Usage of check_log and sudo



I want to monitor my log files with the plugin check_log. On the internet
I could not find any description how this scipt should be used. From --help I
assume that you must provide tree arguments to check_log: the new log
file, an old file used as comparison and a string that the output of diff is
searched for.

Do get read access to the log files in /var/log as user nagios, I want to use
sudo. My question is now how to get the old log file and where to copy
it to? Can this be done automatically by Nagios or do I have to take care
of copying the logfile at fixed intervals of time?

Thank you for your help.



I suppose it depends on what check plugin you are using. I like the one that will read the live log file you want to check and search for “string”. If it finds “string” then it will alert you. The check doesn’t copy the log file or anything, it just does a read. It then creates a bookmark that it saves to wherever you tell it, I use /usr/local/nagios/var/. The next time it goes to read the logfile, it starts where it left off, by looking at it’s bookmark file, that way, it is very efficient. So try them all, find the one that makes a bookmark.