nagios插件check_log检查日记关键字

xuyaxiu

　　插件check_log相关代码如下：
　　-----------------------------------------------------------------------------------------
　　#! /bin/sh
　　#
　　# Log file pattern detector plugin for Nagios
　　# Written by Ethan Galstad (nagios@nagios.org)
　　# Last Modified: 07-31-1999
　　#
　　# Usage: ./check_log   
　　#
　　# Description:
　　#
　　# This plugin will scan a log file (specified by the  option)
　　# for a specific pattern (specified by the  option).  Successive
　　# calls to the plugin script will only report *new* pattern matches in the
　　# log file, since an copy of the log file from the previous run is saved
　　# to .
　　#
　　# Output:
　　#
　　# On the first run of the plugin, it will return an OK state with a message
　　# of "Log check data initialized".  On successive runs, it will return an OK
　　# state if *no* pattern matches have been found in the *difference* between the
　　# log file and the older copy of the log file.  If the plugin detects any
　　# pattern matches in the log diff, it will return a CRITICAL state and print
　　# out a message is the following format: "(x) last_match", where "x" is the
　　# total number of pattern matches found in the file and "last_match" is the
　　# last entry in the log file which matches the pattern.
　　#
　　# Notes:
　　#
　　# If you use this plugin make sure to keep the following in mind:
　　#
　　#    1.  The "max_attempts" value for the service should be 1, as this
　　#        will prevent Nagios from retrying the service check (the
　　#        next time the check is run it will not produce the same results).
　　#
　　#    2.  The "notify_recovery" value for the service should be 0, so that
　　#        Nagios does not notify you of "recoveries" for the check.  Since
　　#        pattern matches in the log file will only be reported once and not
　　#        the next time, there will always be "recoveries" for the service, even
　　#        though recoveries really don't apply to this type of check.
　　#
　　#    3.  You *must* supply a different  for each service that
　　#        you define to use this plugin script - even if the different services
　　#        check the same  for pattern matches.  This is necessary
　　#        because of the way the script operates.
　　#
　　# Examples:
　　#
　　# Check for login failures in the syslog...
　　#
　　#   check_log /var/log/messages ./check_log.badlogins.old "LOGIN FAILURE"
　　#
　　# Check for port scan alerts generated by Psionic's PortSentry software...
　　#
　　#   check_log /var/log/message ./check_log.portscan.old "attackalert"
　　#
　　# Paths to commands used in this script.  These
　　# may have to be modified to match your system setup.
　　# TV: removed PATH restriction. Need to think more about what this means overall
　　#PATH=""
　　#将文件编码修改，解决乱码问题
　　cd /home/syslogin/2.250log/serverlog
　　#iconv -f gbk -t utf8 xh.log > xhutf8.log
　　#iconv -f gbk -t utf8 dj.log > djutf8.log
　　ECHO="/bin/echo"
　　GREP="/bin/egrep"
　　DIFF="/usr/bin/diff"
　　TAIL="/usr/bin/tail"
　　CAT="/bin/cat"
　　RM="/bin/rm"
　　CHMOD="/bin/chmod"
　　TOUCH="/bin/touch"
　　PROGNAME=`/bin/basename $0`
　　PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
　　REVISION="1.4.15"
　　. $PROGPATH/utils.sh
　　print_usage() {
　　echo "Usage: $PROGNAME -F logfile -O oldlog -q query"
　　echo "Usage: $PROGNAME --help"
　　echo "Usage: $PROGNAME --version"
　　}
　　print_help() {
　　print_revision $PROGNAME $REVISION
　　echo ""
　　print_usage
　　echo ""
　　echo "Log file pattern detector plugin for Nagios"
　　echo ""
　　support
　　}
　　# Make sure the correct number of command line
　　# arguments have been supplied
　　if [ $# -lt 1 ]; then
　　print_usage
　　exit $STATE_UNKNOWN
　　fi
　　# Grab the command line arguments
　　#logfile=$1
　　#oldlog=$2
　　#query=$3
　　exitstatus=$STATE_WARNING #default
　　while test -n "$1"; do
　　case "$1" in
　　--help)
　　print_help
　　exit $STATE_OK
　　;;
　　-h)
　　print_help
　　exit $STATE_OK
　　;;
　　--version)
　　print_revision $PROGNAME $REVISION
　　exit $STATE_OK
　　;;
　　-V)
　　print_revision $PROGNAME $REVISION
　　exit $STATE_OK
　　;;
　　--filename)
　　logfile=$2
　　shift
　　;;
　　-F)
　　logfile=$2
　　shift
　　;;
　　--oldlog)
　　oldlog=$2
　　shift
　　;;
　　-O)
　　oldlog=$2
　　shift
　　;;
　　--query)
　　query=$2
　　shift
　　;;
　　-q)
　　query=$2
　　shift
　　;;
　　-x)
　　exitstatus=$2
　　shift
　　;;
　　--exitstatus)
　　exitstatus=$2
　　shift
　　;;
　　*)
　　echo "Unknown argument: $1"
　　print_usage
　　exit $STATE_UNKNOWN
　　;;
　　esac
　　shift
　　done
　　# If the source log file doesn't exist, exit
　　if [ ! -e $logfile ]; then
　　$ECHO "Log check error: Log file $logfile does not exist!\n"
　　exit $STATE_UNKNOWN
　　elif [ ! -r $logfile ] ; then
　　$ECHO "Log check error: Log file $logfile is not readable!\n"
　　exit $STATE_UNKNOWN
　　fi
　　# If the old log file doesn't exist, this must be the first time
　　# we're running this test, so copy the original log file over to
　　# the old diff file and exit
　　if [ ! -e $oldlog ]; then
　　$CAT $logfile > $oldlog
　　$ECHO "Log check data initialized...\n"
　　exit $STATE_OK
　　fi
　　# The old log file exists, so compare it to the original log now
　　# The temporary file that the script should use while
　　# processing the log file.
　　if [ -x /bin/mktemp ]; then
　　tempdiff=`/bin/mktemp /tmp/check_log.XXXXXXXXXX`
　　else
　　tempdiff=`/bin/date '+%H%M%S'`
　　tempdiff="/tmp/check_log.${tempdiff}"
　　$TOUCH $tempdiff
　　$CHMOD 600 $tempdiff
　　fi
　　$DIFF $logfile $oldlog | $GREP -v "^>" > $tempdiff
　　# Count the number of matching log entries we have
　　count=`$GREP -c "$query" $tempdiff`
　　# Get the last matching entry in the diff file
　　lastentry=`$GREP "$query" $tempdiff | $TAIL -1`
　　$RM -f $tempdiff
　　$CAT $logfile > $oldlog
　　if [ $count -lt 2 ]; then # no matches, exit with no error
　　gj=`tail -1 $logfile | cut -c 1-20`
　　$ECHO "日志正常,检测最后时间是$gj,没有产生关键字眼→→$query"
　　exitstatus=$STATE_OK
　　else # Print total matche count and the last entry we found
　　gj=`echo $lastentry | cut -c 1-21`
　　$ECHO "警告信息数为:$count 条,产生关键字眼 $query"
　　exitstatus=$STATE_CRITICAL
　　fi
　　exit $exitstatus
　　-----------------------------------------------------------------------------------------
　　1，首先定义命令check_log;
　　#cd /usr/local/nagios/etc/objects
　　#vi commands.cfg
　　# 'check_log'command detinition
　　define command{
　　command_name     check_log
　　command_line     $USER1$/check_log -F "$ARG1$" -O "$ARG2$" -q "$ARG3$"
　　}
　　2,定义监控参数；
　　define host{
　　use  linux-server
　　host_name     log-localhost
　　alias         the log of localhost
　　address    127.0.0.1
　　}
　　define service{
　　use  local-service
　　host_name   log-localhost
　　service_description   messages日记关键字stop
　　check_command        check_log!/var/log/messages!/var/log/messages.arc!stop
　　}
　　define service{
　　use  local-service
　　host_name   log-localhost
　　service_description  messages日记关键字nagios error
　　check_command        check_log!/var/log/messages!/var/log/messages.arc!nagios error
　　}