I am just starting with nagios and so far I have learned quite a bit and have successfully setup multiple nagios checks on several servers and all of them are working as expected.
I've been trying to setup the check_logfiles plugin to check for a pattern like this: where someone attempted to login to one of my applications several times within milliseconds. is there a way that I can configure the nagios check_logfiles plugin to parse multiple login attempts as shown below within seconds and send me an alert? of would it be better to write a custom script to do that? Thanks for your help. 77.221.134.186 - - [05/Apr/2012:08:06:23 -0600] "GET /sms/login/emailpwd?uname=bossman2040&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET /sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET /sms/login/emailpwd?uname=suzzie&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:26 -0600] "GET /sms/login/emailpwd?uname=BlackBox&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:27 -0600] "GET /sms/login/emailpwd?uname=Bigboss83&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET /sms/login/emailpwd?uname=copcarsonline&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET /sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 - - [05/Apr/2012:08:06:29 -0600] "GET /sms/login/emailpwd?uname=juanyromo&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" 176.9.53.41 On Thu, Apr 5, 2012 at 1:24 PM, Edgarosy <edgar...@gmail.com> wrote: > Thank you Claudio. > > CONFIDENTIALITY NOTICE: This message and any attachment(s) are solely for > the use of the intended recipient(s) identified above and may contain > information that is proprietary, privileged, or confidential. If you are > not an intended recipient, you may not review, retransmit, or otherwise use > this message or any attachment. If you have received this message in error, > please immediately notify the sender by reply e-mail and delete this > message. > > > > On Apr 5, 2012, at 1:18 PM, Claudio Kuenzler <c...@claudiokuenzler.com> > wrote: > > This one is probably the best one: > http://labs.consol.de/lang/en/nagios/check_logfiles/ > > On Thu, Apr 5, 2012 at 6:56 PM, Parkman, Mikhail < > mikhail_park...@cable.comcast.com> wrote: > >> I need to perform the following tasks:**** >> >> ** ** >> >> · Demonstrated that Nagios alert is fired when certain messages are >> logged in the application log file on the target (remote) host**** >> >> · Nagios "info message" is fired when error condition is cleared.**** >> >> ** ** >> >> I found out “logwarn” plugin but I didn’t find detailed configuration >> instructions for this plugin.**** >> >> ** ** >> >> >> http://exchange.nagios.org/directory/Plugins/Log-Files/check_logwarn/details >> **** >> >> ** ** >> >> And another one – “check_logfiles” – this one is described better in my >> opinion but referring to something called OPSVIEW that I don’t have any >> idea about.**** >> >> ** ** >> >> http://www.osupport.net/2011/log-files-monitoring-with-nagios-opsview/*** >> * >> >> ** ** >> >> ** ** >> >> Did somebody have experience with well documented “check log” plugin, and >> could recommend one so that the functionality of the recommended plugin >> matches bulleted tasks in the beginning of this email that I have to >> accomplish?**** >> >> ** ** >> >> Thanks.**** >> >> Mikhail.**** >> >> ** ** >> >> >> ------------------------------------------------------------------------------ >> Better than sec? Nothing is better than sec when it comes to >> monitoring Big Data applications. Try Boundary one-second >> resolution app monitoring today. Free. >> http://p.sf.net/sfu/Boundary-dev2dev >> _______________________________________________ >> Nagios-users mailing list >> Nagios-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/nagios-users >> ::: Please include Nagios version, plugin version (-v) and OS when >> reporting any issue. >> ::: Messages without supporting info will risk being sent to /dev/null >> > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > -- Edgar Lanz "If nobody is perfect I must be nobody"
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null