Use Nagios to monitor a log file and send log details

I know Nagios can monitor and alert on the content within a log file, but does anyone know of a plug-in, or other tool, that will monitor a log file for a particular string and then send the entire line in an email message where that match occured?


Solution 1:

The stock check_log plugins is sort of... miserable; it uses 'diff' and processes the entire log, every time you run it, so it doesn't scale well. At all.

ConSol Labs maintains an excellent log checking plugin that does exactly what you want: http://exchange.nagios.org/directory/Plugins/Log-Files/check_logfiles/details

It is listed on Nagios Exchange, but here is the direct link to the English version: http://labs.consol.de/lang/en/nagios/check_logfiles/

You have to run this through NRPE, or check_via_ssh (+ ssh keys), obviously.

Solution 2:

@af-at-work: There is a tool for this:

"Tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients."

Ubuntu package (Link), Debian package (Link).

Solution 3:

Nagios Log Monitor

the above link might be the answer you're looking for. it can monitor any log file on local and remote hosts.

in the above link, the user is using a Nagios Log Monitoring tool called logrobot. you can visit the actual homepage to see more examples of how it works.

IF you wish to monitor a log, and see the details of the lines containing the string you specified, that logrobot tool can be run this way:

locally:

logrobot autofig /opt/jboss/jboss-as/server/production/log/server.log 60m 'INFO' '.' 1 2 -show

remotely:

NagiosLogMonitor remotehost logrobot autofig /opt/jboss/jboss-as/server/production/log/server.log 60m 'INFO' '.' 1 2 -show

When you run the above command, as was shown in the first link, you will be shown all fines found in the log file that contains the string 'INFO' you specified.

Solution 4:

If you can read the log file with a bash (or perl or python or etc.) script and search for the string (grep), sure. The script needs to set a non-zero return code and return the string. The script can reside on the server in question, and nagios can use the check_by_ssh command to run the script on the server.