[opsview-users] NSClient CheckEventLog Equivalent for Linux?

Tue, 25 Aug 2009 08:03:09 -0700 

I would like to parse and monitor /var/log/messages on my Linux boxes in
a similar fashion to NSClient's CheckEventLog for Windows. The beauty of
CheckEventLog is the extensive filtering it provides and the ability to
filter logs based on message time. I have it configured to only alert if
a message meets certain criteria, one of them being that the message
must not be older then 1 hour. I have searched and have not been able to
find an equivalent for Linux/Unix systems. So, first question, is there
an equivalent to NSClient's CheckEventLog for Linux?
 
As an alternative I have been messing with fetchlog and check_log and
but there are a few issues with them. I am running them via the exec
command in SNMP on the system being checked and the problems arise when
I try to regex pattern match an or statement with a space in it. 
 
With fetchlog I have no problems when it is a simple string like
error|warning|failure but something like sense key|sda gives me trouble.
I want to match sense key exactly so I try (sense key)|sda and then the
service check returns an:
 
ERROR: fetchlog: regex: Unmatched ( or \\("*
 
I tried escaping some of the special regex characters but can't quite
figure it out. Any ideas?
 
The second issue with using fetchlog or check_log is that they will show
a service warning in Opsview until the offending log message is rotated
out. Again I point to the powerful filtering capabilities of NSClient's
CheckEventLog where I have it configured to only scan the last hours
worth of messages. It seems that I will have to rotate the logs every
time I get a match otherwise I will have service check warnings
indefinitely appearing in Opsview and would not be notified of any new
warnings. 
 
 
---------------------------- 
Gordon Terrell 
Systems Administrator 
Health Communications, Inc. 
1101 Wilson Blvd, Suite 1700 
Arlington, VA 22209 
(P): 703-524-1200 x326 
(P): 800-438-8477 
(F): 703-524-1487 
 

_______________________________________________
Opsview-users mailing list
[email protected]
http://lists.opsview.org/lists/listinfo/opsview-users

Reply via email to