I use Nagios as a monitoring tool, and i want to monitor a logfile. For that i use check_logfiles.
The logfile is on a Windows Machine, and i use NSClient++ / check_nrpe as an interface between windows and Nagios. Problem is that the logfile is big (with stacktrace). When a error occurs i get half a line in Nagios.
My goal is that when an error occurs i get an email with the error in it (and stacktrace etc), but only from the error occured.
My thoughts on this is to use check_logfiles scripting ability to search the logfile using the output of the check_logfile (half line) and do a grep til the end of the file, and mail it.
I find it a little complex, are there better ways to mail the entry of the logfile when something happens?
I understand you perfectly.
The problem with monitoring logfiles is that if check_logfile gets two matches on a pattern it will only notify me with the last matched line and a counter that says there are 2 matches in the logfile. That means that I have to log in to the server each time to check manually the logfile. We have 300 unixboxes and that will cause a lot of extra work.
If I active the commandline option to check_logfile “–report long” I will get more info in webinterface but still only a one-liner in my notify-mail. But the alarms will automaticaly be cleared after some time and that is not good enough either.
You can also in the check_logfile use the script option (as you mentioned) and in the script use $CHECK_LOGFILE_PROTOCOLFILE to get the diff-file with the matches in it and mail the matched lines from there, but then you cannot use the contacts in Nagios which means that you have to create you own contactgroups besides Nagios.
It seems that the notify-module not recieves more than one line from the alarm (SERVICEOUTPUT) which is the last line if there are multiple lines in a match.
Is there someone who knows a proper way to get around this?
I do need it.
I found a solution for it.
There is a lot of macros to use nagios.sourceforge.net/docs/3_0/macrolist.html
In commands.cfg you can specify what will be sent in the notification-mail.
I just changed $SERVICEOUTPUT$ to $LONGSERVICEOUTPUT$
Hi, my problem was that i needed to tell nagios and check_logfiles what stacktrace is in the logfile. I found another solutions now (let het log4j/log4net also mail directly and write it in a logfile)