Using check-log.rb

James_Jelinek · August 4, 2015, 8:43pm

I’m trying to setup the check-log.rb from the sensu-community-plugins repo to do a simple regex pattern match on log files and then throw a warning/critical if found.

I’m manually testing the script on /var/log/messages looking for the word “interface” like this:

/opt/sensu/embedded/bin/ruby check-log.rb -F /var/log/messages -q ‘/interface/’

I get the output:

CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

I know the pattern matches with /interface/ because interface exists in the /var/log/messages file. So my question would be is how do I setup this script (what arguments to pass) for a warn and critical event to be triggered?

There’s not a lot of documentation and when I try doing -w 1 (expecting that a count of 1 for warning will trigger a warning), nothing happens, I get the same output: CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

Any thoughts on this?

Thanks,

James

Kyle_Anderson · August 5, 2015, 2:36am

I think you may be misunderstanding what this script does. It is not
like grep where it just looks through the whole file and returns if
the string is found. (except on the first run)

Re-read the description to be sure this is the check you want:

github.com

sensu/sensu-community-plugins/blob/af719c4a11a088ad5f601520a95ff1dd09ea31d9/plugins/logging/check-log.rb#L6-L10


      
          #   This plugin checks a log file for a regular expression, skipping lines
          #   that have already been read, like Nagios's check_log. However, instead
          #   of making a backup copy of the whole log file (very slow with large
          #   logs), it stores the number of bytes read, and seeks to that position
          #   next time.

github.com

sensu-plugins/sensu-plugins-logs/blob/ad1d588646b53bc52db213bc0158fcc9a316bf6f/bin/check-log.rb#L6-L10


      
          #   This plugin checks a log file for a regular expression, skipping lines
          #   that have already been read, like Nagios's check_log. However, instead
          #   of making a backup copy of the whole log file (very slow with large
          #   logs), it stores the number of bytes read, and seeks to that position
          #   next time.

(new location)

Remember that Sensu just runs stuff, so if this particular check
command doesn't do what you want, you can use any other
nagios-compliant script, or write your own.

···

On Tue, Aug 4, 2015 at 1:43 PM, James Jelinek <jelinek@gmail.com> wrote:

I'm trying to setup the check-log.rb from the sensu-community-plugins repo
to do a simple regex pattern match on log files and then throw a
warning/critical if found.

I'm manually testing the script on /var/log/messages looking for the word
"interface" like this:

/opt/sensu/embedded/bin/ruby check-log.rb -F /var/log/messages -q
'/interface/'

I get the output:

CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

I know the pattern matches with /interface/ because interface exists in the
/var/log/messages file. So my question would be is how do I setup this
script (what arguments to pass) for a warn and critical event to be
triggered?

There's not a lot of documentation and when I try doing -w 1 (expecting that
a count of 1 for warning will trigger a warning), nothing happens, I get the
same output: CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

Any thoughts on this?

Thanks,

James

James_Jelinek · August 5, 2015, 1:18pm

I think you’re right. This script doesn’t do what I’m wanting it to do. Can you suggest a simple grep-style bash/nagios script instead?

Thanks for your help as always, Kyle!

···

On Tuesday, August 4, 2015 at 9:36:24 PM UTC-5, Kyle Anderson wrote:

I think you may be misunderstanding what this script does. It is not
like grep where it just looks through the whole file and returns if
the string is found. (except on the first run)

Re-read the description to be sure this is the check you want:
https://github.com/sensu/sensu-community-plugins/blob/af719c4a11a088ad5f601520a95ff1dd09ea31d9/plugins/logging/check-log.rb#L6-L10

https://github.com/sensu-plugins/sensu-plugins-logs/blob/ad1d588646b53bc52db213bc0158fcc9a316bf6f/bin/check-log.rb#L6-L10

(new location)

Remember that Sensu just runs stuff, so if this particular check
command doesn’t do what you want, you can use any other
nagios-compliant script, or write your own.

On Tue, Aug 4, 2015 at 1:43 PM, James Jelinek jel...@gmail.com wrote:

I’m trying to setup the check-log.rb from the sensu-community-plugins repo
to do a simple regex pattern match on log files and then throw a
warning/critical if found.

I’m manually testing the script on /var/log/messages looking for the word
“interface” like this:

/opt/sensu/embedded/bin/ruby check-log.rb -F /var/log/messages -q
‘/interface/’

I get the output:

CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

I know the pattern matches with /interface/ because interface exists in the
/var/log/messages file. So my question would be is how do I setup this
script (what arguments to pass) for a warn and critical event to be
triggered?

There’s not a lot of documentation and when I try doing -w 1 (expecting that
a count of 1 for warning will trigger a warning), nothing happens, I get the
same output: CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

Any thoughts on this?

Thanks,

James

James_Jelinek · August 5, 2015, 1:48pm

Any suggestions on a simple sh or pl script that will do a simple grep of a log file to return warning/critical/ok?

-James

···

On Aug 4, 2015, at 9:36 PM, Kyle Anderson <kyle@xkyle.com> wrote:

I think you may be misunderstanding what this script does. It is not
like grep where it just looks through the whole file and returns if
the string is found. (except on the first run)

Re-read the description to be sure this is the check you want:
https://github.com/sensu/sensu-community-plugins/blob/af719c4a11a088ad5f601520a95ff1dd09ea31d9/plugins/logging/check-log.rb#L6-L10
https://github.com/sensu-plugins/sensu-plugins-logs/blob/ad1d588646b53bc52db213bc0158fcc9a316bf6f/bin/check-log.rb#L6-L10
(new location)

Remember that Sensu just runs stuff, so if this particular check
command doesn't do what you want, you can use any other
nagios-compliant script, or write your own.

On Tue, Aug 4, 2015 at 1:43 PM, James Jelinek <jelinek@gmail.com> wrote:

I'm trying to setup the check-log.rb from the sensu-community-plugins repo
to do a simple regex pattern match on log files and then throw a
warning/critical if found.

I'm manually testing the script on /var/log/messages looking for the word
"interface" like this:

/opt/sensu/embedded/bin/ruby check-log.rb -F /var/log/messages -q
'/interface/'

I get the output:

CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

I know the pattern matches with /interface/ because interface exists in the
/var/log/messages file. So my question would be is how do I setup this
script (what arguments to pass) for a warn and critical event to be
triggered?

There's not a lot of documentation and when I try doing -w 1 (expecting that
a count of 1 for warning will trigger a warning), nothing happens, I get the
same output: CheckLog OK: 0 warnings, 0 criticals for pattern /interface/.

Any thoughts on this?

Thanks,

James

Topic		Replies	Views
generating multiple warnings/criticals in one run of a check script and masquerading Sensu Classic (EOL)	6	448	November 22, 2018
Log monitoring Sensu Classic (EOL)	5	1266	October 22, 2014
SensuGO Event Filter Regular Expression examples Sensu Go	1	355	October 7, 2020
Creating a filter for count of warning occurrences, but critical events are still handled on first occurrence Sensu Classic (EOL)	0	621	December 12, 2018
generating multiple warnings/criticals in one run of a check script:check-graphite-data.rb Sensu Classic (EOL)	0	449	April 14, 2016

Using check-log.rb

Related Topics