check_logfiles @ NSClient - patterns not found

This forum was archived to /woltlab and is now in read-only mode.
  • Hi there,

    I'm using the check_logfiles plugins (created exe) from Consol Labs on an NSClient @ Windows Server 2008. The script itself is working, also via NRPE from Nagios Host.

    But the patterns I'm searching for in my test logfile cannot be found. I tried both running it with external config file and with command line tags, without success.

    Here' my config file:


    $seekfilesdir = 'C:\Temp\logs';

    # where the state information will be

    $protocolsdir = 'C:\Temp\logs';

    # where protocols with found patterns

    $scriptpath = 'C:\Temp\logs';

    # where scripts will be searched for.

    $MACROS = { LOGDIR => 'C:\Temp\logs' };

    @searches = ({

    tag => 'Log',

    logfile => '$LOGDIR$\log1.log',

    criticalpatterns => ['ERROR'],

    warningpatterns => ['WARNING']

    });


    Content of my logfile under C:\Temp\logs\log1.log:


    Das ist ein Logfile zum Testen

    Deswegen steht hier nur Krimskrams drin und nichts wichtiges

    Außer vielleicht ab und an mal ein Fehler

    ERROR at line 1999

    ERROR timestamp appfailure 1

    apperror


    Entry in nsclient.ini:


    [/settings/external scripts/scripts]

    check_logfiles = scripts\check_logfiles.exe -f scripts\check_logfiles.cfg

    0> check_nrpe -H 10.100.70.209 -c check_logfiles

    OK - no errors or warnings|'Log_lines'=0 'Log_warnings'=0 'Log_criticals'=0 'Log_unknowns'=0


    Why is it showing not errors even if logfile contains "Error"....?


    Thanks in advance for any comments on this. :S


  • check_logfiles remembers the last position in the file it scanned. So following scans will start there instead of the beginning of the file. AFAIK there's another file storing the position which you have to remove if you don't want to change the file to inspect.

  • Hi Wolfgang, thanks for your reply!

    I deleted all the files the script created and restarted the check again, without success:


    130> check_nrpe -H 10.100.70.209 -c check_logfiles



    OK - no errors or warnings|'Log_lines'=0 'Log_warnings'=0 'Log_criticals'=0 'Log_unknowns'=0


    Can this option be deactivated? If I have a logfile which is the same everyday (old one removed after run of application), I need the script to check every day again the same logfile for the same errors.

  • Can this option be deactivated? If I have a logfile which is the same everyday (old one removed after run of application), I need the script to check every day again the same logfile for the same errors.

    According to the documentation this is the default:

    Quote

    rotation

    One of the predefined methods or a regular expression, which helps identify the rotated archives. If this key is missing, check_logfiles assumes that the log file will be simply overwritten instead of rotated.

  • I just remembered that I proposed to delete the file but the script author remarked:

    Quote

    Die Seekfiles zu löschen bringt nichts. Wenn kein Seekfile existiert, dann macht check_logfiles beim ersten Lauf weiter nichts als aufs Dateiende zu positionieren. Andernfalls würden ja Fehler, welche Jahre zurückliegen können, gemeldet werden, wenn ein neuer check_logfiles-Service angelegt wird. Mit


    echo "fehler" >> test.txt


    kannst du den Fehlerfall simulieren.


    Gerhard

  • OK, I understood how it works. But what I can't get, since I have not defined the "rotation" variable, it should run in default mode. means it should check always from beginning, right? (because it's overwritten)

    But it doesn't.