re-ran the following:

# cd /usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
root@nagios:/usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
# chmod +x installnrds
root@nagios:/usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
# ./installnrds

Output:

root@nagios:/usr/local/nagiosxi/html/includes/components/nrdsconfigmanager
# ./installnrds
--2012-08-23 13:33:47-- http://assets.nagios.com/downloads/nrdp/nrds.tar.gz
Resolving assets.nagios.com... 72.14.181.71
Connecting to assets.nagios.com|72.14.181.71|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19399006 (18M) [application/x-gzip]
Saving to: “nrds.tar.gz”

100%[=======================================================================>] 19,399,006 4.39M/s in 4.6s

2012-08-23 13:33:52 (4.02 MB/s) - “nrds.tar.gz” saved [19399006/19399006]


##################################
#
# Adding NRDS to NRDP Server
#
##################################

copying files...
Updating permissions...
updating NRDP server config...

##################################
#
# NRDS update complete.
# You will also want to install the NRDS Config Manager
# component if you have not done so already.
#
##################################

INSTALATION FAILED: Expected /usr/local/nrdp/clients/nrds/nrds.sh to exist