Monitoring Log Files on Local and/or Remote Hosts
How to Monitor and Alert on Local & Remote Log Files
[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /opt/electric-commander/data/logs/commander-ecserver003.log 1 5 filegrowth
CRITICAL: File [ /opt/electric-commander/data/logs/commander-ecserver003.log ]. Size Now = [ 20.6719MB (Mon Oct 26 19:12:56 2015) ]. Size Before = [ 20.6719MB (Tue Oct 13 13:22:57 2015) ].
# To monitor a remote log on a remote host:
[root@nagios-primary ~]# ./logrobot ecserver001.phx.logrobot.com /var/tmp/logXray autodoc /opt/electric-commander/data/logs/commander-ecserver003.log 1 5 filegrowth
[root@nagios001 ~]# ./logrobot localhost autonda /var/log/messages 1h 'kernel.*timedout' '.' 1 2 kernel_timeouts -ndshow email=Support@LoGrobot.com,Sales@LoGrobot.com
[root@nagios001 ~]# ./logrobot localhost /tmp/logXrayTestingJ autonda /var/log/messages 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 msgchk -ndshow email=Support@LoGrobot.com,Sales@LoGrobot.com
[root@nagios001 ~]# ./logrobot localhost /tmp/logXrayTestingJ autonda /var/log/messages 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 systemAAerrorsA -ndfoundmul email=Support@LoGrobot.com,Sales@LoGrobot.com
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /tmp/logXrayTesting autonda /var/log/nagios 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 NagiosAppLogCheck -ndfoundmul email=Support@LoGrobot.com,Sales@LoGrobot.com
CRITICAL: [/var/log/nagios][7] nagios.log:P=(error=16)_F=(3s)_R=(0,0=0) nagios.debug:P=(error=3)_F=(3s)_R=(0,0=0) livestatus.log:P=(error=368)_F=(190s)_R=(0,300120=300120)
real 0m1.941s
user 0m0.147s
sys 0m0.048s
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /tmp/logXrayTesting autonda /var/log/nagios 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 -ndfoundmul email=Support@LoGrobot.com,Sales@LoGrobot.com
OK: [/var/log/nagios][7] apache_error.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(12,12=0) eventhandler.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(100,100=0) apache_access.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(25,25=0) nagios.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(6)_R=(0(lnsrd)=0,0(rnge),alnct()) servicenow.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(147,147=0) nagios.debug:P=(fault=0 error=0 panic=0 fatal=0)_F=(1)_R=(88(lnsrd)=0,88(rnge),alnct(2959457)) livestatus.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(300120,300120=0)
real 0m0.520s
user 0m0.165s
sys 0m0.051s
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /var/tmp/logXray autonda /wms/prod/*/data/download_files/Rcv*.out 30m 'Oracle.*Error' '.' 1 1 rcv_out_sdc -ndshow email=jsmith@gmail.com,jjackson@gmail.com
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /var/tmp/logXray autonda /wms/prod/_ast_/data/download_files/Rcv_ast_.out 30m 'Oracle.*Error' '.' 1 1 rcv_out_sdc -ndshow email=jsmith@gmail.com,jjackson@gmail.com
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /var/tmp/logXray autonda /PROD/GAP/cicsitlp/sys/unikixmain.log 30m 'CALL.*EDI.*PROD.*SUPPORT' '.' 1:4 1:8 mq_conn_open_error -ndshowgetlineba Support@LoGrobot.com,Sales@LoGrobot.com[root@nagios001 ~]# time ./logrobot localhost /var/tmp/logXray autonda /opt/apps/tokemon/logs/_ast_.log 120m 'User' 'Tokemon.*:.*2.*:.*De-tokenization.*Requested' 10 10 tokenization_logchk -ndfoundauditast SecurityLogCheck Support@LoGrobot.com,Sales@LoGrobot.comLog File Content
Scan content of log files for new occurrences (or lack thereof) of specific keywords, strings or patterns.
Log File Size
Monitor the sizes of single or multiple log files - alert if log size breaches predefined thresholds.
Log File Growth
Monitor the growth of single or multiple log files - alert when the monitored logs stop receiving new data.
Log File Timestamp
Monitor the timestamp of single or multiple logs. Alert, if logs are older than X amount of minutes or hours.