Created
May 11, 2011 20:46
-
-
Save chetan/967309 to your computer and use it in GitHub Desktop.
A Nagios check for missing patterns in logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# | |
# This is an inverse of the original check_log script included with Nagios. | |
# This script will display a CRITICAL status when the given pattern is | |
# *NOT* found. Usage is otherwise identical to check_log. | |
# | |
# Modified by Chetan Sarva (chetan@evidon.com) 05-11-2011 | |
# | |
# | |
# Log file pattern detector plugin for Nagios | |
# Written by Ethan Galstad (nagios@nagios.org) | |
# Last Modified: 07-31-1999 | |
# | |
# Usage: check_no_log -F logfile -O oldlog -q query | |
# | |
# Description: | |
# | |
# This plugin will scan a log file (specified by the <log_file> option) | |
# for a specific pattern (specified by the <pattern> option). Successive | |
# calls to the plugin script will report CRITICAL if there are *NO new* | |
# pattern matches in the log file, since an copy of the log file from the | |
# previous run is saved to <oldlog>. | |
# | |
# Output: | |
# | |
# On the first run of the plugin, it will return an OK state with a message | |
# of "Log check data initialized". On successive runs, it will return an OK | |
# state if *at least 1* pattern match has been found in the *difference* | |
# between the log file and the older copy of the log file. If the plugin | |
# detects *NO* pattern matches in the log diff, it will return a CRITICAL | |
# state and print out a message stating this. | |
# | |
# Notes: | |
# | |
# If you use this plugin make sure to keep the following in mind: | |
# | |
# 1. The "max_attempts" value for the service should be 1, as this | |
# will prevent Nagios from retrying the service check (the | |
# next time the check is run it will not produce the same results). | |
# | |
# 2. You *must* supply a different <old_file_log> for each service that | |
# you define to use this plugin script - even if the different services | |
# check the same <log_file> for pattern matches. This is necessary | |
# because of the way the script operates. | |
# | |
# Paths to commands used in this script. These | |
# may have to be modified to match your system setup. | |
# TV: removed PATH restriction. Need to think more about what this means overall | |
#PATH="" | |
ECHO="/bin/echo" | |
GREP="/bin/egrep" | |
DIFF="/usr/bin/diff" | |
TAIL="/usr/bin/tail" | |
CAT="/bin/cat" | |
RM="/bin/rm" | |
CHMOD="/bin/chmod" | |
TOUCH="/bin/touch" | |
PROGNAME=`/usr/bin/basename $0` | |
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` | |
REVISION="1.4.14" | |
. $PROGPATH/utils.sh | |
print_usage() { | |
echo "Usage: $PROGNAME -F logfile -O oldlog -q query" | |
echo "Usage: $PROGNAME --help" | |
echo "Usage: $PROGNAME --version" | |
} | |
print_help() { | |
print_revision $PROGNAME $REVISION | |
echo "" | |
print_usage | |
echo "" | |
echo "Log file pattern detector plugin for Nagios" | |
echo "" | |
support | |
} | |
# Make sure the correct number of command line | |
# arguments have been supplied | |
if [ $# -lt 1 ]; then | |
print_usage | |
exit $STATE_UNKNOWN | |
fi | |
# Grab the command line arguments | |
#logfile=$1 | |
#oldlog=$2 | |
#query=$3 | |
exitstatus=$STATE_WARNING #default | |
while test -n "$1"; do | |
case "$1" in | |
--help) | |
print_help | |
exit $STATE_OK | |
;; | |
-h) | |
print_help | |
exit $STATE_OK | |
;; | |
--version) | |
print_revision $PROGNAME $REVISION | |
exit $STATE_OK | |
;; | |
-V) | |
print_revision $PROGNAME $REVISION | |
exit $STATE_OK | |
;; | |
--filename) | |
logfile=$2 | |
shift | |
;; | |
-F) | |
logfile=$2 | |
shift | |
;; | |
--oldlog) | |
oldlog=$2 | |
shift | |
;; | |
-O) | |
oldlog=$2 | |
shift | |
;; | |
--query) | |
query=$2 | |
shift | |
;; | |
-q) | |
query=$2 | |
shift | |
;; | |
-x) | |
exitstatus=$2 | |
shift | |
;; | |
--exitstatus) | |
exitstatus=$2 | |
shift | |
;; | |
*) | |
echo "Unknown argument: $1" | |
print_usage | |
exit $STATE_UNKNOWN | |
;; | |
esac | |
shift | |
done | |
# If the source log file doesn't exist, exit | |
if [ ! -e $logfile ]; then | |
$ECHO "Log check error: Log file $logfile does not exist!\n" | |
exit $STATE_UNKNOWN | |
elif [ ! -r $logfile ] ; then | |
$ECHO "Log check error: Log file $logfile is not readable!\n" | |
exit $STATE_UNKNOWN | |
fi | |
# make sure they're not the same file! | |
if [ $logfile == $oldlog ]; then | |
$ECHO "Log file cannot be the same as old file!\n" | |
exit $STATE_UNKNOWN | |
fi | |
# If the old log file doesn't exist, this must be the first time | |
# we're running this test, so copy the original log file over to | |
# the old diff file and exit | |
if [ ! -e $oldlog ]; then | |
$CAT $logfile > $oldlog | |
$ECHO "OK - Log check data initialized...\n" | |
exit $STATE_OK | |
fi | |
# The old log file exists, so compare it to the original log now | |
# The temporary file that the script should use while | |
# processing the log file. | |
if [ -x /bin/mktemp ]; then | |
tempdiff=`/bin/mktemp /tmp/check_log.XXXXXXXXXX` | |
else | |
tempdiff=`/bin/date '+%H%M%S'` | |
tempdiff="/tmp/check_log.${tempdiff}" | |
$TOUCH $tempdiff | |
$CHMOD 600 $tempdiff | |
fi | |
$DIFF $logfile $oldlog | $GREP -v "^>" > $tempdiff | |
# Count the number of matching log entries we have | |
count=`$GREP -c "$query" $tempdiff` | |
# Get the last matching entry in the diff file | |
lastentry=`$GREP "$query" $tempdiff | $TAIL -1` | |
$RM -f $tempdiff | |
$CAT $logfile > $oldlog | |
if [ "$count" = "0" ]; then # no matches, exit with no error | |
$ECHO "CRITICAL - No log matches found" | |
exitstatus=$STATE_CRITICAL | |
else # Print total matche count and the last entry we found | |
$ECHO "OK - ($count) $lastentry\n" | |
exitstatus=$STATE_OK | |
fi | |
exit $exitstatus |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment