Nagios Support Forum

Hi,

I have gone through the document https://labs.consol.de/nagios/check_logfiles/index.html. I am running the below command
I am not sure why the command returns OK inspite of having Error in the /opt/tomcat_gnip/logs/hashapi/gnipclienttest.log file
I will appreciate if anyone can help me understand what is going wrong in my above command line. Please share me some working examples to understand more about the usage of check_logfiles nagios plugin.

Thanks in Advance.

Regards,

Kaushal

That's not our product, so we can only offer limited support.

What happens if you use --criticalpatten "Error" instead of the longer string?

Hi Douglas,

I still see the same issue.

#cat /opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log
[ERROR] 2016-11-24 04:02:49.176 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
[ERROR] 2016-12-01 00:54:18.541 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.

#/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern "Error"
OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0

#/usr/lib/nagios/plugins/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
--criticalpattern=<regexp> --warningpattern=<regexp>

#/usr/lib/nagios/plugins/check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

You can find the complete documentation at
http://labs.consol.de/nagios/check_logfiles/

Usage: check_logfiles [-t timeout] -f <configfile>

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
{
tag => 'temperature',
logfile => '/var/adm/syslog/syslog.log',
rotation => 'bmwhpux',
criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],
warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],
options => 'script,protocol,nocount',
script => 'sendnsca_cmd'
},
{
tag => 'scsi',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => 'Sense Key: Not Ready',
criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
options => 'noprotocol'
},
{
tag => 'logins',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
criticalthreshold => 4
warningpatterns => ['read error.*$CL_DISK02$'],
}
);

Please let me know if you need any additional details.

Thanks in Advance.

Regards,

Kaushal

The creator of the plugin is http://labs.consol.de/ so it is best to seek their help in your plugin issue.

If you want to create your own plugin, here is some information:

https://nagios-plugins.org/doc/guidelines.html
https://mathias-kettner.de/checkmk_localchecks.html
http://www.yourownlinux.com/2014/06/how ... cript.html

Using standard system tools and the negate plugin, it would be relatively easier to accomplish what you are trying to do in this specific case.

What that plugin does the first tile it runs, it caches the last run in to a temporary file so when it run again, it will only look for the pattern from that last run.
If you want to always check for that pattern and send a critical, you would use the --noprotocol option like below. Else, you would remove the cached file from the /tmp folder and it would be called like this for example.

Hi tgriep,

Please find the below details

root@/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern 'Error' --noprotocol
OK - no errors or warnings|default_lines=0 default_warnings=0 default_criticals=0 default_unknowns=0
-----------------------------
root@:/home/kaushalshriyan# cat /opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log
[ERROR] 2016-11-24 04:02:49.176 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
[ERROR] 2016-12-01 00:54:18.541 [pool-4-thread-1] GnipClientLog - Error message received as stream result. Quitting connection.
-----------------------------
root@:/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles
Usage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]
check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>
--criticalpattern=<regexp> --warningpattern=<regexp>

-----------------------------
root@:/home/kaushalshriyan# /usr/lib/nagios/plugins/check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

You can find the complete documentation at
http://labs.consol.de/nagios/check_logfiles/

Usage: check_logfiles [-t timeout] -f <configfile>

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
{
tag => 'temperature',
logfile => '/var/adm/syslog/syslog.log',
rotation => 'bmwhpux',
criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],
warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],
options => 'script,protocol,nocount',
script => 'sendnsca_cmd'
},
{
tag => 'scsi',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => 'Sense Key: Not Ready',
criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
options => 'noprotocol'
},
{
tag => 'logins',
logfile => '/var/adm/messages',
rotation => 'solaris',
criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
criticalthreshold => 4
warningpatterns => ['read error.*$CL_DISK02$'],
}
);

-----------------------------
root@:/home/kaushalshriyan#

Please let me know if you need any additional information.

Regards,

Kaushal

I guess the --noprotocol option doesn't work like it should.
At this point, you will have to contact the author of the plugin for help.

I tested your problem. You need nrpe to make this work. I did it with nrpe and it gave me a critical.

Yes, to run that check on a remote Linux server you do need NRPE. Thanks for that.

The check_logfiles plugin does cache the status of the last run in either the /tmp or the /var/tmp folder so the first time it is ran, it will show the critical.
If no new entries are in the log file before the second run, it will show an OK status but the --noprotocol option says to ignore the cached data but that seems to not be working for the Original Poster.

@tgriep because he is not running it with check_nrpe.

/usr/lib/nagios/plugins/check_logfiles --logfile=/opt/tomcat_gnip/logs/twitterapi/gnipclienttest.log --criticalpattern 'Error' --noprotocol

this should be in his nrpe.cfg file and it will work.