1 files changed, 214 insertions, 0 deletions
diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh
new file mode 100755
index 0000000..08e7fef
--- /dev/null
+++ b/plugins-scripts/check_log.sh
@@ -0,0 +1,214 @@
+#! /bin/sh
+#
+# Log file pattern detector plugin for Nagios
+# Written by Ethan Galstad (nagios@nagios.org)
+# Last Modified: 07-31-1999
+#
+# Usage: ./check_log <log_file> <old_log_file> <pattern>
+#
+# Description:
+#
+# This plugin will scan a log file (specified by the <log_file> option)
+# for a specific pattern (specified by the <pattern> option).  Successive
+# calls to the plugin script will only report *new* pattern matches in the
+# log file, since an copy of the log file from the previous run is saved
+# to <old_log_file>.
+#
+# Output:
+#
+# On the first run of the plugin, it will return an OK state with a message
+# of "Log check data initialized".  On successive runs, it will return an OK
+# state if *no* pattern matches have been found in the *difference* between the
+# log file and the older copy of the log file.  If the plugin detects any 
+# pattern matches in the log diff, it will return a CRITICAL state and print
+# out a message is the following format: "(x) last_match", where "x" is the
+# total number of pattern matches found in the file and "last_match" is the
+# last entry in the log file which matches the pattern.
+#
+# Notes:
+#
+# If you use this plugin make sure to keep the following in mind:
+#
+#    1.  The "max_attempts" value for the service should be 1, as this
+#        will prevent Nagios from retrying the service check (the
+#        next time the check is run it will not produce the same results).
+#
+#    2.  The "notify_recovery" value for the service should be 0, so that
+#        Nagios does not notify you of "recoveries" for the check.  Since
+#        pattern matches in the log file will only be reported once and not
+#        the next time, there will always be "recoveries" for the service, even
+#        though recoveries really don't apply to this type of check.
+#
+#    3.  You *must* supply a different <old_file_log> for each service that
+#        you define to use this plugin script - even if the different services
+#        check the same <log_file> for pattern matches.  This is necessary
+#        because of the way the script operates.
+#
+# Examples:
+#
+# Check for login failures in the syslog...
+#
+#   check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
+#
+# Check for port scan alerts generated by Psionic's PortSentry software...
+#
+#   check_log /var/log/message ./check_log.portscan.old "attackalert"
+#
+# Paths to commands used in this script.  These
+# may have to be modified to match your system setup.
+PATH=""
+ECHO="/bin/echo"
+GREP="/bin/grep"
+DIFF="/bin/diff"
+TAIL="/bin/tail"
+CAT="/bin/cat"
+RM="/bin/rm"
+PROGNAME=`/bin/basename $0`
+PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
+REVISION=`echo '$Revision$' | /bin/sed -e 's/[^0-9.]//g'`
+. $PROGPATH/utils.sh
+print_usage() {
+        echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
+        echo "Usage: $PROGNAME --help"
+        echo "Usage: $PROGNAME --version"
+}
+print_help() {
+        print_revision $PROGNAME $REVISION
+        echo ""
+        print_usage
+        echo ""
+        echo "Log file pattern detector plugin for Nagios"
+        echo ""
+        support
+}
+# Make sure the correct number of command line
+# arguments have been supplied
+if [ $# -lt 1 ]; then
+        print_usage
+        exit $STATE_UNKNOWN
+fi
+# Grab the command line arguments
+#logfile=$1
+#oldlog=$2
+#query=$3
+exitstatus=$STATE_WARNING #default
+while test -n "$1"; do
+        case "$1" in
+                --help)
+                        print_help
+                        exit $STATE_OK
+                        ;;
+                -h)
+                        print_help
+                        exit $STATE_OK
+                        ;;
+                --version)
+                        print_revision $PROGNAME $VERSION
+                        exit $STATE_OK
+                        ;;
+                -V)
+                        print_revision $PROGNAME $VERSION
+                        exit $STATE_OK
+                        ;;
+                --filename)
+                        logfile=$2
+                        shift
+                        ;;
+                -F)
+                        logfile=$2
+                        shift
+                        ;;
+                --oldlog)
+                        oldlog=$2
+                        shift
+                        ;;
+                -O)
+                        oldlog=$2
+                        shift
+                        ;;
+                --query)
+                        query=$2
+                        shift
+                        ;;
+                -q)
+                        query=$2
+                        shift
+                        ;;
+                -x)
+                        exitstatus=$2
+                        shift
+                        ;;
+                --exitstatus)
+                        exitstatus=$2
+                        shift
+                        ;;
+                *)
+                        echo "Unknown argument: $1"
+                        print_usage
+                        exit $STATE_UNKNOWN
+                        ;;
+        esac
+        shift
+done
+# If the source log file doesn't exist, exit
+if [ ! -e $logfile ]; then
+        $ECHO "Log check error: Log file $logfile does not exist!\n"
+        exit 2
+fi
+# If the old log file doesn't exist, this must be the first time
+# we're running this test, so copy the original log file over to
+# the old diff file and exit
+if [ ! -e $oldlog ]; then
+        $CAT $logfile > $oldlog
+        $ECHO "Log check data initialized...\n"
+        exit 0
+fi
+# The old log file exists, so compare it to the original log now
+# The temporary file that the script should use while
+# processing the log file.
+if [-x /bin/mktemp]; then
+        tempdiff="/bin/mktemp /tmp/check_log.XXXXXXXXXX"
+else
+        tempdiff="/tmp/check_log.`/bin/date '+%H%M%S'`"
+  /bin/touch $tempdiff
+        chmod 600 $tempdiff
+fi
+$DIFF $logfile $oldlog > $tempdiff
+# Count the number of matching log entries we have
+count=`$GREP -c "$query" $tempdiff`
+# Get the last matching entry in the diff file
+lastentry=`$GREP "$query" $tempdiff | $TAIL --lines=1`
+$RM -f $tempdiff
+$CAT $logfile > $oldlog
+if [ "$count" = "0" ]; then # no matches, exit with no error
+        $ECHO "Log check ok - 0 pattern matches found\n"
+        exitstatus=0
+else # Print total matche count and the last entry we found
+        $ECHO "($count) $lastentry"
+fi
+exit exitstatus

diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh new file mode 100755 index 0000000..08e7fef --- /dev/null +++ b/plugins-scripts/check_log.sh
@@ -0,0 +1,214 @@
	1	#! /bin/sh
	2	#
	3	# Log file pattern detector plugin for Nagios
	4	# Written by Ethan Galstad (nagios@nagios.org)
	5	# Last Modified: 07-31-1999
	6	#
	7	# Usage: ./check_log <log_file> <old_log_file> <pattern>
	8	#
	9	# Description:
	10	#
	11	# This plugin will scan a log file (specified by the <log_file> option)
	12	# for a specific pattern (specified by the <pattern> option). Successive
	13	# calls to the plugin script will only report new pattern matches in the
	14	# log file, since an copy of the log file from the previous run is saved
	15	# to <old_log_file>.
	16	#
	17	# Output:
	18	#
	19	# On the first run of the plugin, it will return an OK state with a message
	20	# of "Log check data initialized". On successive runs, it will return an OK
	21	# state if no pattern matches have been found in the difference between the
	22	# log file and the older copy of the log file. If the plugin detects any
	23	# pattern matches in the log diff, it will return a CRITICAL state and print
	24	# out a message is the following format: "(x) last_match", where "x" is the
	25	# total number of pattern matches found in the file and "last_match" is the
	26	# last entry in the log file which matches the pattern.
	27	#
	28	# Notes:
	29	#
	30	# If you use this plugin make sure to keep the following in mind:
	31	#
	32	# 1. The "max_attempts" value for the service should be 1, as this
	33	# will prevent Nagios from retrying the service check (the
	34	# next time the check is run it will not produce the same results).
	35	#
	36	# 2. The "notify_recovery" value for the service should be 0, so that
	37	# Nagios does not notify you of "recoveries" for the check. Since
	38	# pattern matches in the log file will only be reported once and not
	39	# the next time, there will always be "recoveries" for the service, even
	40	# though recoveries really don't apply to this type of check.
	41	#
	42	# 3. You must supply a different <old_file_log> for each service that
	43	# you define to use this plugin script - even if the different services
	44	# check the same <log_file> for pattern matches. This is necessary
	45	# because of the way the script operates.
	46	#
	47	# Examples:
	48	#
	49	# Check for login failures in the syslog...
	50	#
	51	# check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
	52	#
	53	# Check for port scan alerts generated by Psionic's PortSentry software...
	54	#
	55	# check_log /var/log/message ./check_log.portscan.old "attackalert"
	56	#
	57
	58	# Paths to commands used in this script. These
	59	# may have to be modified to match your system setup.
	60
	61	PATH=""
	62
	63	ECHO="/bin/echo"
	64	GREP="/bin/grep"
	65	DIFF="/bin/diff"
	66	TAIL="/bin/tail"
	67	CAT="/bin/cat"
	68	RM="/bin/rm"
	69
	70	PROGNAME=`/bin/basename $0`
	71	PROGPATH=`echo $0 \| /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
	72	REVISION=`echo '$Revision$' \| /bin/sed -e 's/[^0-9.]//g'`
	73
	74	. $PROGPATH/utils.sh
	75
	76	print_usage() {
	77	echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
	78	echo "Usage: $PROGNAME --help"
	79	echo "Usage: $PROGNAME --version"
	80	}
	81
	82	print_help() {
	83	print_revision $PROGNAME $REVISION
	84	echo ""
	85	print_usage
	86	echo ""
	87	echo "Log file pattern detector plugin for Nagios"
	88	echo ""
	89	support
	90	}
	91
	92	# Make sure the correct number of command line
	93	# arguments have been supplied
	94
	95	if [ $# -lt 1 ]; then
	96	print_usage
	97	exit $STATE_UNKNOWN
	98	fi
	99
	100	# Grab the command line arguments
	101
	102	#logfile=$1
	103	#oldlog=$2
	104	#query=$3
	105	exitstatus=$STATE_WARNING #default
	106	while test -n "$1"; do
	107	case "$1" in
	108	--help)
	109	print_help
	110	exit $STATE_OK
	111	;;
	112	-h)
	113	print_help
	114	exit $STATE_OK
	115	;;
	116	--version)
	117	print_revision $PROGNAME $VERSION
	118	exit $STATE_OK
	119	;;
	120	-V)
	121	print_revision $PROGNAME $VERSION
	122	exit $STATE_OK
	123	;;
	124	--filename)
	125	logfile=$2
	126	shift
	127	;;
	128	-F)
	129	logfile=$2
	130	shift
	131	;;
	132	--oldlog)
	133	oldlog=$2
	134	shift
	135	;;
	136	-O)
	137	oldlog=$2
	138	shift
	139	;;
	140	--query)
	141	query=$2
	142	shift
	143	;;
	144	-q)
	145	query=$2
	146	shift
	147	;;
	148	-x)
	149	exitstatus=$2
	150	shift
	151	;;
	152	--exitstatus)
	153	exitstatus=$2
	154	shift
	155	;;
	156	*)
	157	echo "Unknown argument: $1"
	158	print_usage
	159	exit $STATE_UNKNOWN
	160	;;
	161	esac
	162	shift
	163	done
	164
	165	# If the source log file doesn't exist, exit
	166
	167	if [ ! -e $logfile ]; then
	168	$ECHO "Log check error: Log file $logfile does not exist!\n"
	169	exit 2
	170	fi
	171
	172	# If the old log file doesn't exist, this must be the first time
	173	# we're running this test, so copy the original log file over to
	174	# the old diff file and exit
	175
	176	if [ ! -e $oldlog ]; then
	177	$CAT $logfile > $oldlog
	178	$ECHO "Log check data initialized...\n"
	179	exit 0
	180	fi
	181
	182	# The old log file exists, so compare it to the original log now
	183
	184	# The temporary file that the script should use while
	185	# processing the log file.
	186	if [-x /bin/mktemp]; then
	187	tempdiff="/bin/mktemp /tmp/check_log.XXXXXXXXXX"
	188	else
	189	tempdiff="/tmp/check_log.`/bin/date '+%H%M%S'`"
	190	/bin/touch $tempdiff
	191	chmod 600 $tempdiff
	192	fi
	193
	194	$DIFF $logfile $oldlog > $tempdiff
	195
	196	# Count the number of matching log entries we have
	197	count=`$GREP -c "$query" $tempdiff`
	198
	199	# Get the last matching entry in the diff file
	200	lastentry=`$GREP "$query" $tempdiff \| $TAIL --lines=1`
	201
	202	$RM -f $tempdiff
	203	$CAT $logfile > $oldlog
	204
	205	if [ "$count" = "0" ]; then # no matches, exit with no error
	206	$ECHO "Log check ok - 0 pattern matches found\n"
	207	exitstatus=0
	208	else # Print total matche count and the last entry we found
	209	$ECHO "($count) $lastentry"
	210	fi
	211
	212	exit exitstatus
	213
	214