Use Nagios to monitor a log file and send log details

monitoring nagios

I know Nagios can monitor and alert on the content within a log file, but does anyone know of a plug-in, or other tool, that will monitor a log file for a particular string and then send the entire line in an email message where that match occured?


Solution 1:

The stock check_log plugins is sort of... miserable; it uses 'diff' and processes the entire log, every time you run it, so it doesn't scale well. At all.

ConSol Labs maintains an excellent log checking plugin that does exactly what you want: http://exchange.nagios.org/directory/Plugins/Log-Files/check_logfiles/details

It is listed on Nagios Exchange, but here is the direct link to the English version: http://labs.consol.de/lang/en/nagios/check_logfiles/

You have to run this through NRPE, or check_via_ssh (+ ssh keys), obviously.

Solution 2:

@af-at-work: There is a tool for this:

"Tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients."

Ubuntu package (Link), Debian package (Link).

Solution 3:

Nagios Log Monitor

the above link might be the answer you're looking for. it can monitor any log file on local and remote hosts.

in the above link, the user is using a Nagios Log Monitoring tool called logrobot. you can visit the actual homepage to see more examples of how it works.

IF you wish to monitor a log, and see the details of the lines containing the string you specified, that logrobot tool can be run this way:

locally:

logrobot autofig /opt/jboss/jboss-as/server/production/log/server.log 60m 'INFO' '.' 1 2 -show

remotely:

NagiosLogMonitor remotehost logrobot autofig /opt/jboss/jboss-as/server/production/log/server.log 60m 'INFO' '.' 1 2 -show

When you run the above command, as was shown in the first link, you will be shown all fines found in the log file that contains the string 'INFO' you specified.

Solution 4:

If you can read the log file with a bash (or perl or python or etc.) script and search for the string (grep), sure. The script needs to set a non-zero return code and return the string. The script can reside on the server in question, and nagios can use the check_by_ssh command to run the script on the server.

Related

Difference between Apache reload and force-reload
Insert one data to MySQL table without login
Warming up an IIS Application Pool automatically?
When does Apache re-read the updates to .htaccess files?
Dedicated server automatic backup solution
My table half-exists. Can't drop it
Should PoE be turned off on ports not needing it?
optimal settings for win7 64 guest on kvm 64 host managed with libvirt
mysqld_multi stop doesn't seem to work
How to reduce the SATA link speed of drive in CentOS?
Will a database server perform better running on 2 CPUs with 16 cores or 4 CPUs with 8 cores?
Installing git with no idea about machine configuration