[PLUG] time based grep

[Kris]

On Wed, Oct 12, 2005 at 06:29:54PM -0700, Wil Cooley wrote:
> On Wed, 2005-10-12 at 10:51 -0700, Kris wrote:
> > My goal is to write a nagios plugin which grep's the last 
> > 30 minutes of /var/log/dhcp.log for "no free leases".
> > 
> > Currently I'm seeing no easy way to do this without much script-fu.  Anyone 
> > have a trick for this?  My other option is to set log rotation to 30 
> > minutes and have a lot of logfiles.
> 
> While not exactly what you're looking for, there are a few utilities
> which will maintain a record of where they last looked at a log file and
> return only the entries since.  I'm thinking specifically of 'logtail'
> from Psionic's 'logcheck' project; 'epylog' also has a similar
> capability.  Might be hard to find since Cisco subsumed Psionic, taking
> logcheck and portsentry down with it; the source is on my FTP server:
> http://ftp.nakedape.cc/nakedape/misc/logcheck/

Turns out I didn't look closely enough at the check_log nagios plugin,
which does exactly what I want to:

"On the first run of the plugin, it will return an OK state with a message 
of "Log check data initialized".  On successive runs, it will return an OK 
state if *no* pattern matches have been found in the *difference* between 
the log file and the older copy of the log file.  If the plugin detects 
any pattern matches in the log diff, it will return a CRITICAL state and 
print out a message is the following format: "(x) last_match", where "x" 
is the total number of pattern matches found in the file and "last_match" 
is the last entry in the log file which matches the pattern."

Sweet.  This is even useful outside of Nagios.

-- 
I'm just a packet pusher.