Linux log monitor via ncpa

[preethu.d]

Hi Team,

Is it possible to monitor Linux logs in Nagios for identifying critical errors ? If yes, how this can be done ?
(Linux servers added via ncpa)

Regards,
Preethu

[pbroste]

Hello @preethu.d

Thanks for reaching out about monitoring log events.

In researching the plugin exchange we see several to select from, for this example: 'check_logfiles'.

check_logfiles-4.0.1.3]# /usr/local/nagios/libexec/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
--criticalpattern=<regexp> --warningpattern=<regexp>

Example Config -f <configfile>:

@searches = (
{
tag => 'CRITICAL',
logfile => '/var/log/messages',
criticalpatterns => [
'CRITICAL',
'Incorrect credentials given',
],
});

Example executed:

# /usr/local/nagios/libexec/check_logfiles --logfile /var/log/messages -f check_logfile.cfg
CRITICAL - (5 errors in check_logfile.protocol-2022-02-22-10-56-00) - Feb 22 10:54:11 localhost nagios[61948]: SERVICE NOTIFICATION: nagiosadmin;192.168.23.205;Swap Usage;CRITICAL;xi_service_notification_handler;

Move check_logfiles to the plugins directory and adjust the file ownership on the device that is executing the 'check_logfiles' from the plugin directory.

Code: Select all

chown nagios:nagios /usr/local/ncpa/plugins/check_logfiles

Verify the plugin directly via shell on device:

Code: Select all

/usr/local/ncpa/plugins/check_logfiles --help

Then verify via 'check_ncpa' directly from the Nagios XI server by:

Code: Select all

su -l nagios
/usr/local/nagios/libexec/check_ncpa.py -H <hostaddresshere> -t <yourtokenhere> -M plugins/check_logfiles  --logfile /var/log/messages -f check_logfile.cfg

Thanks,
Perry

[preethu.d]

Hi Perry,

Thanks for sharing the details.
You can lock the thread.

Regards,
Preethu

[pbroste]

Hello @preethu.d

Will do, and thanks for following up.

Thanks,
Perry