diff options
Diffstat (limited to 'plugins-scripts/check_log.sh')
-rwxr-xr-x | plugins-scripts/check_log.sh | 168 |
1 files changed, 101 insertions, 67 deletions
diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh index d28c8d0a..8ecdd316 100755 --- a/plugins-scripts/check_log.sh +++ b/plugins-scripts/check_log.sh | |||
@@ -1,8 +1,7 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # Log file pattern detector plugin for monitoring | 3 | # Log file pattern detector plugin for monitoring |
4 | # Written by Ethan Galstad (nagios@nagios.org) | 4 | # Written originally by Ethan Galstad (nagios@nagios.org) |
5 | # Last Modified: 07-31-1999 | ||
6 | # | 5 | # |
7 | # Usage: ./check_log <log_file> <old_log_file> <pattern> | 6 | # Usage: ./check_log <log_file> <old_log_file> <pattern> |
8 | # | 7 | # |
@@ -19,7 +18,7 @@ | |||
19 | # On the first run of the plugin, it will return an OK state with a message | 18 | # On the first run of the plugin, it will return an OK state with a message |
20 | # of "Log check data initialized". On successive runs, it will return an OK | 19 | # of "Log check data initialized". On successive runs, it will return an OK |
21 | # state if *no* pattern matches have been found in the *difference* between the | 20 | # state if *no* pattern matches have been found in the *difference* between the |
22 | # log file and the older copy of the log file. If the plugin detects any | 21 | # log file and the older copy of the log file. If the plugin detects any |
23 | # pattern matches in the log diff, it will return a CRITICAL state and print | 22 | # pattern matches in the log diff, it will return a CRITICAL state and print |
24 | # out a message is the following format: "(x) last_match", where "x" is the | 23 | # out a message is the following format: "(x) last_match", where "x" is the |
25 | # total number of pattern matches found in the file and "last_match" is the | 24 | # total number of pattern matches found in the file and "last_match" is the |
@@ -44,6 +43,10 @@ | |||
44 | # check the same <log_file> for pattern matches. This is necessary | 43 | # check the same <log_file> for pattern matches. This is necessary |
45 | # because of the way the script operates. | 44 | # because of the way the script operates. |
46 | # | 45 | # |
46 | # 4. This plugin does NOT have an understanding of logrotation or similar | ||
47 | # mechanisms. Therefore bad timing could lead to missing events | ||
48 | # | ||
49 | # | ||
47 | # Examples: | 50 | # Examples: |
48 | # | 51 | # |
49 | # Check for login failures in the syslog... | 52 | # Check for login failures in the syslog... |
@@ -60,20 +63,26 @@ | |||
60 | 63 | ||
61 | PATH="@TRUSTED_PATH@" | 64 | PATH="@TRUSTED_PATH@" |
62 | export PATH | 65 | export PATH |
63 | PROGNAME=`basename $0` | 66 | PROGNAME=$(basename "$0") |
64 | PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` | 67 | PROGPATH=$(echo "$0" | sed -e 's,[\\/][^\\/][^\\/]*$,,') |
65 | REVISION="@NP_VERSION@" | 68 | REVISION="@NP_VERSION@" |
66 | 69 | ||
67 | . $PROGPATH/utils.sh | 70 | . "$PROGPATH"/utils.sh |
68 | 71 | ||
69 | print_usage() { | 72 | print_usage() { |
70 | echo "Usage: $PROGNAME -F logfile -O oldlog -q query" | 73 | echo "Usage: $PROGNAME -F logfile -O oldlog -q query" |
71 | echo "Usage: $PROGNAME --help" | 74 | echo "Usage: $PROGNAME --help" |
72 | echo "Usage: $PROGNAME --version" | 75 | echo "Usage: $PROGNAME --version" |
76 | echo "" | ||
77 | echo "Other parameters:" | ||
78 | echo " -a|--all : Print all matching lines" | ||
79 | echo " --exclude: Exclude a pattern (-p or -e also applies here when used)" | ||
80 | echo " -p|--perl-regex : Use perl style regular expressions in the query" | ||
81 | echo " -e|--extended-regex : Use extended style regular expressions in the query (not necessary for GNU grep)" | ||
73 | } | 82 | } |
74 | 83 | ||
75 | print_help() { | 84 | print_help() { |
76 | print_revision $PROGNAME $REVISION | 85 | print_revision "$PROGNAME" "$REVISION" |
77 | echo "" | 86 | echo "" |
78 | print_usage | 87 | print_usage |
79 | echo "" | 88 | echo "" |
@@ -87,81 +96,89 @@ print_help() { | |||
87 | 96 | ||
88 | if [ $# -lt 1 ]; then | 97 | if [ $# -lt 1 ]; then |
89 | print_usage | 98 | print_usage |
90 | exit $STATE_UNKNOWN | 99 | exit "$STATE_UNKNOWN" |
91 | fi | 100 | fi |
92 | 101 | ||
93 | # Grab the command line arguments | 102 | # Grab the command line arguments |
94 | |||
95 | #logfile=$1 | ||
96 | #oldlog=$2 | ||
97 | #query=$3 | ||
98 | exitstatus=$STATE_WARNING #default | 103 | exitstatus=$STATE_WARNING #default |
99 | while test -n "$1"; do | 104 | while test -n "$1"; do |
100 | case "$1" in | 105 | case "$1" in |
101 | --help) | 106 | -h | --help) |
102 | print_help | 107 | print_help |
103 | exit $STATE_OK | 108 | exit "$STATE_UNKNOWN" |
104 | ;; | 109 | ;; |
105 | -h) | 110 | -V | --version) |
106 | print_help | 111 | print_revision "$PROGNAME" "$REVISION" |
107 | exit $STATE_OK | 112 | exit "$STATE_UNKNOWN" |
108 | ;; | ||
109 | --version) | ||
110 | print_revision $PROGNAME $REVISION | ||
111 | exit $STATE_OK | ||
112 | ;; | ||
113 | -V) | ||
114 | print_revision $PROGNAME $REVISION | ||
115 | exit $STATE_OK | ||
116 | ;; | ||
117 | --filename) | ||
118 | logfile=$2 | ||
119 | shift | ||
120 | ;; | 113 | ;; |
121 | -F) | 114 | -F | --filename) |
122 | logfile=$2 | 115 | logfile=$2 |
123 | shift | 116 | shift 2 |
124 | ;; | 117 | ;; |
125 | --oldlog) | 118 | -O | --oldlog) |
126 | oldlog=$2 | 119 | oldlog=$2 |
127 | shift | 120 | shift 2 |
128 | ;; | 121 | ;; |
129 | -O) | 122 | -q | --query) |
130 | oldlog=$2 | ||
131 | shift | ||
132 | ;; | ||
133 | --query) | ||
134 | query=$2 | 123 | query=$2 |
135 | shift | 124 | shift 2 |
136 | ;; | 125 | ;; |
137 | -q) | 126 | --exclude) |
138 | query=$2 | 127 | exclude=$2 |
139 | shift | 128 | shift 2 |
140 | ;; | 129 | ;; |
141 | -x) | 130 | -x | --exitstatus) |
142 | exitstatus=$2 | 131 | exitstatus=$2 |
132 | shift 2 | ||
133 | ;; | ||
134 | -e | --extended-regex) | ||
135 | ERE=1 | ||
143 | shift | 136 | shift |
144 | ;; | 137 | ;; |
145 | --exitstatus) | 138 | -p | --perl-regex) |
146 | exitstatus=$2 | 139 | PRE=1 |
140 | shift | ||
141 | ;; | ||
142 | -a | --all) | ||
143 | ALL=1 | ||
147 | shift | 144 | shift |
148 | ;; | 145 | ;; |
149 | *) | 146 | *) |
150 | echo "Unknown argument: $1" | 147 | echo "Unknown argument: $1" |
151 | print_usage | 148 | print_usage |
152 | exit $STATE_UNKNOWN | 149 | exit "$STATE_UNKNOWN" |
153 | ;; | 150 | ;; |
154 | esac | 151 | esac |
155 | shift | ||
156 | done | 152 | done |
157 | 153 | ||
154 | # Parameter sanity check | ||
155 | if [ $ERE ] && [ $PRE ] ; then | ||
156 | echo "Can not use extended and perl regex at the same time" | ||
157 | exit "$STATE_UNKNOWN" | ||
158 | fi | ||
159 | |||
160 | GREP="grep" | ||
161 | |||
162 | if [ $ERE ]; then | ||
163 | GREP="grep -E" | ||
164 | fi | ||
165 | |||
166 | if [ $PRE ]; then | ||
167 | GREP="grep -P" | ||
168 | fi | ||
169 | |||
158 | # If the source log file doesn't exist, exit | 170 | # If the source log file doesn't exist, exit |
159 | 171 | ||
160 | if [ ! -e $logfile ]; then | 172 | if [ ! -e "$logfile" ]; then |
161 | echo "Log check error: Log file $logfile does not exist!" | 173 | echo "Log check error: Log file $logfile does not exist!" |
162 | exit $STATE_UNKNOWN | 174 | exit "$STATE_UNKNOWN" |
163 | elif [ ! -r $logfile ] ; then | 175 | elif [ ! -r "$logfile" ] ; then |
164 | echo "Log check error: Log file $logfile is not readable!" | 176 | echo "Log check error: Log file $logfile is not readable!" |
177 | exit "$STATE_UNKNOWN" | ||
178 | fi | ||
179 | # If no oldlog was given this can not work properly, abort then | ||
180 | if [ -z "$oldlog" ]; then | ||
181 | echo "Oldlog parameter is needed" | ||
165 | exit $STATE_UNKNOWN | 182 | exit $STATE_UNKNOWN |
166 | fi | 183 | fi |
167 | 184 | ||
@@ -169,10 +186,10 @@ fi | |||
169 | # we're running this test, so copy the original log file over to | 186 | # we're running this test, so copy the original log file over to |
170 | # the old diff file and exit | 187 | # the old diff file and exit |
171 | 188 | ||
172 | if [ ! -e $oldlog ]; then | 189 | if [ ! -e "$oldlog" ]; then |
173 | cat $logfile > $oldlog | 190 | cat "$logfile" > "$oldlog" |
174 | echo "Log check data initialized..." | 191 | echo "Log check data initialized..." |
175 | exit $STATE_OK | 192 | exit "$STATE_OK" |
176 | fi | 193 | fi |
177 | 194 | ||
178 | # The old log file exists, so compare it to the original log now | 195 | # The old log file exists, so compare it to the original log now |
@@ -180,31 +197,48 @@ fi | |||
180 | # The temporary file that the script should use while | 197 | # The temporary file that the script should use while |
181 | # processing the log file. | 198 | # processing the log file. |
182 | if [ -x /bin/mktemp ]; then | 199 | if [ -x /bin/mktemp ]; then |
183 | tempdiff=`/bin/mktemp /tmp/check_log.XXXXXXXXXX` | 200 | |
201 | tempdiff=$(/bin/mktemp /tmp/check_log.XXXXXXXXXX) | ||
184 | else | 202 | else |
185 | tempdiff=`/bin/date '+%H%M%S'` | 203 | tempdiff=$(/bin/date '+%H%M%S') |
186 | tempdiff="/tmp/check_log.${tempdiff}" | 204 | tempdiff="/tmp/check_log.${tempdiff}" |
187 | touch $tempdiff | 205 | touch "$tempdiff" |
188 | chmod 600 $tempdiff | 206 | chmod 600 "$tempdiff" |
189 | fi | 207 | fi |
190 | 208 | ||
191 | diff $logfile $oldlog | grep -v "^>" > $tempdiff | 209 | diff "$logfile" "$oldlog" | grep -v "^>" > "$tempdiff" |
210 | |||
192 | 211 | ||
193 | # Count the number of matching log entries we have | 212 | if [ $ALL ]; then |
194 | count=`grep -c "$query" $tempdiff` | 213 | # Get all matching entries in the diff file |
214 | if [ -n "$exclude" ]; then | ||
215 | entry=$($GREP "$query" "$tempdiff" | $GREP -v "$exclude") | ||
216 | count=$($GREP "$query" "$tempdiff" | $GREP -vc "$exclude") | ||
217 | else | ||
218 | entry=$($GREP "$query" "$tempdiff") | ||
219 | count=$($GREP -c "$query" "$tempdiff") | ||
220 | fi | ||
195 | 221 | ||
196 | # Get the last matching entry in the diff file | 222 | else |
197 | lastentry=`grep "$query" $tempdiff | tail -1` | 223 | # Get the last matching entry in the diff file |
224 | if [ -n "$exclude" ]; then | ||
225 | entry=$($GREP "$query" "$tempdiff" | $GREP -v "$exclude" | tail -1) | ||
226 | count=$($GREP "$query" "$tempdiff" | $GREP -vc "$exclude") | ||
227 | else | ||
228 | entry=$($GREP "$query" "$tempdiff" | tail -1) | ||
229 | count=$($GREP -c "$query" "$tempdiff") | ||
230 | fi | ||
231 | fi | ||
198 | 232 | ||
199 | rm -f $tempdiff | 233 | rm -f "$tempdiff" |
200 | cat $logfile > $oldlog | 234 | cat "$logfile" > "$oldlog" |
201 | 235 | ||
202 | if [ "$count" = "0" ]; then # no matches, exit with no error | 236 | if [ "$count" = "0" ]; then # no matches, exit with no error |
203 | echo "Log check ok - 0 pattern matches found" | 237 | echo "Log check ok - 0 pattern matches found" |
204 | exitstatus=$STATE_OK | 238 | exitstatus=$STATE_OK |
205 | else # Print total matche count and the last entry we found | 239 | else # Print total match count and the last entry we found |
206 | echo "($count) $lastentry" | 240 | echo "($count) $entry" |
207 | exitstatus=$STATE_CRITICAL | 241 | exitstatus=$STATE_CRITICAL |
208 | fi | 242 | fi |
209 | 243 | ||
210 | exit $exitstatus | 244 | exit "$exitstatus" |