Real-time logfile monitoring with space separator

[WillemDH]

Hello,

I'm supposed to know how the real-time capabilities of NSCLient++ works, but I can't figure out how to make it work with logfiles. Plese don't advise to send it to NLS, some of the lofiles are huge and we have no mulla to store all these logs..

So I know it can work with logfiles which have a clear separator such as ';' and I have the example Michael has documented here http://blog.medin.name/blog/2012/11/26/ ... ext-files/ working perfectly. So no need to troubleshoot NSCA connectivity or configuration. I also have configured an output file for easier troubleshooting.

So the problem is in:

Code: Select all

[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'
column separator=;

The log.txt looks like this:

Code: Select all

2015-11-09 16:00:44,797 [38] INFO  Flowcontrol - Servicename = G_Droso/Droso_Meldingen
2015-11-09 16:00:54,814 [38] ERROR  Flowcontrol - GeefInfoOverPunt: feature gevonden!
2015-11-09 16:00:54,853 [38] INFO  Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.REFADM_vecstadswijken:1
2015-11-09 16:00:54,892 [38] INFO  Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.VEIPOL_vecWijkcommissariaten:9
2015-11-09 16:00:54,935 [38] INFO  Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.INFWIS_vecSectorenDWBW:3

So I need to catch the lines containing ERROR and send them with NSCA to Nagios XI. As a test however I'm looking for 'INFO' as it is easier to troubleshoot. The problem is that I can't find out how to use space as a field separator. I tried lots of different configurations:

Code: Select all

[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'

Code: Select all

[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'
column separator= 

But none of them work. i'm using NSClient 0.4.1.105 so the filter syntax should be correct. As said before this does work:

Code: Select all

[/settings/logfile/real-time/checks/LOG_Test]
file = M:\ApplicationLogs\DrosoService\logtest.txt
destination = NSCA,FILE
filter = column1 like 'hello'
critical = column2 like 'world'
column separator=;

When I do

Code: Select all

echo hello;world >> M:\ApplicationLogs\DrosoService\logtest.txt

the log is sent to Nagios XI. So how can I achieve the same with a space instead of a ';'?

Any input is welcome to get this working. I'd prefer to get it working passively and real-time.

EDIT: It would also work without separator, but I'm not sure how to get that done too.. Not enough examples on the Interwebs for this. I'll put it on my site if we got this working.

[lmiltchev]

What is the output that you see in XI for the "LOG_DrosoService" and "LOG_Test" checks?

[ssax]

Are you sure they are spaces and not tabs?

Ifo so, you've already tried the options that I thought might work and I'm not able to find anything by searching for it (no documentation that I found other than his post talking about using ; instead of tabs because it's hard to use it with the echo command, your best bet would be to contact the NSClient++ developers as they are the only ones who could answer that.

[Box293]

I would ask Michael about this.

Specifically this comment:

Another thing to notice is since I am on Windows this time I set *column separator* to ; as it is difficult to create “tab characters” using the echo command in the command shell.

Could quite easily be overcome if he used Powershell instead of a cmd prompt echo:
http://superuser.com/questions/240435/h ... and-prompt

Code: Select all

Powershell -noprofile -nologo -command Write-Output "a`tb`tc"

the `t is the tab character

The thing I don't understand is how you could define the column separator= as a space or tab character.

I tried searching the help but all I could find reference to was column split:
http://docs.nsclient.org/0.4.3/search.h ... ea=default