Monitor Growth of Single Log Files
How to Monitor and Alert on the Growth of single log files
Monitor a Single log file and alert if the log stops growing in size...i.e. no new data being logged
[root@nagios-primary ~]# ./nlm logxray host:port /var/tmp/logXray autodoc /opt/electric-commander/data/logs/commander-ecserver003.log 1 5 filegrowth
CRITICAL: File [ /opt/electric-commander/data/logs/commander-ecserver003.log ]. Size Now = [ 20.6719MB (Mon Oct 26 19:12:56 2015) ]. Size Before = [ 20.6719MB (Tue Oct 13 13:22:57 2015) ].
[root@nagios001 ~]# ./nlm logxray host:port /tmp/logXrayTestingJ,tail=10 autonda /var/log/Nagios 60m 'fatal' '.' 1 2 systemAAerrorsA -ndshow
[root@nagios001 ~]# time ./nlm logxray host:port /tmp/logXrayTestingJ autonda /var/log/messages 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 systemAAerrorsA -ndshow
[root@nagios001 ~]# time ./nlm logxray host:port /tmp/logXrayTestingJ autonda /var/log/messages 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 systemAAerrorsA -ndfoundmul
[root@nagios001 ~]# time ./nlm logxray host:port /var/tmp/logXray autonda /wms/prod/*/data/download_files/Rcv*.out 30m 'Oracle.*Error' '.' 1 1 rcv_out_sdc -ndshow
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./nlm logxray host:port /var/tmp/logXray autonda /wms/prod/_ast_/data/download_files/Rcv_ast_.out 30m 'Oracle.*Error' '.' 1 1 rcv_out_sdc -ndshow
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /tmp/logXrayTestingJ,tail=10 autonda /var/log/nagios 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 systemAAerrorsAAA -ndfoundmul
CRITICAL: [/var/log/nagios][7] nagios.log:P=(error=16)_F=(3s)_R=(0,0=0) nagios.debug:P=(error=3)_F=(3s)_R=(0,0=0) livestatus.log:P=(error=368)_F=(190s)_R=(0,300120=300120)
real 0m1.941s
user 0m0.147s
sys 0m0.048s
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./logrobot localhost /tmp/logXrayTestingJ,tail=10 autonda /var/log/nagios 60m 'error_P_fatal_P_panic_P_fault' '.' 1 2 systemAAerrorsAAA -ndfoundmul
OK: [/var/log/nagios][7] apache_error.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(12,12=0) eventhandler.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(100,100=0) apache_access.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(25,25=0) nagios.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(6)_R=(0(lnsrd)=0,0(rnge),alnct()) servicenow.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(147,147=0) nagios.debug:P=(fault=0 error=0 panic=0 fatal=0)_F=(1)_R=(88(lnsrd)=0,88(rnge),alnct(2959457)) livestatus.log:P=(error=0 fatal=0 panic=0 fault=0)_F=(4s)_R=(300120,300120=0)
real 0m0.520s
user 0m0.165s
sys 0m0.051s
[root@nagios001 ~]#
[root@nagios001 ~]#
[root@nagios001 ~]# time ./nlm logxray host:port /var/tmp/logXray autonda /PROD/GAP/cicsitlp/sys/unikixmain.log 30m 'CALL.*EDI.*PROD.*SUPPORT' '.' 1:4 1:8 mq_conn_open_error -ndshowgetlineba
[root@nagios001 ~]# time ./nlm logxray host:port /var/tmp/logXray autonda /opt/apps/tokemon/logs/_ast_.log 120m 'User' 'Tokemon.*:.*2.*:.*De-tokenization.*Requested' 10 10 tokenization_logchk -ndfoundauditast
Other common log monitoring scenarios
- Show only the total count of each pattern found in log
- Apache/HTTP Log Monitoring - Frequency of status codes
- Expected Entries - Alert when not found in monitored log
- Pattern Exclusions - Specify a list of patterns to exclude
- Log Exclusions - Specify logs to exclude from monitoring
- Dynamic Logs - Monitoring dynamically named Log Files
- Tail Log files using Time Frames - Get precise log data
- Graph various log file metrics - Trend historical log data
- Hot Spot - Identify times with unusually high errors
- Alert based on values in specific columns in log entries
- Email Alerts - Configure log monitoring through Crontab
- Nagios Alerts - Configure log monitoring through Nagios
- Zabbix Alerts - Configure log monitoring through Zabbix
- Zenoss Alerts - Configure log monitoring through Zenoss
Log File Content
Scan content of log files for new occurrences (or lack thereof) of specific keywords, strings or patterns.
Log File Size
Monitor the sizes of single or multiple log files - alert if log size breaches predefined thresholds.
Log File Growth
Monitor the growth of single or multiple log files - alert when the monitored logs stop receiving new data.
Log File Timestamp
Monitor the timestamp of single or multiple logs. Alert, if logs are older than X amount of minutes or hours.