I am using Ubuntu server 10.x version, Nagios 3.0.6 version. and check_logfiles plugin 3.4.7.1 version.
Thanks for your help. On Mon, Apr 16, 2012 at 8:45 AM, Miguel Lanz <edgar...@gmail.com> wrote: > I am just starting with nagios and so far I have learned quite a bit and > have successfully setup multiple nagios checks on several servers and all > of them are working as expected. > > I've been trying to setup the check_logfiles plugin to check for a pattern > like this: where someone attempted to login to one of my applications > several times within milliseconds. is there a way that I can configure the > nagios check_logfiles plugin to parse multiple login attempts as shown > below within seconds and send me an alert? of would it be better to write a > custom script to do that? > > Thanks for your help. > > > 77.221.134.186 - - [05/Apr/2012:08:06:23 -0600] "GET > /sms/login/emailpwd?uname=bossman2040&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET > /sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:25 -0600] "GET > /sms/login/emailpwd?uname=suzzie&email= HTTP/1.1" 200 5608 "-" "Mozilla/4.0 > (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:26 -0600] "GET > /sms/login/emailpwd?uname=BlackBox&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:27 -0600] "GET > /sms/login/emailpwd?uname=Bigboss83&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET > /sms/login/emailpwd?uname=copcarsonline&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:28 -0600] "GET > /sms/login/emailpwd?uname=u002422&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 - - [05/Apr/2012:08:06:29 -0600] "GET > /sms/login/emailpwd?uname=juanyromo&email= HTTP/1.1" 200 5608 "-" > "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" "-" > 176.9.53.41 > > > On Thu, Apr 5, 2012 at 1:24 PM, Edgarosy <edgar...@gmail.com> wrote: > >> Thank you Claudio. >> >> CONFIDENTIALITY NOTICE: This message and any attachment(s) are solely for >> the use of the intended recipient(s) identified above and may contain >> information that is proprietary, privileged, or confidential. If you are >> not an intended recipient, you may not review, retransmit, or otherwise use >> this message or any attachment. If you have received this message in error, >> please immediately notify the sender by reply e-mail and delete this >> message. >> >> >> >> On Apr 5, 2012, at 1:18 PM, Claudio Kuenzler <c...@claudiokuenzler.com> >> wrote: >> >> This one is probably the best one: >> http://labs.consol.de/lang/en/nagios/check_logfiles/ >> >> On Thu, Apr 5, 2012 at 6:56 PM, Parkman, Mikhail < >> mikhail_park...@cable.comcast.com> wrote: >> >>> I need to perform the following tasks:**** >>> >>> ** ** >>> >>> · Demonstrated that Nagios alert is fired when certain messages are >>> logged in the application log file on the target (remote) host**** >>> >>> · Nagios "info message" is fired when error condition is cleared.**** >>> >>> ** ** >>> >>> I found out “logwarn” plugin but I didn’t find detailed configuration >>> instructions for this plugin.**** >>> >>> ** ** >>> >>> >>> http://exchange.nagios.org/directory/Plugins/Log-Files/check_logwarn/details >>> **** >>> >>> ** ** >>> >>> And another one – “check_logfiles” – this one is described better in my >>> opinion but referring to something called OPSVIEW that I don’t have any >>> idea about.**** >>> >>> ** ** >>> >>> http://www.osupport.net/2011/log-files-monitoring-with-nagios-opsview/** >>> ** >>> >>> ** ** >>> >>> ** ** >>> >>> Did somebody have experience with well documented “check log” plugin, >>> and could recommend one so that the functionality of the recommended plugin >>> matches bulleted tasks in the beginning of this email that I have to >>> accomplish?**** >>> >>> ** ** >>> >>> Thanks.**** >>> >>> Mikhail.**** >>> >>> ** ** >>> >>> >>> ------------------------------------------------------------------------------ >>> Better than sec? Nothing is better than sec when it comes to >>> monitoring Big Data applications. Try Boundary one-second >>> resolution app monitoring today. Free. >>> http://p.sf.net/sfu/Boundary-dev2dev >>> _______________________________________________ >>> Nagios-users mailing list >>> Nagios-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/nagios-users >>> ::: Please include Nagios version, plugin version (-v) and OS when >>> reporting any issue. >>> ::: Messages without supporting info will risk being sent to /dev/null >>> >> >> >> ------------------------------------------------------------------------------ >> Better than sec? Nothing is better than sec when it comes to >> monitoring Big Data applications. Try Boundary one-second >> resolution app monitoring today. Free. >> http://p.sf.net/sfu/Boundary-dev2dev >> >> _______________________________________________ >> Nagios-users mailing list >> Nagios-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/nagios-users >> ::: Please include Nagios version, plugin version (-v) and OS when >> reporting any issue. >> ::: Messages without supporting info will risk being sent to /dev/null >> >> > > > -- > Edgar Lanz > > "If nobody is perfect I must be nobody" > -- Edgar Lanz "If nobody is perfect I must be nobody"
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
