--- /dev/null
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+ <meta name="Author" content="noman">
+ <meta name="GENERATOR" content="Mozilla/4.61 [en] (X11; U; Linux 2.2.12-20 i686) [Netscape]">
+ <title>check_logs</title>
+</head>
+<body>
+
+<hr WIDTH="100%">
+<h1>
+<a NAME="check_logs.name"></a>NAME</h1>
+check_logs - system log files client checks module
+<h1>
+
+<hr WIDTH="100%"><a NAME="check_logs.description"></a>DESCRIPTION</h1>
+The client check module checks system log files for one or more user specified
+patterns. <i>check_logs</i> continually scans to the end of the log file.
+Log file changes caused by log file rotations or initialization are handled
+automatically.
+<p>For each line in a log file that matches a pattern an event is generated.
+Each event has a duration,a color and a text field describing the match.
+When check_logs finishes checks all of the log files, it then reports all
+of the events that were generated back to the spong-server. The events
+will reported back to the server every cycle until their duration has expired.
+At which point they are removed from the list of event.
+<br>
+<h1>
+<a NAME="check_logs.output"></a>OUTPUT RETURNED</h1>
+<b>SUMMARY MESSAGE FIELD</b>
+<br>If there are no events, it return "All logs ok". Otherwise is will
+return a list of the logs that have generated events.
+<p><b>DETAILED MESSAGE FIELD</b>
+<br>If there are pending event, the text field from of all the events are
+returned.
+<br>
+<h1>
+<a NAME="check_logs.configuration"></a>CONFIGURATION</h1>
+
+<dl><b>$LOGCHECKS</b>
+<br>A list of hashes which defined checks to apply to log files. Each hash
+contains the fields <b>logfile</b> which is the full path to the log file
+to check and <b>checks</b> whch is a list of check to apply to the
+log file. Each check is a hash that contains the fields: <b>pattern</b>
+- a Perl regular expression to be scanned for, <b>status</b> - the status
+color to reported lines matching pattern, duration - the duration that
+each event is to be reported to the server, <b>text </b>- the text to reported
+back in the detailed message field of the status report (which can include
+match position variables from <b>pattern</b>) and <b>id</b> - an optional
+key field to associated with each event generated
+<p><tt>$LOGCHECKS = [ {</tt>
+<br><tt>
+logfile => 'full/path/to/logfile',</tt>
+<br><tt>
+checks => [ {check-stanza}, {check-stanza} ],</tt>
+<br><tt>
+},</tt>
+<br><tt>
+{</tt>
+<br><tt>
+logfile => 'full/path/to/logfile2',</tt>
+<br><tt>
+checks => [ {check-stanza}, {check-stanza} ],</tt>
+<br><tt>
+},</tt>
+<br><tt>];</tt>
+<p>a check-stanza is:
+<p><tt>{</tt>
+<br><tt> pattern => 'perl reg exp',</tt>
+<br><tt> status => 'status-color',</tt>
+<br><tt> duration => xx,</tt>
+<br><tt> text => 'Error desc',</tt>
+<br><tt> id => 'optional-event-key',</tt>
+<br><tt>}</tt>
+<p>where:</dl>
+<i>pattern </i>- A perl regular expression top be scanned for. You can
+include '( )' enclosed sections in your expression that will can access
+by $1, $2, etc variables in the <i>text</i> field.
+<br><i>status</i> - A status color 'green', 'yellow', or 'red'.
+<br><i>duration</i> - The duration of a generated event in minutes.
+<br><i>text</i> - the text that will appear in the status message. Perl
+positional variables (i.e. $1, $2, etc.) can be used in the text field
+which will be the matched text of the sections from the regular expression
+defined in <i>pattern</i>.
+<br><i>id</i> - An option event key that will be assigned to an event rather
+than the default, the <i>text</i> field. you can use this field to collapse
+multiple events into one event.
+<br>
+<h1>
+Example</h1>
+
+<dl><tt>$LOGCHECKS = [ { 'logfile' => '/var/log/messages',</tt>
+<br><tt>
+'checks' => [ { pattern=>'(.*WARNING:.*)',</tt>
+<br><tt>
+status=> 'yellow',</tt>
+<br><tt>
+duration=>10,</tt>
+<br><tt>
+text=>'$1',</tt>
+<br><tt>
+},</tt>
+<br><tt>
+{ pattern=>'(.*NOTICE:.*)',</tt>
+<br><tt>
+status=> 'red',</tt>
+<br><tt>
+duration=>'10',</tt>
+<br><tt>
+text=>'$1',</tt>
+<br><tt>
+},</tt>
+<br><tt>
+{ pattern=>'(SCSI)|(scsi)',</tt>
+<br><tt>
+status =>'red',</tt>
+<br><tt>
+duration=>30,</tt>
+<br><tt>
+text => 'scsi error',</tt>
+<br><tt>
+},</tt>
+<br><tt>
+{ pattern=>'su: FAILED SU .to ([^\s]+). ([^\s]+)',</tt>
+<br><tt>
+status =>'yellow',</tt>
+<br><tt>
+duration=>30,</tt>
+<br><tt>
+text => 'su $ failed for $2',</tt>
+<br><tt>
+},</tt>
+<br><tt>
+],</tt>
+<br><tt>
+}</tt>
+<br><tt>];</tt>
+<br>
+<p><b><font face="Arial, Helvetica, sans-serif"><font size=+2>FILES</font></font></b>
+<dl>
+<dt>
+<b>/usr/local/etc/spong/spong.conf</b></dt>
+
+<br>Configuration file. This contains variables that detail spong and OS
+specific definitions used by spong-client. This file also contain variables
+describing threshold levels. See <i>spong.conf</i> for additional documentation.</dl>
+</dl>
+
+<dl><b><font face="Arial, Helvetica, sans-serif"><font size=+2>AUTHOR</font></font></b>
+<p>Stephen L Johnson (<a href="MAILTO:stephen.johnson@mail.state.ar.us">stephen.johnson@mail.state.ar.us</a>)
+or (<a href="MAILTO:sjohnson@monsters.org">sjohnson@monsters.org</a>),
+Unix System Administator, DIS - State of Arkansas
+<br>
+<br> </dl>
+
+</body>
+</html>
projects / spong.git / commitdiff