-------------------
Introduction
-------------------
In mine previous blogs I have discussed how to setup the
- Server [http://magnus-k-karlsson.blogspot.se/2014/01/install-nagios-core-35-on-rhel-6-from.html]
- Client/Agent [http://magnus-k-karlsson.blogspot.se/2014/01/install-nagios-agent-nrpe-on-rhel-6.html]
In this blog I will show you how to install and configure the check_log plugin.
A good documentation overview site is https://www.nagios-plugins.org/doc/man/index.html.
-------------------
check_log
-------------------
#! /bin/sh
#
# Log file pattern detector plugin for Nagios
# Written by Ethan Galstad (nagios@nagios.org)
# Last Modified: 07-31-1999
#
# Usage: ./check_log <log_file> <old_log_file> <pattern>
#
# Description:
#
# This plugin will scan a log file (specified by the <log_file> option)
# for a specific pattern (specified by the <pattern> option). Successive
# calls to the plugin script will only report *new* pattern matches in the
# log file, since an copy of the log file from the previous run is saved
# to <old_log_file>.
#
# Output:
#
# On the first run of the plugin, it will return an OK state with a message
# of "Log check data initialized". On successive runs, it will return an OK
# state if *no* pattern matches have been found in the *difference* between the
# log file and the older copy of the log file. If the plugin detects any
# pattern matches in the log diff, it will return a CRITICAL state and print
# out a message is the following format: "(x) last_match", where "x" is the
# total number of pattern matches found in the file and "last_match" is the
# last entry in the log file which matches the pattern.
#
# Notes:
#
# If you use this plugin make sure to keep the following in mind:
#
# 1. The "max_attempts" value for the service should be 1, as this
# will prevent Nagios from retrying the service check (the
# next time the check is run it will not produce the same results).
#
# 2. The "notify_recovery" value for the service should be 0, so that
# Nagios does not notify you of "recoveries" for the check. Since
# pattern matches in the log file will only be reported once and not
# the next time, there will always be "recoveries" for the service, even
# though recoveries really don't apply to this type of check.
#
# 3. You *must* supply a different <old_file_log> for each service that
# you define to use this plugin script - even if the different services
# check the same <log_file> for pattern matches. This is necessary
# because of the way the script operates.
#
# Examples:
#
# Check for login failures in the syslog...
#
# check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
#
# Check for port scan alerts generated by Psionic's PortSentry software...
#
# check_log /var/log/message ./check_log.portscan.old "attackalert"
#
-------------------
Agent/Client Configuration check_log for JBoss EAP 6 Standalone
-------------------
The standard log file for JBoss EAP 6 running in standalone mode is
# ll /var/log/jbossas/standalone/server.log
First let pay attention to the third prerequisites for check_log and create a new "old" log file for check_log.
# touch /var/log/jbossas/standalone/server.log.check_log
# chmod 640 /var/log/jbossas/standalone/*
In the NRPE configuration file we see that there is a configuration directory for NRPE
# cat /etc/nagios/nrpe.cfg
...
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
include_dir=/etc/nrpe.d/
And there we will put our command for the check_log plugin.
# vi /etc/nrpe.d/check_jboss_log.cfg
command[check_jboss_log]=/usr/lib64/nagios/plugins/check_log -F /var/log/jbossas/standalone/server.log \
-O /var/log/jbossas/standalone/server.log.check_log -q "WARN"
Finally restart the nrpe deamon to make the new configuration take effect.
# service nrpe restart
http://mgrepl.fedorapeople.org/Blog/nagios.html
-------------------
Server Configuration
-------------------
# vi /etc/nagios/conf.d/virtual1.example.com.cfg
December 8, 2017
check_log
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment