Nagios + check_logifiles for log monitoring

Nagios + check_logifiles for log monitoring

During Log check, we usually use a lot of monitoring methods. To check logs, we need to use the nagios plug-in, such as the check_logfile provided by nagios, which has limited functions; we use check_logfiles produced by ConSol Labs to process log truncation, support macro definition, support for regular expressions, and other functions, making our monitoring more flexible.

1. Installation

1. Install check_logfiles

 

tar -zxvf check_logfiles-3.6.3.tar.gz cd /usr/local/src/ check_logfiles-3.6.3./configure --prefix=/usr/local/nagios/ --with-nagios-user=nagios --with-nagios-group=nagios --with-seekfiles-dir=/usr/local/nagios/var/tmp --with-protocols-dir=/usr/local/nagios/var/tmp --with-perl=/usr/bin/perl --with-gzip=/bin/gzipmake

At this time, an error may be reported:

 

 

CDPATH = "$ {ZSH_VERSION + .}: "& cd. & amp;/bin/sh/usr/local/src/check_logfiles-3.6.3/missing autoconfaclocal. m4: 21: warning: this file was generated for autoconf 2.69.You have another version of autoconf. it may work, but is not guaranteed. if you have problems, you may need to regenerate the build system entirely. to do so, use the procedure provided ented by the package, typically 'autoreconf '. configure. ac: 4: error: Autoconf version 2.65 or higher is requiredaclocal. m4: 278: AM_INIT_AUTOMAKE is expanded from... configure. ac: 4: the top levelautom4te:/usr/bin/m4 failed with exit status: 63 WARNING: 'autoconf' is probably too old. you shoshould only need it if you modified 'configure. AC', or m4 files encoded by it. the 'autoconf' program is part of the GNU autoconf package:
 
  
It also requires GNU m4 and Perl in order to run:
           
   
    
Make: *** [configure] Error 63
   
  
 

This is caused by the autoconf version of the server, as the prompt says "aclocal. m4: 21: warning: this file was generated for autoconf 2. 69. "the autoconf version is 2.6.9 for compilation, and our version is

 

 

[root@nagios monitors]# /usr/bin/autoconf -Vautoconf (GNU Autoconf) 2.63Copyright (C) 2008 Free Software Foundation, Inc.License GPLv2+: GNU GPL version 2 or later
 
  This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Written by David J. MacKenzie and Akim Demaille.
 

Therefore, we need to upgrade the autoconf version to 2.69.

 

2. Install autoconf

 

[root@test src]# wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz[root@test src]# cd autoconf-2.69[root@test src]# ./configure --prefix=/usr[root@test src]# make && make install

Note: You must install it in/usr; otherwise, the new version of autoconf will not be used for compiling check_logfiles.

3. Compile and install check_logfiles

Make & make install

After the installation is complete, the check_logfiles plug-in will be installed under/usr/local/nagios/libexec. We need to configure the Permissions

Chown nagios. nagios/usr/local/nagios/libexec/check_logfiles

In addition, because we check whether the directory/usr/local/nagios/var/tmp exists, if not, we need to create a new one, because we have installed the seekfile and protocols directories here.

So far, the installation is complete.

Ii. Configuration

First, let's take a look at the help information provided by check_logfiles.

[Root @ nagios src] #/usr/local/nagios/libexec/check_logfiles-hThis Nagios Plugin comes with absolutely no warranty. You may useit on your own risk! Copyright by ConSol Software GmbH, Gerhard Lausser. this plugin in looks for patterns in logfiles, even in those who were rotatedsince the last run of this plugin. you can find the complete documentation at http://labs.consol.de/nagios/check_logfiles/Usage: check_logfiles [-t timeout]-f
 
  
The configfile looks like this: $ seekfilesdir = '/opt/nagios/var/tmp'; directory of write status information, which records The log content that has been checked, equivalent to history # where the state information will be saved. $ protocolsdir = '/opt/nagios/var/tmp'; directory of the write protocol information, which records the matching information of the log check # where protocols with found patterns will be stored. $ scriptpath = '/opt/nagios/var/tmp'; callable scripts or programs # where scripts will be searched. $ MACROS = {CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev /Dsk/c0d2 "}; Define the Macro. We can call the variable @ searches = (the content of the configuration file here. We can execute the program through the configuration file, you can also define it directly in the command line. The configuration file makes {tag => 'temperature 'more convenient. A tag can be considered as a custom flag, which will be used as part of the name in the generated status information or protocol information, it does not actually mean logfile => '/var/adm/syslog. log', logfile is the log file to be monitored rotation => 'bmwhpux ', rotation is used to define how to match the Truncated log criticalpatterns => ['overtemp _ EMERG ', 'Power supply failed'], serious Error. One or more regular expressions can be matched to warningpatterns => ['overtemp _ CRIT ', 'corrected ECC error'], warning Error, you can match one or more regular expressions options => 'script, protocol, nocount', and the options list. We can choose to start the script and write the protocol, do not count and other operations script => 'sendnsca _ cmd' script name}, {tag => 'scsi ', logfile =>'/var/adm/messages ', rotation => 'solaris ', criticalpatterns => 'sense Key: Not ready', criticalexceptions => 'sense Key: Not Ready/dev/testdisk ', options => 'noprotocol'}, {tag => 'logins', logfile => '/var/adm/messages', rotation => 'solaris ', criticalpatterns => ['illegal key', 'read error. * $ CL_DISK01 $ '], criticalthreshold => 4 warningpatterns => ['read error. * $ CL_DISK02 $ '],});
 

 

The above two methods can be used to uniformly write each project to the configuration file and put it into the command line for calling:

 

[root@nagios src]# /usr/local/nagios/libexec/check_logfilesUsage: check_logfiles [-t timeout] -f 
 
   [--searches=tag1,tag2,...]       check_logfiles [-t timeout] --logfile=
  
    --tag=
   
     --rotation=
    
                           --criticalpattern=
     
       --warningpattern=
      
     
    
   
  
 

 

3. Application

1. edit a configuration file on the monitored side, for example:

 

[root@usvr-218 var]# vim /usr/local/nagios/var/log.cfg@searches = ({tag => 'web_monitor',logfile => '/var/log/web_monitor.log',criticalpatterns => ['nginx has restart','nginx is down'],warningpatterns => ['500','302','502']#options => 'noprotocol'});

We have defined a web_monitor flag. The Check log file is/var/log/web_monitor.log. When the log information matches the content in ciriticalpattern, a severe error is reported, A warning error is reported when matching the content in warningcriticals. The status information and protocol information are written into/usr/local/nagios/var/tmp, as shown in figure

 

Log. _ var_log_web_monitor.log.web_monitor, where web_monitor is the tag in our configuration.

 

[root@usvr-218 tmp]# cat log._var_log_web_monitor.log.web_monitor $state = {           'runcount' => 17,           'serviceoutput' => '',           'logoffset' => 642985,           'runtime' => 1431504819,           'devino' => '64768:1178440',           'privatestate' => {                               'runcount' => 17,                               'lastruntime' => 1431504220,                               'logfile' => '/var/log/web_monitor.log'                             },           'logtime' => 1431504602,           'servicestateid' => 0,           'tag' => 'web_monitor'         };1;

After the check_logfiles on the monitored end is configured, we need to add the command in nrpe. cfg.

 

 

command[check_logfile]=/usr/local/nagios/libexec/check_logfiles -f /usr/local/nagios/var/log.cfgservice xinetd reload

 

2. The monitored end. Let's take a look at the monitoring end.

 

define service{    use                     nrpe-service         ; Name of service template to use    host_name               test    service_description     web_monitor    check_command           check_nrpe!check_logfile    check_interval          10      notifications_enabled   1       service_groups          logfile_check    contact_groups          test    }  

After restarting, we can see our monitoring metrics.

 

So far, we have finished our log monitoring, which is of course the most basic and hope to help you.