Page 1 of 1
Logs Monitoring
Posted: Mon Aug 24, 2015 1:31 pm
by haile711
Hey guys,
I'm trying to use the following link from Nagios to do a log monitoring. My -p 'OutOfMemory' -p 'deadlock' and such, the issue is within the same server I have 20 logs to monitor. All these get written to /tmp/Seek.log. So everytime, I issue the check command. The Seek.log is from a different logs, meaning I everytime i check for these parameter it check for the whole entire logs, instead from the last check entry. I hope this make sense. I am using nrpe agent to do the monitoring on the log. If anyone know a better way to handle this, please help me out or give me some suggestion. I have could point to a different seek.log everytime, but i have 24 logs per server and i have 25 servers for one environment. Thanks you everyone in advance.
https://exchange.nagios.org/directory/P ... pl/details
Re: Logs Monitoring
Posted: Mon Aug 24, 2015 3:55 pm
by jolson
The Seek.log is from a different logs, meaning I everytime i check for these parameter it check for the whole entire logs, instead from the last check entry.
This is where things get a little confusing for me.
Do you want to:
A) Check the logfile from the beginning every time?
or
B) Check the logfile from the last check entry?
In terms of advanced log monitoring, I'm a big advocate of
Nagios Log Server, which allows you to store up to 500MB of logs per day for free.
Your procedure overall seems fine - do you have 25 seperate checks per server, looking at the same log file for different strings? This process could be simplified by separating the logs into distinct files (Seek.log, Seek1.log, etc).
Re: Logs Monitoring
Posted: Tue Aug 25, 2015 8:40 am
by haile711
to jolson,
I want to check the logfile from the last entry. I have already thought of separating the seek.log to multiple seek1.log, but with this I cannot automate with the nrpe agent deployment. since i have already specified in the nrpe.cfg as follow
Code: Select all
command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a
There are 25 logfiles within 1 server just with different location, and within each log im searching for the above strings.
Example,
/a/SystemOut.log
/b/SystemOut.log
/c/SystemOut.log
and they all "SystemOut.log" therefore the seek.log is always "SystemOut.log.seek"
and from Nagios server im calling
Code: Select all
./check_nrpe -H xxx -c check_log -a '/a/SystemOut.log'
Re: Logs Monitoring
Posted: Tue Aug 25, 2015 12:15 pm
by jolson
You are capable of explicitly defining a seekfile using the '-s' option. Try changing your command definitions to something like this:
Code: Select all
command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -s /tmp/Seeklog1 -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a
Code: Select all
command[check_log]=/usr/local/nagios/libexec/check_log3.pl -l $ARG1$ -s /tmp/Seeklog2 -p 'DB2 SQL Error' -p 'User ID revoked' -p 'OutOfMemory' -p 'WSVR0606W' -p 'SQLCODE=-913' -p 'Services/GetItemAvailabilitySVC failed due to RMI Exception' -p 'com.ibm.websphere.ce.j2c.ConnectionWaitTimeoutException' -p 'XFILI393 : INVALID FILSTRS-STAT' -p 'XFILB163 LN-ERR: TAXWARE FILES I/O ERRORS' -a
Let me know if this allows you to generate seperate seekfiles. You will need to ensure that the 'nagios' user has appropriate rights to the /tmp directory, or you could use a different directory completely.
Re: Logs Monitoring
Posted: Wed Aug 26, 2015 10:02 am
by haile711
To jolson,
Thanks your for ure suggestion, that would be my last resource to tackle this task.
Re: Logs Monitoring
Posted: Wed Aug 26, 2015 10:41 am
by jolson
That sounds good - let me know if it works out for you. Thanks!