Nagios Support Forum

Posted: **Tue Jun 30, 2015 4:52 pm**

Ehamby,

I'm seeing complaints of this issue across the web with no sure resolution. Did you have any luck on your end?

Posted: **Tue Jun 30, 2015 7:05 pm**

It ran solid for awhile but crashed again today : \

Last email parsed,

Return-Path: <[email protected]>
Received: from localhost (redacted.net. [redacted])
by mx.google.com with ESMTPSA id m203sm33312930ywb.33.2015.06.30.09.16.51
for <[email protected]>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 30 Jun 2015 09:16:51 -0700 (PDT)
Message-ID: <40210.1193062379-sendEmail@localhost>
From: "[email protected]" <[email protected]>
To: "[email protected]" <[email protected]>
Subject: 0001 redacted: 30-06-15 12:16:55 R Z000 0102 SYST 001 SYSTEM |SMART HDD ALERT TEMP
Date: Tue, 30 Jun 2015 16:16:55 +0000
X-Mailer: sendEmail-1.56
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----MIME delimiter for sendEmail-282640.359903784"

This is a multi-part message in MIME format. To properly display this message you need a MIME-Version 1.0 compliant Email program.

------MIME delimiter for sendEmail-282640.359903784
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

0001 redacted: 30-06-15 12:16:55 R Z000 0102 SYST 001 SYSTEM |SMART HDD ALERT TEMP

------MIME delimiter for sendEmail-282640.359903784--

all logs from today in /var/log/logstash/logstash.log

{:timestamp=>"2015-06-29T21:55:27.307000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}

{:timestamp=>"2015-06-29T21:55:27.372000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}

{:timestamp=>"2015-06-29T21:55:27.407000-0400", :message=>"Using milestone 1 input plugin 'imap'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}

{:timestamp=>"2015-06-30T01:20:34.402000-0400", :message=>"A plugin had an unrecoverable error. Will restart this plugin.\n Plugin: <LogStash::Inputs::IMAP type=>\"mail\", host=>\"imap.gmail.com\", user=>\"[email protected]\", content_type=>\"text/plain\">\n Error: Bad file descriptor - Bad file descriptor", :level=>:error}

{:timestamp=>"2015-06-30T12:25:52.620000-0400", :message=>"A plugin had an unrecoverable error. Will restart this plugin.\n Plugin: <LogStash::Inputs::IMAP type=>\"mail\", host=>\"imap.gmail.com\", user=>\"[email protected]\", content_type=>\"text/plain\">\n Error: initialize: name or service not known", :level=>:error}

{:timestamp=>"2015-06-30T12:25:52.632000-0400", :message=>"syslog udp listener died", :address=>"0.0.0.0:5544", :exception=>#<SocketError: recvfrom: name or service not known>, :backtrace=>["/usr/local/nagioslogserver/logstash/lib/logstash/inputs/syslog.rb:119:in `udp_listener'", "org/jruby/RubyKernel.javain `loop'", "/usr/local/nagioslogserver/logstash/lib/logstash/inputs/syslog.rb:118:in `udp_listener'", "/usr/local/nagioslogserver/logstash/lib/logstash/inputs/syslog.rb:76:in `run'"], :level=>:warn}

I can also post emails from before and after the crash but it looks like they're all using the same Content-Type, charset, and encoding; they all look identical besides the subject line of the message. I can also give access but I understand this is an external plugin issue. It would be awesome if we could capture these events in NLS..

Supposing we're at a dead end, is there anyway to make a watchdog for the service that reboots it after a crash? I know this is a work around but I could run a standalone server just for the imap functionality that outputs to the NLS cluster. This way I don't lose data on the cluster from all my other sources.

Posted: **Wed Jul 01, 2015 11:09 am**

Supposing we're at a dead end, is there anyway to make a watchdog for the service that reboots it after a crash? I know this is a work around but I could run a standalone server just for the imap functionality that outputs to the NLS cluster. This way I don't lose data on the cluster from all my other sources.

Definitely. We can set up a simple script to watch for the logstash service. Run the following as the root user.

Change to home and create a watchdog script:

Code: Select all

cd ~
vi logstashwatchdog.sh
chmod +x logstashwatchdog.sh

Insert the following text:

Code: Select all

#!/bin/bash
/etc/init.d/logstash status > /dev/null
EXITC=$(echo $?)

if [ $EXITC != 0 ]; then
/etc/init.d/logstash restart
fi

All that is required now is to set up a cron job to run the script every minute or so.

Code: Select all

crontab -e

Insert the following:

Code: Select all

* * * * * /root/logstashwatchdog.sh

That should take care of logstash with a maximum downtime of about a minute. Does the above work for you?

Posted: **Wed Jul 01, 2015 11:24 am**

Thank you very much, this works for me.

The nice thing about the imap functionality is that logstash is logging into a mailbox, so if the server is down, I'm not losing data, just delaying the events from being parsed. I'll setup this script and run it for awhile. If you guys want to close this out feel free, I'm good on my end.

Posted: **Wed Jul 01, 2015 11:27 am**

No problem - I'll close the thread for now. Hopefully the imap plugin gets the update it deserves in the future!

Nagios Support Forum

imap input

Re: imap input

Re: imap input

Re: imap input

Re: imap input

Re: imap input