December 8, 2017

check_log

-------------------
Introduction
-------------------

In mine previous blogs I have discussed how to setup the 

- Server [http://magnus-k-karlsson.blogspot.se/2014/01/install-nagios-core-35-on-rhel-6-from.html]
- Client/Agent [http://magnus-k-karlsson.blogspot.se/2014/01/install-nagios-agent-nrpe-on-rhel-6.html]

In this blog I will show you how to install and configure the check_log plugin. 

A good documentation overview site is https://www.nagios-plugins.org/doc/man/index.html.

-------------------
check_log
-------------------

#! /bin/sh
#
# Log file pattern detector plugin for Nagios
# Written by Ethan Galstad (nagios@nagios.org)
# Last Modified: 07-31-1999
#
# Usage: ./check_log   
#
# Description:
#
# This plugin will scan a log file (specified by the  option)
# for a specific pattern (specified by the  option).  Successive
# calls to the plugin script will only report *new* pattern matches in the
# log file, since an copy of the log file from the previous run is saved
# to .
#
# Output:
#
# On the first run of the plugin, it will return an OK state with a message
# of "Log check data initialized".  On successive runs, it will return an OK
# state if *no* pattern matches have been found in the *difference* between the
# log file and the older copy of the log file.  If the plugin detects any 
# pattern matches in the log diff, it will return a CRITICAL state and print
# out a message is the following format: "(x) last_match", where "x" is the
# total number of pattern matches found in the file and "last_match" is the
# last entry in the log file which matches the pattern.
#
# Notes:
#
# If you use this plugin make sure to keep the following in mind:
#
#    1.  The "max_attempts" value for the service should be 1, as this
#        will prevent Nagios from retrying the service check (the
#        next time the check is run it will not produce the same results).
#
#    2.  The "notify_recovery" value for the service should be 0, so that
#        Nagios does not notify you of "recoveries" for the check.  Since
#        pattern matches in the log file will only be reported once and not
#        the next time, there will always be "recoveries" for the service, even
#        though recoveries really don't apply to this type of check.
#
#    3.  You *must* supply a different  for each service that
#        you define to use this plugin script - even if the different services
#        check the same  for pattern matches.  This is necessary
#        because of the way the script operates.
#
# Examples:
#
# Check for login failures in the syslog...
#
#   check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
#
# Check for port scan alerts generated by Psionic's PortSentry software...
#
#   check_log /var/log/message ./check_log.portscan.old "attackalert"
#

-------------------
Agent/Client Configuration check_log for JBoss EAP 6 Standalone
-------------------

The standard log file for JBoss EAP 6 running in standalone mode is

# ll /var/log/jbossas/standalone/server.log

First let pay attention to the third prerequisites for check_log and create a new "old" log file for check_log.

# touch /var/log/jbossas/standalone/server.log.check_log

# chmod 640 /var/log/jbossas/standalone/*

In the NRPE configuration file we see that there is a configuration directory for NRPE

# cat /etc/nagios/nrpe.cfg
...
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).

include_dir=/etc/nrpe.d/

And there we will put our command for the check_log plugin.

# vi /etc/nrpe.d/check_jboss_log.cfg
command[check_jboss_log]=/usr/lib64/nagios/plugins/check_log -F /var/log/jbossas/standalone/server.log \
-O /var/log/jbossas/standalone/server.log.check_log -q "WARN"

Finally restart the nrpe deamon to make the new configuration take effect.

# service nrpe restart



http://mgrepl.fedorapeople.org/Blog/nagios.html

-------------------
Server Configuration
-------------------

# vi /etc/nagios/conf.d/virtual1.example.com.cfg

No comments: