Page 1 of 1

check_log and multi-querry

Posted: Fri Jul 29, 2016 1:56 am
by jerome
Hello,

First, sorry for my poor english.
I used check_log 1.5 where i could make a request with multi query, like this :
-q ‘querry1|querry2|querry3′
I have recently installed check_log 2.1.1, and multi-querry does not work.

Have you any idea ?

Thank you for your time.

Re: check_log and multi-querry

Posted: Fri Jul 29, 2016 10:55 am
by rkennedy
Can you show us full examples of what you're running over the CLI, or how you have your command / service definition setup?

Re: check_log and multi-querry

Posted: Mon Aug 01, 2016 3:28 am
by jerome
Hello,

For exemple. I am looking in the log file of the clamav scan result.
There is a line like : Infected files: 0 (or 1, 56, 9453543)

My command line is :

/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'

With this, if the log report :
Infected files: 32
the plugin check_log reports something.
Because it was looking for the query "Infected files: 1*" OR "Infected files: 2*" OR "Infected files: 3*", etc etc..

But, with the new version of Check_log, the plugin is looking for the query 'Infected files: 1|Infected files: 2|Infected files: 3|Infected files: 4|Infected files: 5|Infected files: 6|Infected files: 7|Infected files: 8|Infected files: 9'
Like if we were searching the all sentence.
So for "Infected files: 32" it returns nothing :
"Log check ok - 0 pattern matches found"
but if i try
/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 3'
the result is ok, "Infected files: 32" is found.

Re: check_log and multi-querry

Posted: Mon Aug 01, 2016 12:58 pm
by ssax
Please try this:

Code: Select all

/usr/lib/nagios/plugins/check_log -F /var/log/virus_var_www.log -O /var/tmp/check_logfiles/templog.log -q 'Infected files: 1\|Infected files: 2\|Infected files: 3\|Infected files: 4\|Infected files: 5\|Infected files: 6\|Infected files: 7\|Infected files: 8\|Infected files: 9' 

Re: check_log and multi-querry

Posted: Mon Aug 01, 2016 1:07 pm
by rkennedy
I was testing this before @ssax posted, but the \ does indeed work as escaping the |.

For reference:
2.0.3 -

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
(5) < frank
2.1.2 -

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank|billy"
Log check ok - 0 pattern matches found|match=0;;;0
(after escaping)

Code: Select all

[root@localhost libexec]# ./check_log -F /tmp/blah.txt -O /tmp/blah2.txt -q "frank\|billy"
(5) < frank|match=5;;;0

Re: check_log and multi-querry

Posted: Tue Aug 02, 2016 9:08 am
by jerome
Hello,

thank you for your help, it works perfectly whith escaping with \ !

Re: check_log and multi-querry

Posted: Tue Aug 02, 2016 3:35 pm
by tmcdonald
Great to hear! Mind if we close this up?

Re: check_log and multi-querry

Posted: Wed Aug 03, 2016 1:53 am
by jerome
No problem, you can close this post.
(sorry, i didn't know if i had to put in subject [Resolved] or something like that).

Re: check_log and multi-querry

Posted: Wed Aug 03, 2016 9:11 am
by tmcdonald
We usually ask if it's okay, so for future reference just let us know in a post!