NAME

check_logs - system log files client checks module


DESCRIPTION

The client check module checks system log files for one or more user specified patterns. check_logs continually scans to the end of the log file. Log file changes caused by log file rotations or initialization are handled automatically.

For each line in a log file that matches a pattern an event is generated. Each event has a duration,a color and a text field describing the match. When check_logs finishes checks all of the log files, it then reports all of the events that were generated back to the spong-server. The events will reported back to the server every cycle until their duration has expired. At which point they are removed from the list of event.
 

OUTPUT RETURNED

SUMMARY MESSAGE FIELD
If there are no events, it return "All logs ok". Otherwise is will return a list of the logs that have generated events.

DETAILED MESSAGE FIELD
If there are pending event, the text field from of all the events are returned.
 

CONFIGURATION

$LOGCHECKS
A list of hashes which defined checks to apply to log files. Each hash contains the fields logfile which is the full path to the log file to check and checks whch  is a list of check to apply to the log file. Each check is a hash that contains the fields: pattern - a Perl regular expression to be scanned for, status - the status color to reported lines matching pattern, duration - the duration that each event is to be reported to the server, text - the text to reported back in the detailed message field of the status report (which can include match position variables from pattern) and id - an optional key field to associated with each event generated

$LOGCHECKS = [ {
                  logfile => 'full/path/to/logfile',
                  checks  => [ {check-stanza}, {check-stanza} ],
               },
               {
                  logfile => 'full/path/to/logfile2',
                  checks  => [ {check-stanza}, {check-stanza} ],
               },
];

a check-stanza is:

{
   pattern  => 'perl reg exp',
   status   => 'status-color',
   duration => xx,
   text     => 'Error desc',
   id       => 'optional-event-key',
}

where:

pattern - A perl regular expression top be scanned for. You can include '( )' enclosed sections in your expression that will can access by $1, $2, etc variables in the text field.
status - A status color 'green', 'yellow', or 'red'.
duration - The duration of a generated event in minutes.
text - the text that will appear in the status message. Perl positional variables (i.e. $1, $2, etc.) can be used in the text field which will be the matched text of the sections from the regular expression defined in pattern.
id - An option event key that will be assigned to an event rather than the default, the text field. you can use this field to collapse multiple events into one event.
 

Example

$LOGCHECKS = [ { 'logfile' => '/var/log/messages',
                 'checks'  => [ { pattern=>'(.*WARNING:.*)',
                                  status=> 'yellow',
                                  duration=>10,
                                  text=>'$1',
                                },
                                { pattern=>'(.*NOTICE:.*)',
                                  status=> 'red',
                                  duration=>'10',
                                  text=>'$1',
                                },
                                { pattern=>'(SCSI)|(scsi)',
                                  status =>'red',
                                  duration=>30,
                                  text    => 'scsi error',
                                 },
                                 { pattern=>'su: FAILED SU .to ([^\s]+). ([^\s]+)',
                                   status =>'yellow',
                                   duration=>30,
                                   text => 'su $ failed for $2',
                                 },
                              ],
                }
];
 

FILES

/usr/local/etc/spong/spong.conf

Configuration file. This contains variables that detail spong and OS specific definitions used by spong-client. This file also contain variables describing threshold levels. See spong.conf for additional documentation.
AUTHOR

Stephen L Johnson (stephen.johnson@mail.state.ar.us) or (sjohnson@monsters.org), Unix System Administator, DIS - State of Arkansas