From: Stephen L Johnson Date: Fri, 5 Nov 1999 04:38:19 +0000 (+0000) Subject: Initial revision X-Git-Tag: spong-2_6-beta7~33 X-Git-Url: http://git.etc.gen.nz/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=deb0f6e22aad5a984ac4b09273576c9f2c005dde;p=spong.git Initial revision --- diff --git a/www/docs/check_logs.html b/www/docs/check_logs.html new file mode 100755 index 0000000..ee7d20a --- /dev/null +++ b/www/docs/check_logs.html @@ -0,0 +1,158 @@ + + + + + + + check_logs + + + +
+

+NAME

+check_logs - system log files client checks module +

+ +
DESCRIPTION

+The client check module checks system log files for one or more user specified +patterns. check_logs continually scans to the end of the log file. +Log file changes caused by log file rotations or initialization are handled +automatically. +

For each line in a log file that matches a pattern an event is generated. +Each event has a duration,a color and a text field describing the match. +When check_logs finishes checks all of the log files, it then reports all +of the events that were generated back to the spong-server. The events +will reported back to the server every cycle until their duration has expired. +At which point they are removed from the list of event. +
  +

+OUTPUT RETURNED

+SUMMARY MESSAGE FIELD +
If there are no events, it return "All logs ok". Otherwise is will +return a list of the logs that have generated events. +

DETAILED MESSAGE FIELD +
If there are pending event, the text field from of all the events are +returned. +
  +

+CONFIGURATION

+ +
$LOGCHECKS +
A list of hashes which defined checks to apply to log files. Each hash +contains the fields logfile which is the full path to the log file +to check and checks whch  is a list of check to apply to the +log file. Each check is a hash that contains the fields: pattern +- a Perl regular expression to be scanned for, status - the status +color to reported lines matching pattern, duration - the duration that +each event is to be reported to the server, text - the text to reported +back in the detailed message field of the status report (which can include +match position variables from pattern) and id - an optional +key field to associated with each event generated +

$LOGCHECKS = [ { +
                  +logfile => 'full/path/to/logfile', +
                  +checks  => [ {check-stanza}, {check-stanza} ], +
               +}, +
               +{ +
                  +logfile => 'full/path/to/logfile2', +
                  +checks  => [ {check-stanza}, {check-stanza} ], +
               +}, +
]; +

a check-stanza is: +

{ +
   pattern  => 'perl reg exp', +
   status   => 'status-color', +
   duration => xx, +
   text     => 'Error desc', +
   id       => 'optional-event-key', +
} +

where:

+pattern - A perl regular expression top be scanned for. You can +include '( )' enclosed sections in your expression that will can access +by $1, $2, etc variables in the text field. +
status - A status color 'green', 'yellow', or 'red'. +
duration - The duration of a generated event in minutes. +
text - the text that will appear in the status message. Perl +positional variables (i.e. $1, $2, etc.) can be used in the text field +which will be the matched text of the sections from the regular expression +defined in pattern. +
id - An option event key that will be assigned to an event rather +than the default, the text field. you can use this field to collapse +multiple events into one event. +
  +

+Example

+ +
$LOGCHECKS = [ { 'logfile' => '/var/log/messages', +
                 +'checks'  => [ { pattern=>'(.*WARNING:.*)', +
                                  +status=> 'yellow', +
                                  +duration=>10, +
                                  +text=>'$1', +
                                +}, +
                                +{ pattern=>'(.*NOTICE:.*)', +
                                  +status=> 'red', +
                                  +duration=>'10', +
                                  +text=>'$1', +
                                +}, +
                                +{ pattern=>'(SCSI)|(scsi)', +
                                  +status =>'red', +
                                  +duration=>30, +
                                  +text    => 'scsi error', +
                                 +}, +
                                 +{ pattern=>'su: FAILED SU .to ([^\s]+). ([^\s]+)', +
                                   +status =>'yellow', +
                                   +duration=>30, +
                                   +text => 'su $ failed for $2', +
                                 +}, +
                              +], +
                +} +
]; +
  +

FILES +

+
+/usr/local/etc/spong/spong.conf
+ +
Configuration file. This contains variables that detail spong and OS +specific definitions used by spong-client. This file also contain variables +describing threshold levels. See spong.conf for additional documentation.
+
+ +
AUTHOR +

Stephen L Johnson (stephen.johnson@mail.state.ar.us) +or (sjohnson@monsters.org), +Unix System Administator, DIS - State of Arkansas +
  +
 

+ + +