Page 1 of 1
check_nagioslogserver.php
Posted: Mon May 30, 2016 10:19 am
by tylerhoadley
Not sure if I should post this here or in XI support forums but I'm having a issue getting the "check_nagioslogserver.php" check to go critical on '1 matching entries found'. I thought I had tested this last week where I would leave =warn='' and crit='1' in the check and would report as CRITICAL, but now it will only result in OK status.
Code: Select all
[root@nagios libexec]# ./check_nagioslogserver.php --url='https://SERVER/nagioslogserver/' --apikey='KEY' --minutes='30' --warn='' --crit='1' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1442861603011,"to":1442948003012}}},{"fquery":{"query":{"query_string":{"query":"message:(\"EVENTIDCODE\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"Hostname:(\"WINSERVERNAME\")"}},"_cache":true}}]}}}}}'
OK: 1 matching entries found |logs=1;;1
[root@nagios libexec]# ./check_nagioslogserver.php --url='https://SERVER/nagioslogserver/' --apikey='KEY' --minutes='30' --warn='1' --crit='2' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1442861603011,"to":1442948003012}}},{"fquery":{"query":{"query_string":{"query":"message:(\"EVENTIDCODE\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"Hostname:(\"WINSERVERNAME\")"}},"_cache":true}}]}}}}}'
OK: 1 matching entries found |logs=1;1;2
Anyone have some insight into the php warn/critical calculation/result?
If I should post this in the XI Support forum, please let me know, but figured this check is supported by the log server side rather than the XI side.
Thanks,
Re: check_nagioslogserver.php
Posted: Mon May 30, 2016 10:44 am
by tylerhoadley
Well, I believe I figured this out... Hopefully someone else out there finds this helpful on the 1 match found
I used this as my warn/crit args
Code: Select all
--crit="@1:~"
CRITICAL: 1 matching entries found |logs=1;;@1:~
Cheers
Re: check_nagioslogserver.php
Posted: Tue May 31, 2016 10:00 am
by hsmith
Thank you for sharing your fix!
Re: check_nagioslogserver.php
Posted: Wed Jun 01, 2016 2:34 pm
by eloyd
Wow, that is one ugly check. PLEASE tell me you're not typing that by hand?
I do have a question about your solution. That's obviously a Nagios range specifier, but my interpretation is that you're alerting on anything that is in the range of 1 through negative infinity. Not sure how the top end can be negative infinity, but I'm glad it's working for you.
Can I ask you to try something? Just use zero for the critical value? In theory, if the result is not in the range specified (zero) then it should alert.
Re: check_nagioslogserver.php
Posted: Wed Jun 01, 2016 4:24 pm
by hsmith
I'm interested in this as well.
Re: check_nagioslogserver.php
Posted: Mon Jun 13, 2016 9:36 am
by tylerhoadley
the basis of the check is to alert on anything 1 or greater. These queries are defined in the nagios log server, however to test them without impacting our XI environment, I ran them locally via cmd before enabling the checks in XI. At the time of writing this, our XI version is/was 5.2.7, log server 1.4.1.
I'll test 0, but believe that came back critical if 0 was the result. I will have to wait for a 1 result on one of the many checks I have setup. I'm sure one will pop up today so will test and post once I can.
However with the args supplied, I've had no issues with 1 or greater going critical in XI.
Re: check_nagioslogserver.php
Posted: Mon Jun 13, 2016 9:54 am
by tylerhoadley
I came across this via the url found within the --help arg on the check. up until this check, I was unaware of the @ or ~ characters being used (XI customer for a few years now and core user for years prior). I always thought 1 was the same as ≥1, however it did not tell nagios to go critical. Finally if you read over the url link below, "@1:~" means ≥1 to positive infinite. in the comment "@~:1" would be negative infinite to ≤1.
https://nagios-plugins.org/doc/guidelin ... HOLDFORMAT
# ./check_nagioslogserver.php --help
<Snipped>
--warn=<WARNING> The warning values, see:
https://nagios-plugins.org/doc/guidelin ... HOLDFORMAT
--crit=<CRITICAL> The critical values, see
https://nagios-plugins.org/doc/guidelin ... HOLDFORMAT
Re: check_nagioslogserver.php
Posted: Mon Jun 13, 2016 2:45 pm
by hsmith
Thank you for sharing
Re: check_nagioslogserver.php
Posted: Tue Jun 14, 2016 8:53 am
by tylerhoadley
came in this morning, noticed a critical 1 on a check so tested it out with --crit=0.
Code: Select all
# ./check_nagioslogserver.php --url='https://kgnslogpr.empire.ca/nagioslogserver/' --apikey='KEY' --minutes='30' --crit='0' --query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1442861603011,"to":1442948003012}}},{"fquery":{"query":{"query_string":{"query":"message:(\"EVENTIDCODE\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"Hostname:(\"WINSERVERNAME\")"}},"_cache":true}}]}}}}}'
OK: 1 matching entries found |logs=1;;
# echo $?
0
Re: check_nagioslogserver.php
Posted: Tue Jun 14, 2016 4:44 pm
by hsmith
I'll see if I can get this tested tomorrow.