NAME
check_logs - system log files client checks module
DESCRIPTION
The client check module checks system log files for one or more user specified
patterns. check_logs continually scans to the end of the log file.
Log file changes caused by log file rotations or initialization are handled
automatically.
For each line in a log file that matches a pattern an event is generated.
Each event has a duration,a color and a text field describing the match.
When check_logs finishes checks all of the log files, it then reports all
of the events that were generated back to the spong-server. The events
will reported back to the server every cycle until their duration has expired.
At which point they are removed from the list of event.
OUTPUT RETURNED
SUMMARY MESSAGE FIELD
If there are no events, it return "All logs ok". Otherwise is will
return a list of the logs that have generated events.
DETAILED MESSAGE FIELD
If there are pending event, the text field from of all the events are
returned.
CONFIGURATION
$LOGCHECKS
A list of hashes which defined checks to apply to log files. Each hash
contains the fields logfile which is the full path to the log file
to check and checks whch is a list of check to apply to the
log file. Each check is a hash that contains the fields: pattern
- a Perl regular expression to be scanned for, status - the status
color to reported lines matching pattern, duration - the duration that
each event is to be reported to the server, text - the text to reported
back in the detailed message field of the status report (which can include
match position variables from pattern) and id - an optional
key field to associated with each event generated
$LOGCHECKS = [ {
logfile => 'full/path/to/logfile',
checks => [ {check-stanza}, {check-stanza} ],
},
{
logfile => 'full/path/to/logfile2',
checks => [ {check-stanza}, {check-stanza} ],
},
];
a check-stanza is:
{
pattern => 'perl reg exp',
status => 'status-color',
duration => xx,
text => 'Error desc',
id => 'optional-event-key',
}
where:
pattern - A perl regular expression top be scanned for. You can
include '( )' enclosed sections in your expression that will can access
by $1, $2, etc variables in the text field.
status - A status color 'green', 'yellow', or 'red'.
duration - The duration of a generated event in minutes.
text - the text that will appear in the status message. Perl
positional variables (i.e. $1, $2, etc.) can be used in the text field
which will be the matched text of the sections from the regular expression
defined in pattern.
id - An option event key that will be assigned to an event rather
than the default, the text field. you can use this field to collapse
multiple events into one event.
Example
$LOGCHECKS = [ { 'logfile' => '/var/log/messages',
'checks' => [ { pattern=>'(.*WARNING:.*)',
status=> 'yellow',
duration=>10,
text=>'$1',
},
{ pattern=>'(.*NOTICE:.*)',
status=> 'red',
duration=>'10',
text=>'$1',
},
{ pattern=>'(SCSI)|(scsi)',
status =>'red',
duration=>30,
text => 'scsi error',
},
{ pattern=>'su: FAILED SU .to ([^\s]+). ([^\s]+)',
status =>'yellow',
duration=>30,
text => 'su $ failed for $2',
},
],
}
];
FILES
-
/usr/local/etc/spong/spong.conf
Configuration file. This contains variables that detail spong and OS
specific definitions used by spong-client. This file also contain variables
describing threshold levels. See spong.conf for additional documentation.
AUTHOR
Stephen L Johnson (stephen.johnson@mail.state.ar.us)
or (sjohnson@monsters.org),
Unix System Administator, DIS - State of Arkansas