Nagios Support Forum

Hi Team,

We have a new requirement for our Windows servers as below:
"Using Nagios, monitor the logs and based on some keywords (like errors, warning, etc) send an email alert having appropriate information about it."

Logpath:
D:\Oracle\Middleware\Oracle_Home\user_projects\domains\webshop_domain\servers\webshop-merchandising\logs\webshop-merchandising.out

In order to meet this, we have checked one article from Nagios Support knowledgebase:
https://support.nagios.com/kb/article/l ... s-787.html

After reading the article, we are a little confused about which would be the best plugin to meet our requirements. Also, I downloaded check_ncpa.py plugin and tried to monitor the logs using it, but getting some error regarding path, we are actually not sure about the command section, what all parameters are there and how to use them.

I would be really thankful to you if you can provide a proper step by step document to meet the requirement or let us know what plugin should we use and also help us with the command section.

Thanks in advance!!

I would use check_nrpe's check_log file command. The example given is:

./check_nrpe -H 10.25.11.3 -c check_logfile -a file="C:\\Logs\\server.log" filter="line like 'Failed'" top-syntax='${status}: ${count}/${total} matches' 'crit= count > 0'

Installing nsclient++ and configuring it to use NRPE are covered in:

https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Hello,

We have installed check_log3 plugin and tested to check logs using the same.

PFA the command screen shot and the error that we getting for the same. We have used this plugin because we are using Nagios XI and I found that this plugin is suitable for Nagios XI.

Kindly help us with the error and let us know if any additional ports needs to be opened for the same.

This plugin needs to reside on the same machine that the log files are on. You'll need to use nsclient++ or ncpa to execute the plugin:

https://support.nagios.com/kb/article/n ... t-528.html
https://support.nagios.com/kb/article/n ... a-722.html

Hello Cdienger,

We have installed the check_log3 plugin on the Windows client server. After the installation, we tried checking it on a test file and we are getting the below error:

Cannot read 'C:\Users\TEMP.SHAREDEV.011\Downloads\test.txt'

PFB the details of log file and plugin path on Windows client server:

1. Path for plugin: C:\Users\TEMP.SHAREDEV.011\Downloads
2. Path for test file (log file): C:\Users\TEMP.SHAREDEV.011\Downloads

I am attaching nsc.ini file of the client server here. Also, I am attaching the command and service definition.

Please have a look at them and let me know what I have missed. I probably need to do some changes in nsc.ini file.

Check the permissions on the file. The part of the script that appears to be throwing the error is:
"-f" verifies if the file is a plain file. I'm not entirely sure what is meant by this(I assume a simple text file would be "plain" enough...), but you can also try changing the script to verify if the file exists or not by changing it:

Hello,

I have tried changing the script as per your suggestion but getting the same error.
I have also checked the file permissions and the file has all the permissions for Nagios user and as an Admin too.

I ran below command in Nagios server and got the error:

[nagios@eu2napu003 libexec]$ /usr/local/nagios/libexec/check_nrpe -H 10.147.209.97 -t 30 -c check_log3
UNKNOWN: No handler for that command
[nagios@eu2napu003 libexec]$

10.147.209.97 => IP of Windows server.

When I googled the above error,I did some changes in nsc.ini as per that, below is the link which I referred:
https://support.nagios.com/forum/viewto ... 16&t=33020

I am attaching the command definition and nsc.ini file once again, I am pretty sure that I have missed something in the config file or did some mistake in command definition, please check them once.

Also, I have copied the check_log3.exe plugin in below path so that it should be present in scripts path:

C:\Program Files\NSClient++\scripts

Thanks a lot for your support!!

I was able to reproduce the issue with the "cannot read ..." message. It looks like the script doesn't like the single quotes. Try using double quotes around the file location.

The script definition should be under the [/settings/external scripts/scripts] section. I used:

[/settings/external scripts/scripts]
check_log3=perl scripts\\check_log3.pl -l "$ARG1$" -p "$ARG2$" -w $ARG3$ -c $ARG4$

and on the XI side I created a command and service check like so:

Hello,

I have made the changes as per your suggestion and now we are getting the below error:
"UNKNOWN: No handler for that command"

I am again attaching the updated nsc.ini file here.
Also, PFA the commands section and the service definition.

After doing the changes I have restarted the NSC++ service and got this new error. I have also put double quotes around the file location.

Take a look at this link for some examples on how to check log files on a Windows system.
https://support.nagios.com/kb/article/l ... s-787.html

Especially under this section.

NSClient++ via check_nrpe > Log Files

This is a built in command so it is much easier to get working.

But, you will have to upgrade NSClient++ on the Windows Server and I suggest using the latest 0.4.4.xx version from this link.
http://nsclient.org/download/0.4.4/

Use this to install it
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
And this
https://assets.nagios.com/downloads/nag ... _0.4.x.pdf

After the NSClient++ is installed, you can use the example from the first link to create a check for the log file.