Nagios log file monitoring: Using Nagios to monitor log files can be as difficult as using any other monitoring application. However, with Nagios, once you have a log monitoring script or tool that can monitor specific log files the way you want, you can rely on Nagios to process the rest of the files. This type of versatility makes Nagios one of the most popular and user-friendly surveillance applications. It can be used to effectively monitor anything. Personally, I like it. It is not equal!
My name is Jacob Bowman and I am a Nagios monitoring expert. Considering the number of requests for monitoring log files I received at work, I have realized that monitoring log files is very important. IT departments urgently need to monitor their UNIX log files to ensure that application or system problems can be discovered in a timely manner. Once you know the problem, you can completely avoid unplanned downtime.
However, the common question that many people often ask is, what monitoring applications are available to effectively monitor log files? The simple answer to this question is “None”! Log monitoring applications that do exist require too much configuration, which actually makes them unworthy of consideration.
Log monitoring should allow the use of pluggable parameters on the command line (rather than in a separate configuration file), and should be easy to understand and use for ordinary UNIX users. This is not the case with most log monitoring tools. They are usually complex and require time to become familiar with (by reading countless installation setup pages). I think this is unnecessary trouble that can be avoided.
Once again, I firmly believe that in order to improve efficiency, you must be able to run the program directly from the command line without having to edit the configuration file elsewhere.
Therefore, in most cases, the best solution is to write a log monitoring tool for your specific needs, or download a log monitoring program that has been written for your type of UNIX environment.
With the log monitoring tool, you can provide it to Nagios to run at any time, and Nagios will arrange for it to start regularly. If you run it at the set time interval, Nagios will find the problem / pattern / string you told it to pay attention to, it will issue an alert and send the notification to anyone you wish to send them.
But then you want to know, what type of log monitoring tool should you write or download for your environment?
The log monitoring program you should obtain for monitoring production log files must be as simple as the following, but it must still be powerful and versatile:
Example: achievementbot / var / log / messages 60’error”panic’5 10 -foundn
Output: 2 — 1380 — 352 — ATWF — (Mar / 1)-(16:15) — (Mar / 1)-(17:15:00)
The “-foundn” option searches for the strings “error” and “panic” in / var / log / messages. Once it is found, it will abort with 0 (for OK), 1 (for WARNING) or 2 (for CRITICAL). Each time you run the command, it will provide a single-line statistical report similar to the above output. These fields are delimited by “-“.
The first field is 2 = indicates that this is critical.
The second field is 1380 = the number of seconds since the last string you specified appears in the log.
The third field is 352 = 352 strings “error” and “panic” were found in the log in the last 60 minutes.
The fourth field is ATWF = Don’t worry for now. irrelevant.
The average value of the 5th and 6th fields = search the log file from (Mar / 1)-(16:15) to (Mar / 1)-(17:15:00). From the data collected in this time frame, 352 “error” and “panic” incidents were found.
If you actually want to view all 352 events, you can run the following command and pass the “-show” option to the Achievementbot tool. This will output to the screen all matching lines that contain the string you specified and have been written to the log in the last 60 minutes.
Example: achievementbot / var / log / messages 60’error”panic’5 10 -show
The “-show” command will output all lines it finds in the log file to the screen, which contains the “error” and “urgent” strings you specified within the past 60 minutes. Of course, you can always change the parameters to meet your specific needs.
Using this Nagios Log Monitoring tool (achievementbot), you can perform magic that is not accessible to the famous monitoring application.
Once you have written or downloaded the above log monitoring script or tool, you can let Nagios or CRON run it regularly, which will enable you to keep a bird’s eye view of all recorded activities of important servers.
Do you need to use Nagios to run it regularly? Absolutely not. You can use whatever you want.