[PLUG] time based grep
Kris
krisa at subtend.net
Thu Oct 13 08:29:50 UTC 2005
On Wed, Oct 12, 2005 at 06:29:54PM -0700, Wil Cooley wrote:
> On Wed, 2005-10-12 at 10:51 -0700, Kris wrote:
> > My goal is to write a nagios plugin which grep's the last
> > 30 minutes of /var/log/dhcp.log for "no free leases".
> >
> > Currently I'm seeing no easy way to do this without much script-fu. Anyone
> > have a trick for this? My other option is to set log rotation to 30
> > minutes and have a lot of logfiles.
>
> While not exactly what you're looking for, there are a few utilities
> which will maintain a record of where they last looked at a log file and
> return only the entries since. I'm thinking specifically of 'logtail'
> from Psionic's 'logcheck' project; 'epylog' also has a similar
> capability. Might be hard to find since Cisco subsumed Psionic, taking
> logcheck and portsentry down with it; the source is on my FTP server:
> http://ftp.nakedape.cc/nakedape/misc/logcheck/
Turns out I didn't look closely enough at the check_log nagios plugin,
which does exactly what I want to:
"On the first run of the plugin, it will return an OK state with a message
of "Log check data initialized". On successive runs, it will return an OK
state if *no* pattern matches have been found in the *difference* between
the log file and the older copy of the log file. If the plugin detects
any pattern matches in the log diff, it will return a CRITICAL state and
print out a message is the following format: "(x) last_match", where "x"
is the total number of pattern matches found in the file and "last_match"
is the last entry in the log file which matches the pattern."
Sweet. This is even useful outside of Nagios.
--
I'm just a packet pusher.
More information about the PLUG
mailing list