Como obter saída do Nagios em um arquivo

Primeiro, deixe-me dizer-lhe que lamento muito por não ter respondido à sua pergunta, pois estava um pouco ocupado nos últimos dias.

Aqui vou fornecer-lhe duas respostas à sua pergunta.

Primeira resposta: (plano e não inovador) :

!/bin/sh
#
# Log file pattern detector plugin for Nagios
#
# Usage: ./check_log <log_file> <old_log_file> <pattern>
#
# Description:
#
# This plugin will scan a log file (specified by the <log_file> option)
# for a specific pattern (specified by the <pattern> option).  Successive
# calls to the plugin script will only report *new* pattern matches in the
# log file, since an copy of the log file from the previous run is saved
# to <old_log_file>.
#
# Output:
#
# On the first run of the plugin, it will return an OK state with a message
# of "Log check data initialized".  On successive runs, it will return an OK
# state if *no* pattern matches have been found in the *difference* between the
# log file and the older copy of the log file.  If the plugin detects any 
# pattern matches in the log diff, it will return a CRITICAL state and print
# out a message is the following format: "(x) last_match", where "x" is the
# total number of pattern matches found in the file and "last_match" is the
# last entry in the log file which matches the pattern.
#
# Notes:
#
# If you use this plugin make sure to keep the following in mind:
#
#    1.  The "max_attempts" value for the service should be 1, as this
#        will prevent Nagios from retrying the service check (the
#        next time the check is run it will not produce the same results).
#
#    2.  The "notify_recovery" value for the service should be 0, so that
#        Nagios does not notify you of "recoveries" for the check.  Since
#        pattern matches in the log file will only be reported once and not
#        the next time, there will always be "recoveries" for the service, even
#        though recoveries really don't apply to this type of check.
#
#    3.  You *must* supply a different <old_file_log> for each service that
#        you define to use this plugin script - even if the different services
#        check the same <log_file> for pattern matches.  This is necessary
#        because of the way the script operates.
#
# Examples:
#
# Check for login failures in the syslog...
#
#   check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
#
# Check for port scan alerts generated by Psionic's PortSentry software...
#
#   check_log /var/log/message ./check_log.portscan.old "attackalert"
#

# Paths to commands used in this script.  These
# may have to be modified to match your system setup.
# TV: removed PATH restriction. Need to think more about what this means overall
#PATH=""

ECHO="/bin/echo"
GREP="/bin/egrep"
DIFF="/bin/diff"
TAIL="/bin/tail"
CAT="/bin/cat"
RM="/bin/rm"
CHMOD="/bin/chmod"
TOUCH="/bin/touch"

PROGNAME='/bin/basename $0'
PROGPATH='echo $0 | sed -e 's,[\/][^\/][^\/]*$,,''
REVISION="@NP_VERSION@"

. $PROGPATH/utils.sh

print_usage() {
echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
echo "Usage: $PROGNAME --help"
echo "Usage: $PROGNAME --version"
}

print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
echo "Log file pattern detector plugin for Nagios"
echo ""
support
}

# Make sure the correct number of command line
# arguments have been supplied

if [ $# -lt 1 ]; then
print_usage
exit $STATE_UNKNOWN
fi

# Grab the command line arguments

#logfile=$1
#oldlog=$2
#query=$3
exitstatus=$STATE_WARNING #default
while test -n "$1"; do
case "$1" in
    --help)
        print_help
        exit $STATE_OK
        ;;
    -h)
        print_help
        exit $STATE_OK
        ;;
    --version)
        print_revision $PROGNAME $REVISION
        exit $STATE_OK
        ;;
    -V)
        print_revision $PROGNAME $REVISION
        exit $STATE_OK
        ;;
    --filename)
        logfile=$2
        shift
        ;;
    -F)
        logfile=$2
        shift
        ;;
    --oldlog)
        oldlog=$2
        shift
        ;;
    -O)
        oldlog=$2
        shift
        ;;
    --query)
        query=$2
        shift
        ;;
    -q)
        query=$2
        shift
        ;;
    -x)
        exitstatus=$2
        shift
        ;;
    --exitstatus)
        exitstatus=$2
        shift
        ;;
    *)
        echo "Unknown argument: $1"
        print_usage
        exit $STATE_UNKNOWN
        ;;
esac
shift
done

# If the source log file doesn't exist, exit

if [ ! -e $logfile ]; then
$ECHO "Log check error: Log file $logfile does not exist!\n"
exit $STATE_UNKNOWN
elif [ ! -r $logfile ] ; then
$ECHO "Log check error: Log file $logfile is not readable!\n"
exit $STATE_UNKNOWN
fi

# If the old log file doesn't exist, this must be the first time
# we're running this test, so copy the original log file over to
# the old diff file and exit

if [ ! -e $oldlog ]; then
$CAT $logfile > $oldlog
$ECHO "Log check data initialized...\n"
exit $STATE_OK
fi

# The old log file exists, so compare it to the original log now

# The temporary file that the script should use while
# processing the log file.
if [ -x /bin/mktemp ]; then
tempdiff='/bin/mktemp /tmp/check_log.XXXXXXXXXX'
else
tempdiff='/bin/date '+%H%M%S''
tempdiff="/tmp/check_log.${tempdiff}"
$TOUCH $tempdiff
$CHMOD 600 $tempdiff
fi

$DIFF $logfile $oldlog | $GREP -v "^>" > $tempdiff

# Count the number of matching log entries we have
count='$GREP -c "$query" $tempdiff'

# Get the last matching entry in the diff file
lastentry='$GREP "$query" $tempdiff | $TAIL -1'

$RM -f $tempdiff
$CAT $logfile > $oldlog

if [ "$count" = "0" ]; then # no matches, exit with no error
$ECHO "Log check ok - 0 pattern matches found\n"
exitstatus=$STATE_OK
else # Print total matche count and the last entry we found
$ECHO "($count) $lastentry"
exitstatus=$STATE_CRITICAL
fi

exit $exitstatus

Mas esteja avisado , eu não executei este, então se ele mostrar alguns erros, você terá que modificá-los por conta própria.

você tem que adicionar esta linha em commands.cfg

define command{
      command_name    check_log
      command_line    $USER1$/check_log -F $CURRENTLOG -O $OLDLOG -q $PATTERN

}

Defina o serviço em localhost.cfg

define service{

    use  local-service           ; Inherit default values from a template
    host_name      localhost
    service_description   check_log
    check_command check_log!/var/log/secure!/usr/local/nagios/libexec/secure.my!"Failed password"
 }

Segunda resposta: (um pouco inovadora):

Tanto quanto eu sei, o arquivo de log para nagios é mantido no seguinte lugar: /var/log/httpd/access_log

Agora, seu arquivo de log, como todo log, conterá informações sobre o carimbo de data / hora. Portanto, precisamos registrar a hora do sistema quando o servidor é iniciado. Da minha experiência, posso dizer que quando iniciamos o WAS, ele gera um processo java.exe. Eu não sei o que é chamado no Nagios. Vamos considerar que é o LNT.exe. Portanto, precisamos encontrar o tempo de desova para o LNT.exe.

Inicie o servidor agora, os logs serão gerados. Agora você precisa ler os logs no arquivo de log somente depois desse tempo para ver apenas os registros atuais.

Primeiro, obtenha o id do processo: ( ps -ef LNT.exe ) e armazene-o em uma variável como processID . Em seguida, faça isso: ls -ld /proc/${processID} e armazene o tempo na variável startedTime

Agora você tem que ler o arquivo linha por linha e você tem que comparar o tempo que você começa com o startedTime . Se startedTime > timeRead , então você tem que tomar esse ponto como referência e então você tem que começar a ler o arquivo daquele local.