nagios+check_logifile實現日誌監控

標籤：nagios+check_logfile   check_logfiles   日誌監控   

日誌檢查時我們平時用的非常多的一種監控方式，檢查日誌我們需要使用nagios外掛程式，比如nagios內建的check_logfile，功能比較有限；我們使用ConSol Labs出品的check_logfiles,它能夠處理截斷日誌，支援宏定義，支援正則等功能，使我們的監控更加靈活。

一.安裝

1.安裝check_logfiles

tar -zxvf check_logfiles-3.6.3.tar.gz cd /usr/local/src/ check_logfiles-3.6.3./configure --prefix=/usr/local/nagios/ --with-nagios-user=nagios --with-nagios-group=nagios --with-seekfiles-dir=/usr/local/nagios/var/tmp --with-protocols-dir=/usr/local/nagios/var/tmp --with-perl=/usr/bin/perl --with-gzip=/bin/gzipmake

此時可能會報錯：

CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /usr/local/src/check_logfiles-3.6.3/missing autoconfaclocal.m4:21: warning: this file was generated for autoconf 2.69.You have another version of autoconf.  It may work, but is not guaranteed to.If you have problems, you may need to regenerate the build system entirely.To do so, use the procedure documented by the package, typically 'autoreconf'.configure.ac:4: error: Autoconf version 2.65 or higher is requiredaclocal.m4:278: AM_INIT_AUTOMAKE is expanded from...configure.ac:4: the top levelautom4te: /usr/bin/m4 failed with exit status: 63WARNING: 'autoconf' is probably too old.         You should only need it if you modified 'configure.ac',         or m4 files included by it.         The 'autoconf' program is part of the GNU Autoconf package:         <http://www.gnu.org/software/autoconf/>         It also requires GNU m4 and Perl in order to run:         <http://www.gnu.org/software/m4/>         <http://www.perl.org/>make: *** [configure] 錯誤 63

這是由於伺服器的autoconf版本問題導致，正如提示說“aclocal.m4:21: warning: this file was generated for autoconf 2.69.” 編譯需要autoconf的版本為2.6.9，而我們的版本為

[[email protected] monitors]# /usr/bin/autoconf -Vautoconf (GNU Autoconf) 2.63Copyright (C) 2008 Free Software Foundation, Inc.License GPLv2+: GNU GPL version 2 or later<http://gnu.org/licenses/old-licenses/gpl-2.0.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Written by David J. MacKenzie and Akim Demaille.

因此我們需要升級將autoconf版本升級為2.69.

2.安裝autoconf

[[email protected] src]# wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz[[email protected] src]# cd autoconf-2.69[[email protected] src]# ./configure --prefix=/usr[[email protected] src]# make && make install

注意：我們一定要將其安裝到/usr下，否則編譯check_logfiles時不會使用新版的autoconf

3.編譯安裝check_logfiles

make && make install

安裝完成後check_logfiles外掛程式將安裝到/usr/local/nagios/libexec下，我們需要配置下許可權

chown nagios.nagios /usr/local/nagios/libexec/check_logfiles

另外，由於我們檢查下是否有/usr/local/nagios/var/tmp這個目錄，如果沒有的話還要建立，因為我們之前將seekfile及protocols目錄安裝在此。

至此，安裝完畢。

二.配置

首先我們來看下check_logfiles內建的協助資訊

[[email protected] src]# /usr/local/nagios/libexec/check_logfiles -hThis Nagios Plugin comes with absolutely NO WARRANTY. You may useit on your own risk!Copyright by ConSol Software GmbH, Gerhard Lausser.This plugin looks for patterns in logfiles, even in those who were rotatedsince the last run of this plugin.You can find the complete documentation at http://labs.consol.de/nagios/check_logfiles/Usage: check_logfiles [-t timeout] -f <configfile>The configfile looks like this:$seekfilesdir = '/opt/nagios/var/tmp';寫狀態資訊的目錄，這裡面記錄已經檢查過的日誌內容，相當於記錄# where the state information will be saved.$protocolsdir = '/opt/nagios/var/tmp';寫協議資訊的目錄，這裡面記錄日誌檢查的匹配資訊# where protocols with found patterns will be stored.$scriptpath = '/opt/nagios/var/tmp';可調用的指令碼或程式# where scripts will be searched for.$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };定義宏，我們可以調用的變數@searches = (此處為設定檔的內容，我們可以通過設定檔來執行程式，也可以通過在命令列中直接定義。通過設定檔更方便  {    tag => 'temperature',<span style="white-space:pre"></span>tag可以理解為一個自訂的標誌，它將在產生狀態資訊或協議資訊中作為名字中的一部分使用，並沒有實際的意義    logfile => '/var/adm/syslog/syslog.log',<span style="white-space:pre"></span>logfile為所要監控的記錄檔    rotation => 'bmwhpux',<span style="white-space:pre"></span>rotation如果有截斷日誌的話用來定義如何匹配截斷日誌    criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],<span style="white-space:pre"></span>嚴重錯誤，可以匹配一個或多個Regex    warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],<span style="white-space:pre"></span>警告錯誤，可以匹配一個或多個Regex    options => 'script,protocol,nocount',<span style="white-space:pre"></span>選項列表，我們可以選擇啟動指令碼，寫協議，不計數等操作    script => 'sendnsca_cmd'<span style="white-space:pre"></span>指令碼的名字  },  {    tag => 'scsi',    logfile => '/var/adm/messages',    rotation => 'solaris',    criticalpatterns => 'Sense Key: Not Ready',    criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',    options => 'noprotocol'  },  {    tag => 'logins',    logfile => '/var/adm/messages',    rotation => 'solaris',    criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],    criticalthreshold => 4    warningpatterns => ['read error.*$CL_DISK02$'],  });

以上將各個項目統一寫到設定檔中，當然也可以將其放入命令列中調用，兩種調用方式如下：

[[email protected] src]# /usr/local/nagios/libexec/check_logfilesUsage: check_logfiles [-t timeout] -f <configfile> [--searches=tag1,tag2,...]       check_logfiles [-t timeout] --logfile=<logfile> --tag=<tag> --rotation=<rotation>                      --criticalpattern=<regexp> --warningpattern=<regexp>

三.應用

1.我們在被監控端編輯一個設定檔，如：

[[email protected] var]# vim /usr/local/nagios/var/log.cfg@searches = ({tag => 'web_monitor',logfile => '/var/log/web_monitor.log',criticalpatterns => ['nginx has restart','nginx is down'],warningpatterns => ['500','302','502']#options => 'noprotocol'});

我們定義了一個標誌web_monitor,檢查的記錄檔為/var/log/web_monitor.log,當日誌資訊中匹配ciriticalpattern中的內容時會報嚴重錯誤，當匹配warningcriticals中的內容時會警示告錯誤；狀態資訊和協議資訊會寫入到/usr/local/nagios/var/tmp中，如

log._var_log_web_monitor.log.web_monitor，其中web_monitor就是我們配置中的tag

[[email protected] tmp]# cat log._var_log_web_monitor.log.web_monitor $state = {           'runcount' => 17,           'serviceoutput' => '',           'logoffset' => 642985,           'runtime' => 1431504819,           'devino' => '64768:1178440',           'privatestate' => {                               'runcount' => 17,                               'lastruntime' => 1431504220,                               'logfile' => '/var/log/web_monitor.log'                             },           'logtime' => 1431504602,           'servicestateid' => 0,           'tag' => 'web_monitor'         };1;

被監控端的check_logfiles配置好了後，我們還需在nrpe.cfg中添加命令

command[check_logfile]=/usr/local/nagios/libexec/check_logfiles -f /usr/local/nagios/var/log.cfgservice xinetd reload

2.被監控端端我們再來看下監控端

define service{    use                     nrpe-service         ; Name of service template to use    host_name               test    service_description     web_monitor    check_command           check_nrpe!check_logfile    check_interval          10      notifications_enabled   1       service_groups          logfile_check    contact_groups          test    }  

重啟後，就可以看到我們的監控項了

至此，我們的日誌監控講完了，當然都是最基本的了，希望給大家帶來協助。

nagios+check_logifile實現日誌監控