[Nagios-users] RSyslog monitoring?
I would like to find a way to monitor syslog entries using rsyslog 4.4 rules before they are ever written to a log file. The log parsing plugins I found on MonitoringExchange aren't useful for my purpose. I have three main requirements: - I need to have negative logic: I want to provide a list of patterns NOT to forward to Nagios - all unknown log entries should be sent to nagios. - It needs to be realtime, or nearly so. Ideally, I'd like to use rsyslog rules to classify log messages and forward them to Nagios as passive-check results. - It needs to be reasonably high performance. This syslog receives quite a few log entries per second (most of which would be discarded of course). Has anybody else already done something like this? Kevin Keane Owner The NetTech Find the Uncommon: Expert Solutions for a Network You Never Have to Think About Direct: 760-721-8339 Office: 866-642-7116 kke...@4nettech.com http://www.4nettech.com This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof. -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Plugin fails with epn
I've written a plugin that very closely resembles other contrib based Perl plugins and runs as expected at the cli. It fails with a Service check did not exit properly unless I force it to run w/o the epn. I have read the guidelines, but not really knowing much about Perl, I can't see where its tanking. Is there a way to run it at the cli with the epn in hopes to see more output to glean a clue as to what's going wrong? Or is there a better way to glean more useful info? Thanks, jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Plugin fails with epn
If you look at p1.pl, which is in the Nagios bin directory you can enable ePn logging (EPN_LEAVE_MESSAGES or something similar for debug level) and have epn log each command execution to a log file ... This often will make the source of an epn error more obvious. The other thing to do is add Use warnings; To your script or run it from the command line with perl -w As any output to STDERR will cause ePN to halt execution. That said, 'not execute properly' errors are often permissions or path errors, so when you test from the CLI make sure you run the script as the same user your Nagios damon runs as. Max On 4/11/10, Joseph L. Casale jcas...@activenetwerx.com wrote: I've written a plugin that very closely resembles other contrib based Perl plugins and runs as expected at the cli. It fails with a Service check did not exit properly unless I force it to run w/o the epn. I have read the guidelines, but not really knowing much about Perl, I can't see where its tanking. Is there a way to run it at the cli with the epn in hopes to see more output to glean a clue as to what's going wrong? Or is there a better way to glean more useful info? Thanks, jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Plugin fails with epn
If you look at p1.pl, which is in the Nagios bin directory you can enable ePn logging (EPN_LEAVE_MESSAGES or something similar for debug level) and have epn log each command execution to a log file ... This often will make the source of an epn error more obvious. Ok, looks like there are some factors surrounding when the o0utput even gets dumped? Plugin was touched, now I am waiting... The other thing to do is add Use warnings; Got that in the plugin as per the guidelines. As any output to STDERR will cause ePN to halt execution. Works fine:/ That said, 'not execute properly' errors are often permissions or path errors, so when you test from the CLI make sure you run the script as the same user your Nagios damon runs as. Actually, it is 'exit' not execute, it has perms granting execution for all. We'll see what happens after I come back to it. Thanks for the help! jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Plugin fails with epn
Meant exit not execute :) ... Good luck. On 4/11/10, Joseph L. Casale jcas...@activenetwerx.com wrote: If you look at p1.pl, which is in the Nagios bin directory you can enable ePn logging (EPN_LEAVE_MESSAGES or something similar for debug level) and have epn log each command execution to a log file ... This often will make the source of an epn error more obvious. Ok, looks like there are some factors surrounding when the o0utput even gets dumped? Plugin was touched, now I am waiting... The other thing to do is add Use warnings; Got that in the plugin as per the guidelines. As any output to STDERR will cause ePN to halt execution. Works fine:/ That said, 'not execute properly' errors are often permissions or path errors, so when you test from the CLI make sure you run the script as the same user your Nagios damon runs as. Actually, it is 'exit' not execute, it has perms granting execution for all. We'll see what happens after I come back to it. Thanks for the help! jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Plugin fails with epn
Meant exit not execute :) ... Good luck. I guess the epn isn't reread on a 'reload', needed a 'restart', nuances :) Ok, so it complains: Variable $opt_hostname will not stay shared at (eval 1) line 23,. The plugin dump shows: 23 my ($opt_hostname,$opt_port,$opt_password,$opt_command,$opt_regex,$opt_help,$opt_version,$opt_verbose); Missed #4 at http://nagios.sourceforge.net/docs/3_0/epnplugins.html Not being fluent in Perl, I can't say I fully comprehend what that's about, but it works now:) Thanks! jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Plugin fails with epn
The 'not stayed shared' is the one warning that ePN will not die on at run time so you can safely continue with that warning being emitted. - Max On Sun, Apr 11, 2010 at 4:48 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Meant exit not execute :) ... Good luck. I guess the epn isn't reread on a 'reload', needed a 'restart', nuances :) Ok, so it complains: Variable $opt_hostname will not stay shared at (eval 1) line 23,. The plugin dump shows: 23 my ($opt_hostname,$opt_port,$opt_password,$opt_command,$opt_regex,$opt_help,$opt_version,$opt_verbose); Missed #4 at http://nagios.sourceforge.net/docs/3_0/epnplugins.html Not being fluent in Perl, I can't say I fully comprehend what that's about, but it works now:) Thanks! jlc -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] RSyslog monitoring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/04/10 06:08 AM, Kevin Keane wrote: I would like to find a way to monitor syslog entries using rsyslog 4.4 rules before they are ever written to a log file. The log parsing plugins I found on MonitoringExchange aren?t useful for my purpose. I have three main requirements: - I need to have ?negative logic?: I want to provide a list of patterns NOT to forward to Nagios ? all unknown log entries should be sent to nagios. - It needs to be realtime, or nearly so. Ideally, I?d like to use rsyslog rules to classify log messages and forward them to Nagios as passive-check results. - It needs to be reasonably high performance. This syslog receives quite a few log entries per second (most of which would be discarded of course). Has anybody else already done something like this? I wrote one, although it's really implemented toward Windows Event logs sent to syslog with EvtSys. http://solaris.beaubien.net/~dermoth/pages/nagios/windows-eventlog.php A more generic project would be EventDB, although I never tried it. http://www.nagioswiki.org/wiki/Addon:EventDb - -- Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFLwqeN6dZ+Kt5BchYRAuffAJ9QOZcHcagSciPUZfYobLbCIXUCoQCg+tlH Cwq4nirqagA8dA5PBeVWtDw= =X7bC -END PGP SIGNATURE- -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Monitoring a process with its pid
Hi Narsimha Please find the detailed steps as below: 1. Install the snmpd daemon on the target machine that you want to monitor , use yum to install it. command is : yum install net-snmp 2. Open the file snmpd.conf from the directory /etc/snmp , you need to locate for the lines as below : viewsystemviewincluded .1.3.6.1.2.1.1 viewsystemviewincluded .1.3.6.1.2.1.25 The second line as above is normally like: view systemview included .1.3.6.1.2.1.25.1.1 , you have to edit it to : .1.3.6.1.2.1.25 so that you can query the entire HOST-RESOURCES-MIB. 3. Re-start the snmpd daemon using the command : service snmpd restart and you are good to start monitoring it. Rest of the steps remain the same as mentioned in the mail thread below. Thanks Jatin On 4/10/2010 12:27 PM, Jatin wrote: Hi Narsimha I followed these steps: 1. Installed the snmpd daemon on the target machine that you want to monitor , use yum to install it. command is : yum install net-snmp 2. open the file snmpd.conf file from the directory /etc/snmp , you need to edit this file. locate the line which says view systemview x.x.x.x.x , make sure to add the oid for the first element in the HOST-RESOURCES-MIB , usually if you dont edit this file then you will be only able to get reply for only one mib parameter from the HOST-RESOURCES-MIB. 3. Restart the snmpd daemon on the target machine using the command : service snmpd restart 4. In the HOST-RESOURCES-MIB , there is one parameter which shows the values for the processes running in the system , which is hrSWrun (not sure about the name though) locate using a MIB browser for the paremeters supported in this MIB. I will check out and reply with some more detail when i go to office on monday , try if you can figure out with the above mentioned clues so far. Thanks Jatin Narasimha Tadepalli wrote: Hi Jatin Could you explain briefly how did you solve your problem. Look like you solved with snmp. Please explain how did you tied snmp to nagios etc stuff. I am also in need of solution for exact similar situation. Thanks Nars -Original Message- From: Jatin Davey [mailto:jasho...@cisco.com] Sent: Tuesday, March 09, 2010 1:57 AM To: Matt Simmons Cc: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] Monitoring a process with its pid Thanks Matt, It solved my problem. Thanks Jatin On 3/8/2010 9:01 PM, Matt Simmons wrote: If you have snmp enabled on the hosts, you can pull that information out: ~$ snmpwalk -v 2c -c COMMUNITY myhost.mydomain.com HOST-RESOURCES-MIB::hrSWRunName.3309 HOST-RESOURCES-MIB::hrSWRunName.3309 = STRING: crond On Mon, Mar 8, 2010 at 8:10 AM, Jatin Daveyjasho...@cisco.com wrote: Let me re-phrase it a little , Basically what i want is to give the process id as the input and make sure on that target machine i have the process with the given id running , once it stops there might not be the process running with that id and hence i need to raise an email notification alert. Thanks Jatin On 3/8/2010 5:41 PM, Jatin Davey wrote: Hi All Do we have a plugin that can monitor process id (pid) on a target machine , the target machine could be anything such as windows , linux , solaris etc and alert with an email notification when the process id changes. Appreciate your responses. Thanks Jatin -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Download Intel#174; Parallel Studio Eval Try the new software tools