logfile

check_logfile

Checks logfiles or any other text format file for errors or other general patterns

In order to use this plugin, you need to enable 'CheckLogFile' in the '[/modules]' section of the snclient_local.ini.

Also, to avoid security issues, you need to set 'allowed pattern' in the '[/settings/check/logfile]'
section of the snclient_local.ini to a comma separated list of allowed glob patterns.

Example:
[/settings/check/logfile]
allowed pattern  = /var/log/**      # This allows all files recursively in /var/log/
allowed pattern += /opt/logs/*.log  # This allows all files with .log extension in /opt/logs/

See https://github.com/bmatcuk/doublestar#patterns for details on the pattern syntax.

Implementation

WindowsLinuxFreeBSDMacOSX

Examples

Default Check

Alert if there are errors in the snclient log file:

check_files files=/var/log/snclient/snclient.log 'warn=line like Warn' 'crit=line like Error'"
OK - All 1787 / 1787 Lines OK

Example using NRPE and Naemon

Naemon Config

define command{
    command_name         check_nrpe
    command_line         $USER1$/check_nrpe -H $HOSTADDRESS$ -n -c $ARG1$ -a $ARG2$
}

define service {
    host_name            testhost
    service_description  check_logfile
    use                  generic-service
    check_command        check_nrpe!check_logfile!'files=/var/log/snclient/snclient.log' 'warn=line like Warn'
}

Argument Defaults

ArgumentDefault Value
empty-state3 (UNKNOWN)
empty-syntax%(status) - No files found
top-syntax%(status) - %(problem_count)/%(count) lines (%(count)) %(problem_list)
ok-syntax%(status) - All %(count) / %(total) Lines OK
detail-syntax%(line | chomp | cut=200)

Check Specific Arguments

ArgumentDescription
column-splitTab split default: \t
fileThe file that should be checked
filesComma separated list of files
labellabel:pattern => If the pattern is matched in a line the line will have the label set as detail
line-splitCharacter string used to split a file into several lines (default \n)
offsetStarting position (in bytes) for scanning the file (0 for beginning). This overrides any saved offset

Attributes

Filter Keywords

these can be used in filters and thresholds (along with the default attributes):

AttributeDescription
countNumber of items matching the filter. Common option for all checks.
filenameThe name of the file
lineMatch the content of an entire line
columnNMatch the content of the N-th column only if enough columns exists