Page 1 of 2
check_file_content.pl
Posted: Fri Mar 20, 2020 5:24 am
by fsodah
I am trying to use above plugins on my logs ... but still not able to understand how to observe the output of this file ...
help would be appreciated to chech for example the above logs from apache also to observe the error code in the script
Re: check_file_content.pl
Posted: Fri Mar 20, 2020 12:02 pm
by lmiltchev
First, in order to get rid of the error below:
defined(@array) is deprecated at ./check_file_content.pl line 43.
open the plugin in a text editor, e.g. "vi", and change line 43 from this:
to this:
Save, and exit. Test your plugin again. The error message should be gone.
As far as the error below goes:
No such file or directory
it is normal, as you don't have a log that is named the same...
What are you trying to accomplish here? Are you looking for a specific pattern in today's log or yesterday's log? What is your rotate schedule? Are yesterday's logs going to be present in the /var/log/httpd directory at the time you run the check?
The plugin's usage is quite simple - check the help menu:
Usage : check_file_content.pl -f file -i include -e exclude -n lines_number [-h]
Options :
-f
Full path to file to analyze
-n
Number of lines to find (default is 1)
-i
Include pattern (can add multiple include)
-e
Exclude pattern (can add multiple include)
-h, --help
Print this help screen
Example : check_file_content.pl -f /etc/passwd -i 0 -e root -n 5
Re: check_file_content.pl
Posted: Sat Mar 21, 2020 8:03 am
by fsodah
I will check it today and i will let you know .... i like to check access.log every day at 8 clock morning to see if i had any fatal string inside
Re: check_file_content.pl
Posted: Sat Mar 21, 2020 3:24 pm
by fsodah
it works ... however ... can i let the perl script to surf only the last 10 lines from the log every day
Or in other words i want for example every day check my logs for any latest error it could in myql or apache or ....
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 9:54 am
by swolf
Hi
@fsodah,
Looking over the documentation for the plugin, I don't think that functionality is supported. You could always contact the original maintainers to see if they'd add it.
However, I don't think that's a particularly reliable way to solve your problem, either. If you always take the last "n" messages, you're likely to either miss messages within a given day (if the log generates a lot of messages - this is particularly likely when a problem actually occurs), or, if you adjust the number to be large enough, you're back to getting an alert for the same issue over multiple days.
If your log monitoring needs are great enough that simpler plugins like this aren't sufficient, I suggest you look into a dedicated log monitoring solution, for instance
Nagios Log Server.
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 10:20 am
by fsodah
Thanks ... can you explain this
check_file_content.pl -f /etc/passwd -i 0 -e root -n 5
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 10:40 am
by lmiltchev
It's explained in the help menu:
Usage : check_file_content.pl -f file -i include -e exclude -n lines_number [-h]
Options :
-f
Full path to file to analyze
-n
Number of lines to find (default is 1)
-i
Include pattern (can add multiple include)
-e
Exclude pattern (can add multiple include)
-h, --help
Print this help screen
Example : check_file_content.pl -f /etc/passwd -i 0 -e root -n 5
-f /etc/passwd = full path to the passwd file
-i 0 = include the pattern "0"
-e root = exclude the pattern "root"
-n 5 = find 5 lines (if more than 5 lines are found, the output would be OK; if less than 5 lines are found, the output would be FAILED)
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 11:38 am
by fsodah
My understanding
-n 5 = find 5 lines (if more than 5 lines are found, the output would be OK; if less than 5 lines are found, the output would be FAILED)
if 0 include in these lines is OK, if not Failed!!!
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 12:04 pm
by lmiltchev
My understanding
-n 5 = find 5 lines (if more than 5 lines are found, the output would be OK; if less than 5 lines are found, the output would be FAILED)
It is correct. This is what I was saying.
Examples:
More than 5 lines found -> OK
Code: Select all
[root@main-nagios-xi libexec]# cat /tmp/test
error
error
error
error
error
error
[root@main-nagios-xi libexec]# ./check_file_content.pl -f /tmp/test -i error -n 5
OK for /tmp/test (6 found)
Code: Select all
[root@main-nagios-xi libexec]# cat /tmp/test
error
error
error
[root@main-nagios-xi libexec]# ./check_file_content.pl -f /tmp/test -i error -n 5
FAILED on /tmp/test. Found only 3 on 5
if 0 include in these lines is OK, if not Failed!!!
I am not sure I understand the statement above. Are you saying that if no pattern is found, the output would be "OK"? It seems like that if there are no matches at all, the output would say "FAILED".
Code: Select all
[root@main-nagios-xi libexec]# cat /tmp/test
it's all good
[root@main-nagios-xi libexec]# ./check_file_content.pl -f /tmp/test -i error -n 5
FAILED on /tmp/test
Re: check_file_content.pl
Posted: Mon Mar 23, 2020 12:13 pm
by fsodah
Done ... Got it ... many thanks ... please close the ticket