check_logfiles 插件的使用

check_logfiles 是檢查nagios日志關(guān)鍵字的插件，其功能很強大。項目地址是https://labs.consol.de/nagios/check_logfiles/

一、安裝
tar -zxvf check_logfiles-2.3.1.2.tar.gz
cd check_logfiles-2.3.1.2
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-seekfiles-dir=/usr/local/nagios/var/tmp --with-protocols-dir=/usr/local/nagios/var/tmp --with-trusted-path=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/nagios/libexec --with-perl=/usr/bin/perl --with-gzip=/bin/gzip
make
make install

二、配置

使用check_logfile
[root@WEBServer10414 libexec]# ./check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

Usage: check_logfiles [-t timeout] -f

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';#寫狀態(tài)信息的目錄，這里面記錄已經(jīng)檢查過的日志內(nèi)容，相當于歷史記錄
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';#寫協(xié)議信息的目錄，這里面記錄日志檢查的匹配信息
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';#可調(diào)用的腳本或程序
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };#定義宏

@searches = (#此處為配置文件的內(nèi)容，我們可以通過配置文件來執(zhí)行程序，也可以通過在命令行中直接定義。通過配置文件更方便 
 {
   tag => 'temperature',#定義唯一的標識符，它將在生成狀態(tài)信息或協(xié)議信息中作為名字中的一部分使用，并沒有實際的意義
   logfile => '/var/adm/syslog/syslog.log',#日志文件位置
   rotation => 'bmwhpux',#用來匹配歸檔的日志文件,rotation如果有截斷日志的話用來定義如何匹配截斷日志
   criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],#嚴重錯誤，可以匹配一個或多個正則表達式
   warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],#警告錯誤，可以匹配一個或多個正則表達式
   options => 'script,protocol,nocount',#選項列表，我們可以選擇啟動腳本，寫協(xié)議，不計數(shù)等操作
   script => 'sendnsca_cmd'
 },#腳本的名字
 {
   tag => 'scsi',
   logfile => '/var/adm/messages',
   rotation => 'solaris',
   criticalpatterns => 'Sense Key: Not Ready',
   criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
   options => 'noprotocol'
 },
 {
   tag => 'logins',
   logfile => '/var/adm/messages',
   rotation => 'solaris',
   criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
   criticalthreshold => 4
   warningpatterns => ['read error.*$CL_DISK02$'],
 }
);

以上將各個項目統(tǒng)一寫到配置文件中，當然也可以將其放入命令行中調(diào)用，兩種調(diào)用方式如下：

[root@WEBServer10414 libexec]# ./check_logfiles
Usage: check_logfiles [-t timeout] -f [--searches=tag1,tag2,...]
      check_logfiles [-t timeout] --logfile= --tag= --rotation=
                     --criticalpattern= --warningpattern=


三、現(xiàn)網(wǎng)實例
1、在被監(jiān)控端編輯一個配置文件，如下
vim /usr/local/nagios/var/catalina.cfg

$seekfilesdir = "/usr/local/nagios/var/tmp";
$protocolsdir = "/usr/local/nagios/var/tmp";
@searches = (
 {
   tag => 'tomcat',
   logfile => '/opt/tomcat7/logs/catalina.out',
   rotation => 'catalina.$CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$.log',
   criticalpatterns => [
     'java.net.SocketTimeoutException',
     'Exception'
   ],
   warningpatterns => [

   ],
   options => 'nocase,encoding=UTF-8,criticalthreshold=1,warningthreshold=1'
 },
);
我們定義了一個標志tomcat.catalina.out,檢查的日志文件為/opt/tomcat7/logs/catalina.out,當日志信息中匹配 ciriticalpattern中的內(nèi)容時會報嚴重錯誤，；狀態(tài)信息和協(xié)議信息會寫入到 /usr/local/nagios/var/tmp中,
$CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$是定義的時間宏，上面是匹配當前日期的歸檔日志。options => 'nocase'，正則表達式不區(qū)分大小寫，options=>'criticalthreshold=1,warningthreshold=1'，
這個數(shù)值設(shè)置了忽略匹配的次數(shù)。如設(shè)置成3，即忽略前2次匹配，第3次匹配才計數(shù)。這里是只忽略1次，第2次匹配就記數(shù)。


2、在/usr/local/nagios/libexec的目錄下，檢查下配置的文件，顯示執(zhí)行正常，日志無報錯。
[root@WEBServer10414 libexec]# ./check_logfiles --config /usr/local/nagios/var/catalina.cfg
OK - no errors or warnings|tomcat.catalina.out_lines=192 tomcat.catalina.out_warnings=0 tomcat.catalina.out_criticals=0 tomcat.catalina.out_unknowns=0

3、查看/usr/local/nagios/var/tmp目錄下生成的
 catalina._opt_tomcat7_logs_catalina.out.tomcat文件，其中tomcat是我們配置的tag,文件內(nèi)容如下：
[root@WEBServer10414 tmp]# cat catalina._opt_tomcat7_logs_catalina.out.tomcat
$state = {
          'logoffset' => 166891197,
          'devino' => '2053:27754546',
          'servicestateid' => 0,
          'logtime' => 1470399570,
          'serviceoutput' => ''
        };
1;

4、被監(jiān)控端添加nrpe.cfg文件中添加監(jiān)控命令
command[check_tomcat_logfiles]=/usr/local/nagios/libexec/check_logfiles --config /usr/local/nagios/var/catalina.cfg

5、監(jiān)控端定義的日志關(guān)鍵字監(jiān)控服務(wù)配置
define service{
       use                            local-service,srv-pnp        ; Name of service template to use
       host_name                      WEBServer10414
       service_description            Tomcat Front End Log Keyword Monitoring
       check_command                  check_nrpe_arg!check_tomcat_logfiles!60!/usr/local/nagios/var/catalina.cfg
       notifications_enabled          1
       }

6、check_nrpe_arg命令的定義
# 'check_nrpe_arg' command definition
define command {
 command_name        check_nrpe_arg
 command_line        $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$ -a $ARG3$
}

7、查看nagios展示的服務(wù)的信息

注意：/usr/local/nagios/var/catalina.cfg文件和/usr/local/nagios/var/tmp目錄和下面生成的狀態(tài)文件的權(quán)限要設(shè)為nagios，否則會報無權(quán)限寫入錯誤。