Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Create Parser Nagios

https://support.nagios.com/forum/viewtopic.php?t=32982

Page 1 of 1

Create Parser Nagios

Posted: Wed May 20, 2015 10:58 am
by rubensc79
I have to do a parser to create an alert for the following logs but do not know how.

You can help me.

Log lines are ...

[1423038266] Unable to send check for host 'Server1' to worker (ret=-2)
[1423038266] Unable to send check for host 'Server2' to worker (ret=-2)
[1423007052] Unable to run check for service 'PING' on host 'Server3'

Thanks...

Re: Create Parser Nagios

Posted: Wed May 20, 2015 10:59 am
by jolson
Are these logs arriving in Nagios Log Server already? If so, are the lines that you have reported available in the 'Message' field?

Re: Create Parser Nagios

Posted: Wed May 20, 2015 7:26 pm
by Jklre
rubensc79 wrote:I have to do a parser to create an alert for the following logs but do not know how.

You can help me.

Log lines are ...

[1423038266] Unable to send check for host 'Server1' to worker (ret=-2)
[1423038266] Unable to send check for host 'Server2' to worker (ret=-2)
[1423007052] Unable to run check for service 'PING' on host 'Server3'

Thanks...
I had a bit of trouble with the learning curve for some crazy log files. I detailed what I did to get them running in the below thread.

http://support.nagios.com/forum/viewtop ... 37&t=31227

Here is the recap i hope it helps:

re-cap for anyone else interested in this:

I had to create the custom grok rules in a file in the "/usr/local/nagioslogserver/logstash/patterns/" folder

Create a file and create whatever custom rules I want.

ruleName regex-match (1 per line) example :
COMPANY_CODE (CoCode=[A-Z0-9]{2}|coCode=[A-Z0-9]{2})

Then when I create the input filter I need to have the grok rules as %{CustomGrokRule:Whatever_I_want_the_table_to_be_named}

if [type] == 'syslog' {
grok {
patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/."
match => [ 'message', '%{SYSLOG5424PRI}%{MITCH_HOST:Mitch_host}%{DATA:syslog_message}%%{CSTTERROR:CSTTError}%%%{MITCHERRORNUM}%%%{MITCHPRIORITY:Mitch_Priority}%%%{MITCH_ORG_HOST:Mitch_org_host}%{MITCHPROG:Mitch_prog}%{MITCHTIME:Mitchell_time}%{MITCHMESSAGE:Mitch_Message}%{MITCHMESSAGE2:Mitch_Message1}' ]
}
}

Grok Debugger
https://grokdebug.herokuapp.com/

Regex helper
http://regexpal.com/

Re: Create Parser Nagios

Posted: Thu May 21, 2015 9:19 am
by jolson
Thanks Jklre. rubensc79, I will await any further questions that you have.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited