[Nagiosplug-help] Usage of check_log
Server Admin
admin at treenetnz.com
Mon Aug 8 09:17:34 CEST 2005
Ralph.Grothe at itdz-berlin.de wrote:
> Hello,
>
> this may all be pretty obvious and self-explanatory to long time
> Nagios veterans.
>
> But I beg your pardon, this ultra terse help screen doesn't
> instruct me at all on the correct usage of this particular
> plug-in.
> Does it cause the plug-in authors such hardship to spare the
> extra 80 chars or so for a lucid example line?
>
>
> # libexec/check_log --help
> check_log (nagios-plugins 1.4) 1.4
> The nagios plugins come with ABSOLUTELY NO WARRANTY. You may
> redistribute
> copies of the plugins under the terms of the GNU General Public
> License.
> For more information about these matters, see the file named
> COPYING.
>
> Usage: check_log -F logfile -O oldlog -q query
> Usage: check_log --help
> Usage: check_log --version
>
> Log file pattern detector plugin for Nagios
>
> Send email to nagios-users at lists.sourceforge.net if you have
> questions
> regarding use of this software. To submit patches or suggest
> improvements,
> send email to nagiosplug-devel at lists.sourceforge.net.
> Please include version information with all correspondence (when
> possible,
> use output from the --version option of the plugin itself).
>
>
>
> For instance I'm after kernel Oops and similar utters from the
> kernel that are marked on my host's OS
> as vmunix in syslogd's main log, and almost always (except during
> system startup) indicate a critical condition.
>
> e.g.
>
> # grep vmunix /var/adm/syslog/syslog.log|tail -1
> Apr 29 09:44:20 terra vmunix: vxfs: mesg 001: vx_nospace -
> /dev/vg03/lvol1 file system full (1 block extent)
>
>
>
> Now I would want check_nrpe to run something like
>
> $libexec_dir/check_log -F /var/adm/syslog/syslog.log -q /vmunix/
>
>
> But according to the above usage synopsis this was wrong syntax
> because the -O option was lacking.
> But then I wouldn't know what -O was good for.
> Intuitively I would assosiate it with some intended output file.
> But the "oldlog" would be a bit of a misnomer.
> Or does it relate to also parsing some older, probably already
> rotated logfile.
>
> You see, this is all highly speculative and leaves ample space
> for wild guesses.
>
RTFM. It is in there somewhere. I found it after the same problem.
check_log is a special case in plugins being a stateful check and -O is
part of the solution.
You see in order to check the log ofr updates it needs to keep a record
of what the log looked like last time it checked. -O indicates the
filename each instance of check_log needs to keep this record.
There are two catches here:
- first, you need a unique -O and thus command for every log being checked.
- second, two consecutive checks will provide different results.
ie. the first may find entries for a WARNING/CRITICAL, further checks
after will find none and report OKAY until a new matching log entry is
added.
AYJ
More information about the Help
mailing list