Alarms from log messages

[deepavaidya]

Hi,

We have got a requirement in Nagios Core, Can it be set up as a syslog server where the devices send their error logs and Nagios has to scan their syslog entries and alarms when it detects the entries we are interested in.

I can see many plugins, please can you suggest the best plugin which satisfies the above requirement.

[tmcdonald]

I don't think a single plugin can do this. You would need to install and configure syslog on the Nagios server and then a plugin could parse the logs. This plugin might be helpful.

[deepavaidya]

Hi,

We have installed check_logfiles-3.6.1 plugin. when we try to execute it, its not giving any output and seems to be hanged. Need to press Ctrl + c to get back to the prompt. Please find the OS and perl version.

OS version OEL 5U8
perl, v5.8.8 built for x86_64-linux-thread-multi

Cmd executed:

[root@oscs plugins-scripts]# ./check_logfiles --criticalpattern="RHINO" --logfile=/var/log/messages



But its working fine in another server. Please find the details below.
OS version OEL 5U3
perl, v5.8.8 built for x86_64-linux-thread-multi


Cmd executed:

[root@noas-smp1-fft-eu plugins-scripts]# ./check_logfiles --criticalpattern="RHINO" --logfile=/var/log/messages
CRITICAL - (75 errors in check_logfiles.protocol-2014-03-05-11-58-05) - Mar 5 11:57:46 noas-smp1-fft-eu nagios: Warning: The check of service 'RHINO-CLUSTER-NODE-201' on host 'AMS-SMP' looks like it was orphaned (results never came back). I'm scheduling an immediate check of the service... ...|default_lines=1228 default_warnings=0 default_criticals=75 default_unknowns=0


Please can you help us in troubleshooting this issue.

[deepavaidya]

I am getting this after a long time. Though there are matches found, its giving this.

OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0

[tmcdonald]

Do you in fact have a syslog server running on the nagios machine?

[deepavaidya]

Yes we have configured syslog in our server. But do we need it even for testing purpose ? I am just trying to test the plugin with the command specified in my previous post but it is getting hanged.

[tmcdonald]

You shouldn't need syslog for testing. What happens when you grep the logs for "RHINO"? Also, how large are the logfiles?

On each server, please run:

Code: Select all

grep "RHINO" /var/log/messages
ls -l /var/log/messages

and post the output

[deepavaidya]

Hi,

The plugin is working fine now. But is it possible to have ok patterns ? If it matches a pattern it should give CRITICAL and if it matches another pattern is should give OK. For example if it finds a pattern 'Rhino down' it should give Critical and if it finds a pattern 'Rhino Up' it should change from Critical to Ok. But when below command is given it doesn't work. It works only for --criticalpattern and --warningpattern

./check_logfiles --logfile=/var/log/messages --okpattern="xxx"

[sreinhardt]

There may not be an ok pattern flag. Especially if it has warning and critical patterns, would you want it to override the warning\critical if ok is found, or only return ok if that pattern is found. Basically you would be getting into some edge case usage logic as far as I can see, but you certainly could modify the plugin to your liking, or contact the original developer to request the changes.