check log script
Nagios bash check_log
Its often needed to check log files for a keyword.
So I wrote a simple bash script to do that plus integrate with nagios and perfdata so it also generate
The script is based on tail -f and grep on the logfile with nohup command, like:
nohup tail -f $LOG_FILE |grep –line-buffered “$VAR” > “$TMP” &
I recommend calling the check each 5 minutes.
./check_log.sh <warning> <critical> <keyword> <logfile>
/check_log.sh 10 20 “Duração” /usr/local/GlassFishESBv22/glassfish/domains/domain1/logs/calala.log
So you may not have nagios but still want to use the script to monitor local log files and have an e-mail sent to you?
I wrote a variation of that same script that does just that. I use to monitor my syslog for attacks, since my iptables
will log any strange access to my PC then I get an e-mail, the important thing is to have it on crontab each x minutes.
There few other script that may acomplish the same results check it out here
Here is most recent code for this:
#!/bin/bash #Check how many times the keyword shows in the logfile #Made to run by Nagios, each 5 minutes, or it can be called every X min from cron # Version 3.0 # By Felipe Ferreira 10/2011 #maybe bug, if anothe tail is running in process LOG_FILE="" STATE_OK=0 STATE_WARNING=1 STATE_CRITICAL=2 STATE_UNKOWN=3 VAR="SAP" WARN=5 CRIT=20 if [ $# == 4 ]; then WARN=$1 CRIT=$2 VAR=$3 LOG_FILE=$4 else echo "Usage $0
" exit $STATE_UNKOWN fi #Check if log file exists if [ ! -e "$LOG_FILE" ]; then # print error message and exit echo "File $LOG_FILE not found" exit $STATE_UNKOWN fi #REMOVE SPACES of keyword VARP=`echo $VAR | sed "s/[ t][ t]*//g"` #Create Lock and Temp file_manager TMP="/tmp/log-$VARP.tmp" PIDT=`ps -ef |grep tail |grep -v grep` #DEBUG MODE (uncomment bellow) #set -x #Check if the tail is running if [ ! "$PIDT" == "" ]; then cnterros=`strings $TMP |grep "$VAR" | wc -l` #Zero out the file but tail keeps runs `> $TMP` else printf "UNKOWN - Tail do nao encontrado.Executando commando" #EXECUTA O TAIL E GREP E OUTPUT A ARQUIVO TMP `nohup tail -f $LOG_FILE |grep --line-buffered "$VAR" > "$TMP" &` exit $STATE_UNKOWN fi if [ "$cnterros" -ge "$CRIT" ] ; then printf "CRTICAL - Existem $cnterros erros em $LOG_FILE nos ultimos 5min|$VAR=$cnterros,$WARN,$CRIT" exit $STATE_CRITICAL elif [ "$cnterros" -ge "$WARN" ] ; then printf "WARNING - Existem $cnterros erros em $LOG_FILE nos ultimos 5min|$VAR=$cnterros,$WARN,$CRIT" exit $STATE_WARNING elif [ "$cnterros" -le "$WARN" ]; then printf "OK - Existem $cnterros erros em $LOG_FILE nos ultimos 5min|$VAR=$cnterros,$WARN,$CRIT" exit $STATE_OK fi