Hi Team,
We are looking to monitor an application log file but the log file name changes as per the application configuration settings for max size.
It created multiple log files with XXX_date_01.log, XXX_date_02.log so on.. and latest logs are present in newest file (XXX_date_02.log).
Could you please let us know if we can achieve this latest log file monitoring. it should through an alert if we found any "ERROR" keyword.
Also, could you please share which agent needs to be installed in order to achieve this requirement from Nagios XI.
Kindly share any link or documentation if this can be achieved from Nagios end.
Thanks,
Nitin Parate
Log File with latest filename monitoring
Log File with latest filename monitoring
Thanks & Regards,
I2MP Team.
I2MP Team.
Re: Log File with latest filename monitoring
Hi
Want you would want to do is create a script that does the following:
1. determine the most current file (XXX_date_01.log)
2. find any instances of the word ERROR in the file
3. get the latest ERROR message based on timestamp in log (assuming there are timestamps in log)
4. If current time - timestamp is < 5 minutes set errorlevel to 2, else errorlevel = 0
5. if errorlevel =2 echo "ERROR: (message from step 3) & exit 2
else if errorlevel =0 echo "OK" & exit 0
else echo "unknown issue" & exit 3
Run the Configuration Wizard: NCPA on the Nagios server.
Keep or remove the default checks as you desire. Near the bottom of the page use the
"file picker" (circled) to select the script on the remote machine: Continue with the Wizard. Since the script checks the log entries for the previous
5 minutes you would need to set the service to check every 5 minutes.
https://www.nagios.org/ncpa/help.php#ac ... the-plugin
Thanks
Want you would want to do is create a script that does the following:
1. determine the most current file (XXX_date_01.log)
2. find any instances of the word ERROR in the file
3. get the latest ERROR message based on timestamp in log (assuming there are timestamps in log)
4. If current time - timestamp is < 5 minutes set errorlevel to 2, else errorlevel = 0
5. if errorlevel =2 echo "ERROR: (message from step 3) & exit 2
else if errorlevel =0 echo "OK" & exit 0
else echo "unknown issue" & exit 3
The script returns a message and an exit status to Nagios.Note: You would have to accomodate the "edge case" where the log file closes and a new one is created during
the "look bacK' period of 5 minutes
Install NCPA on the machine to be monitored: Put your script in the /usr/local/ncpa/plugins directory on the machine to be monitored.The return codes Nagios recognizes are:
0 for OK
1 for Warning
2 for Critical
3 for Unknown
Run the Configuration Wizard: NCPA on the Nagios server.
Keep or remove the default checks as you desire. Near the bottom of the page use the
"file picker" (circled) to select the script on the remote machine: Continue with the Wizard. Since the script checks the log entries for the previous
5 minutes you would need to set the service to check every 5 minutes.
The following documentation describes using NCPA in depth:Note: There may be away to tell the script to look back X minutes based
on the frequency of the service check - this would be the ideal implementation.
https://www.nagios.org/ncpa/help.php#ac ... the-plugin
Thanks
You do not have the required permissions to view the files attached to this post.