check_logfiles 是檢查nagios日志關(guān)鍵字的插件，其功能很強(qiáng)大。項(xiàng)目地址是https://labs.consol.de/nagios/check_logfiles/

成都創(chuàng)新互聯(lián)公司專業(yè)為企業(yè)提供開州網(wǎng)站建設(shè)、開州做網(wǎng)站、開州網(wǎng)站設(shè)計(jì)、開州網(wǎng)站制作等企業(yè)網(wǎng)站建設(shè)、網(wǎng)頁設(shè)計(jì)與制作、開州企業(yè)網(wǎng)站模板建站服務(wù)，十多年開州做網(wǎng)站經(jīng)驗(yàn)，不只是建網(wǎng)站，更提供有價(jià)值的思路和整體網(wǎng)絡(luò)服務(wù)。

一、安裝
tar -zxvf check_logfiles-2.3.1.2.tar.gz
cd check_logfiles-2.3.1.2
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-seekfiles-dir=/usr/local/nagios/var/tmp --with-protocols-dir=/usr/local/nagios/var/tmp --with-trusted-path=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/nagios/libexec --with-perl=/usr/bin/perl --with-gzip=/bin/gzip
make
make install

二、配置

使用check_logfile
[root@WEBServer10414 libexec]# ./check_logfiles --help
This Nagios Plugin comes with absolutely NO WARRANTY. You may use
it on your own risk!
Copyright by ConSol Software GmbH, Gerhard Lausser.

This plugin looks for patterns in logfiles, even in those who were rotated
since the last run of this plugin.

Usage: check_logfiles [-t timeout] -f

The configfile looks like this:

$seekfilesdir = '/opt/nagios/var/tmp';#寫狀態(tài)信息的目錄，這里面記錄已經(jīng)檢查過的日志內(nèi)容，相當(dāng)于歷史記錄
# where the state information will be saved.

$protocolsdir = '/opt/nagios/var/tmp';#寫協(xié)議信息的目錄，這里面記錄日志檢查的匹配信息
# where protocols with found patterns will be stored.

$scriptpath = '/opt/nagios/var/tmp';#可調(diào)用的腳本或程序
# where scripts will be searched for.

$MACROS = { CL_DISK01 => "/dev/dsk/c0d1", CL_DISK02 => "/dev/dsk/c0d2" };#定義宏

@searches = (#此處為配置文件的內(nèi)容，我們可以通過配置文件來執(zhí)行程序，也可以通過在命令行中直接定義。通過配置文件更方便 
 {
   tag => 'temperature',#定義唯一的標(biāo)識符，它將在生成狀態(tài)信息或協(xié)議信息中作為名字中的一部分使用，并沒有實(shí)際的意義
   logfile => '/var/adm/syslog/syslog.log',#日志文件位置
   rotation => 'bmwhpux',#用來匹配歸檔的日志文件,rotation如果有截?cái)嗳罩镜脑捰脕矶x如何匹配截?cái)嗳罩?br />   criticalpatterns => ['OVERTEMP_EMERG', 'Power supply failed'],#嚴(yán)重錯(cuò)誤，可以匹配一個(gè)或多個(gè)正則表達(dá)式
   warningpatterns => ['OVERTEMP_CRIT', 'Corrected ECC Error'],#警告錯(cuò)誤，可以匹配一個(gè)或多個(gè)正則表達(dá)式
   options => 'script,protocol,nocount',#選項(xiàng)列表，我們可以選擇啟動腳本，寫協(xié)議，不計(jì)數(shù)等操作
   script => 'senDNSca_cmd'
 },#腳本的名字
 {
   tag => 'scsi',
   logfile => '/var/adm/messages',
   rotation => 'solaris',
   criticalpatterns => 'Sense Key: Not Ready',
   criticalexceptions => 'Sense Key: Not Ready /dev/testdisk',
   options => 'noprotocol'
 },
 {
   tag => 'logins',
   logfile => '/var/adm/messages',
   rotation => 'solaris',
   criticalpatterns => ['illegal key', 'read error.*$CL_DISK01$'],
   criticalthreshold => 4
   warningpatterns => ['read error.*$CL_DISK02$'],
 }
);

以上將各個(gè)項(xiàng)目統(tǒng)一寫到配置文件中，當(dāng)然也可以將其放入命令行中調(diào)用，兩種調(diào)用方式如下：

[root@WEBServer10414 libexec]# ./check_logfiles
Usage: check_logfiles [-t timeout] -f [--searches=tag1,tag2,...]
      check_logfiles [-t timeout] --logfile= --tag= --rotation=
                     --criticalpattern= --warningpattern=


三、現(xiàn)網(wǎng)實(shí)例
1、在被監(jiān)控端編輯一個(gè)配置文件，如下
vim /usr/local/nagios/var/catalina.cfg

$seekfilesdir = "/usr/local/nagios/var/tmp";
$protocolsdir = "/usr/local/nagios/var/tmp";
@searches = (
 {
   tag => 'tomcat',
   logfile => '/opt/tomcat7/logs/catalina.out',
   rotation => 'catalina.$CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$.log',
   criticalpatterns => [
     'java.net.SocketTimeoutException',
     'Exception'
   ],
   warningpatterns => [

   ],
   options => 'nocase,encoding=UTF-8,criticalthreshold=1,warningthreshold=1'
 },
);
我們定義了一個(gè)標(biāo)志tomcat.catalina.out,檢查的日志文件為/opt/tomcat7/logs/catalina.out,當(dāng)日志信息中匹配 ciriticalpattern中的內(nèi)容時(shí)會報(bào)嚴(yán)重錯(cuò)誤，；狀態(tài)信息和協(xié)議信息會寫入到 /usr/local/nagios/var/tmp中,
$CL_DATE_YYYY$-$CL_DATE_MM$-$CL_DATE_DD$是定義的時(shí)間宏，上面是匹配當(dāng)前日期的歸檔日志。options => 'nocase'，正則表達(dá)式不區(qū)分大小寫，options=>'criticalthreshold=1,warningthreshold=1'，
這個(gè)數(shù)值設(shè)置了忽略匹配的次數(shù)。如設(shè)置成3，即忽略前2次匹配，第3次匹配才計(jì)數(shù)。這里是只忽略1次，第2次匹配就記數(shù)。


2、在/usr/local/nagios/libexec的目錄下，檢查下配置的文件，顯示執(zhí)行正常，日志無報(bào)錯(cuò)。
[root@WEBServer10414 libexec]# ./check_logfiles --config /usr/local/nagios/var/catalina.cfg
OK - no errors or warnings|tomcat.catalina.out_lines=192 tomcat.catalina.out_warnings=0 tomcat.catalina.out_criticals=0 tomcat.catalina.out_unknowns=0

3、查看/usr/local/nagios/var/tmp目錄下生成的
 catalina._opt_tomcat7_logs_catalina.out.tomcat文件，其中tomcat是我們配置的tag,文件內(nèi)容如下：
[root@WEBServer10414 tmp]# cat catalina._opt_tomcat7_logs_catalina.out.tomcat
$state = {
          'logoffset' => 166891197,
          'devino' => '2053:27754546',
          'servicestateid' => 0,
          'logtime' => 1470399570,
          'serviceoutput' => ''
        };
1;

4、被監(jiān)控端添加nrpe.cfg文件中添加監(jiān)控命令
command[check_tomcat_logfiles]=/usr/local/nagios/libexec/check_logfiles --config /usr/local/nagios/var/catalina.cfg

5、監(jiān)控端定義的日志關(guān)鍵字監(jiān)控服務(wù)配置
define service{
       use                            local-service,srv-pnp        ; Name of service template to use
       host_name                      WEBServer10414
       service_description            Tomcat Front End Log Keyword Monitoring
       check_command                  check_nrpe_arg!check_tomcat_logfiles!60!/usr/local/nagios/var/catalina.cfg
       notifications_enabled          1
       }

6、check_nrpe_arg命令的定義
# 'check_nrpe_arg' command definition
define command {
 command_name        check_nrpe_arg
 command_line        $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$ -a $ARG3$
}

7、查看nagios展示的服務(wù)的信息

注意：/usr/local/nagios/var/catalina.cfg文件和/usr/local/nagios/var/tmp目錄和下面生成的狀態(tài)文件的權(quán)限要設(shè)為nagios，否則會報(bào)無權(quán)限寫入錯(cuò)誤。