LOG BASED ALARM

[ericssonvietnam]

Need to configure log bases alarm i am using the below Arguments :
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ARG1 : "-C /home/nagios/bin/check_logfiles -f /home/nagios/logfile_basedir/conf/Charging status.conf"
AEG2 : -t 30 -o StrictHostKeyChecking=no -l nagios -E
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Also attaching the screenshot of the log based monitoring logic.

Let me know what parameters require changes so that i can fulfill the requirement of the log based check Charging_status as stated in below points :

1. check inter should be 10 min where i need to check for setting.
2. It should be raised as major severity.
3. OK pattern stick value 30 what does -t in ARG2 stands for.

Also sharing my configuration file which i am using :
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[nagios@nagiosxi ~]$ cat Charging_status.conf
$seekfilesdir = '/home/nagios/logfile_basedir/tmp';
$protocolsdir = '/home/nagios/logfile_basedir/tmp';
$scriptpath = '/home/nagios/bin';
#$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };

@searches = (
{
tag => 'Charging_status',
criticalpatterns => [ 'charging.connector.timeout.error', 'SCAPTxTimeoutException' ] ,
logfile => '/opt/mrbt/jboss/server/all/log/mrbt.log'
}
);
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[tacolover101]

i would reccomend looking into Nagios log server for your checking of files like this. it simply makes more sense, and for what you're doing it would provide full historical audits in a much cleaner way.

as for your question at hand - your #1 will be set at the check_interval, #2 nagios sets it as critical in the 'criticalpatterns' section - that is also where you define your keyword to search for. (Charging_status.conf), #3 not sure what y ou're rferring to here - -t is generally timeout, in your case for seconds.

[tgriep]

Thanks@ tacolover101 for the help.
@ericssonvietnam , if you have any more questions, let us know.

[ericssonvietnam]

Thanks@ tacolover101 for the help.
@ericssonvietnam , if you have any more questions, let us know.

What is the purpose of below line in the log configuration file

options => 'sticky=1800,noprotocol,report=long,allyoucaneat',

[kyang]

After doing some searching I found this.

Code: Select all

sticky[=seconds] --> Controls whether an error is propagated through successive runs of check_logfiles. Once an error was found, the exitcode will be non-zero until an okpattern resets it or until the error expires after <second> seconds. Do not use this option until you know exactly what you do.

Code: Select all

noprotocol --> Normally all the matched lines are written into a protocol file with this file’s name appearing in the plugin’s output. This option switches this off.

Code: Select all

report=[short|long|html] --> This option turns on multiline output (Default: off). The setting html generates a table which display the last hits in the service details view.

Code: Select all

allyoucaneat--> With this option check_logfiles scans the entire logfile during the initial run (when no seekfile exists)

Those can be found here, along with more information about the parameters.

https://labs.consol.de/nagios/check_logfiles/

Does this help?