Yet another log monitoring script..
The date field is very specific for each system and I keep having to refix each time.
I like this one about the way it works, it first find the date/time where we want to check from grep -n and then counts how many lines the log has then it only checks via tail command of the part.
This works fine for small and medium size files. Large files over 2gb will start
having poor performance in that case is better stick the version of last hour.
This version allow a new parameter field “minutes ago” so you can check every 5min.
Again it should be used with nagios, every 5 min to check for example erors 503 404 500 etc..
Here is the code:
#!/bin/bash
# Script to check how many erros in the last 10.000 acess
# Felipe Ferreira Jan 2013
# updated Dez 2013 - LAST 10 min
# v2.0 last x minutes
file=$1
etype=$2
warn=$3
crit=$4
if [ -z $5 ]; then
minu=60
else
minu=$5
fi
res1=$(date +%s.%N)
dia=`date +%b -d "${minu} minute ago"`
mes=`date +%_d -d "${minu} minute ago"`
hora=`date +%H:%M -d "${minu} minute ago"`
data=`echo -e "${dia} ${mes} ${hora}"`
#echo "$data"
if [ "$4" == "" ]
then
echo -e "\n Syntax: $0 \nex.: $0 /var/log/httpd/oglobo_access_log 404 500 900 60 \n O script retoran a qunatidade de erros ultimos minutos \n"
exit 3
fi
#pos="grep -nw '${data}' ${file} | tail -n1 | cut -d ':' -f1"
#|awk '{print $(NF-9 " " NF-8) }' |grep -o '[0-9][0-9][0-9]' |sort -n |grep -c '5[0-9][0-9]
POS=`grep -nw "$data" $file | tail -n1 | cut -d ':' -f1`
#echo "CMD: $pos"
#POS=`eval $pos`
#echo "POS $POS"
TOT=`wc -l ${file}|cut -d" " -f1`
#total - pos
TPOS=`expr ${TOT} - ${POS}`
#echo -e "Total $TOT \nPOS $POS\nTail $TPOS"
terror=`tail -n ${TPOS} $file |grep -c " ${etype} "`
res2=$(date +%s.%N)
runtime=`printf "%.3F\n" $(echo "$res2 - $res1"|bc )`
#echo "Runtime $runtime"
MSG="Encontrado $terror erros nos ultimos ${minu} minutos no log do $file |erros=$terror"
if [ $terror -ge $crit ]; then
echo "CRITICAL - $MSG"
exit 2
elif [ $terror -ge $warn ]; then
echo "WARNING - $MSG"
exit 1
else
echo "OK - $MSG"
exit 0
fi
end