[Logcheck-devel] Bug#306695: nagios: logcheck lines, please

Stephen Gran sgran at debian.org
Thu Apr 28 14:25:24 UTC 2005 

This one time, at band camp, Jamie L. Penman-Smithson said:
> On Wed, 2005-04-27 at 22:10 -0400, Steve Gran wrote:
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT
> > 
> > (although that may be too broad)
> 
> Can you provide the log messages that this matches?

steve at linux01:~$ grep 'PROCESS_SERVICE_CHECK_RESULT' /var/log/syslog | grep -i OK | head -n10
Apr 28 06:28:32 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;kvfw4.example.com;SSH Service;0;SSH OK - OpenSSH_3.8p1 (protocol 1.99)
Apr 28 06:28:59 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;circa-server.circa.local;SMTP Service;0;SMTP OK - 0.001 sec. response time
Apr 28 06:30:09 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;file.example.com;SSH Service;0;SSH OK - OpenSSH_3.8.1p1 Debian-8.sarge.4 (protocol 2.0)
Apr 28 06:31:19 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;mail.example.com;SSH Service;0;SSH OK - OpenSSH_3.8.1p1 Debian-8.sarge.4 (protocol 2.0)
Apr 28 06:32:29 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;circa-server.circa.local;IMAP Service;0;IMAP OK - 0.001 second response time on port 143 [* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7226.0 (circa-server.circa.local) ready.]
Apr 28 06:33:03 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;tiki-test.example.com;TCP Port Check;0;TCP OK -   0.007 second response time on port 80
Apr 28 06:33:03 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;apollo.example.com;SSH Service;0;SSH OK - OpenSSH_3.8.1p1 Debian-8.sarge.4 (protocol 2.0)
Apr 28 06:33:03 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;poseidon.example.com;SSH Service;0;SSH OK - OpenSSH_3.6.1p2 (protocol 1.99)
Apr 28 06:35:14 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;athena.example.com;Host Lookup;0;DNS ok - 0 seconds response time, Address(es) is/are 66.114.207.137
Apr 28 06:35:14 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;pluto.example.com;Host Lookup;0;DNS ok - 0 seconds response time, Address(es) is/are 66.114.207.137

steve at linux01:~$ grep 'PROCESS_SERVICE_CHECK_RESULT' /var/log/syslog | grep -iv OK | head -n10
Apr 28 06:42:43 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;mdrt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 06:43:02 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;salt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 06:43:02 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;nagios.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 06:46:24 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host
Apr 28 06:48:23 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;mdrt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 06:48:23 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;nagios.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 06:48:26 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;salt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 07:12:43 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;mdrt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 07:13:02 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;nagios.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required
Apr 28 07:13:02 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;salt.example.com;Standard HTTP Service;0;HTTP WARNING: HTTP/1.1 401 Authorization Required

steve at linux01:~$ grep 'PROCESS_SERVICE_CHECK_RESULT' /var/log/syslog | egrep -iv '(OK|WARNING)' | head -n10
Apr 28 06:46:24 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host
Apr 28 07:16:25 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host
Apr 28 07:46:24 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host
Apr 28 08:16:25 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host
Apr 28 08:27:25 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;kvfw4.example.com;SSH Service;0;Socket timeout after 10 seconds
Apr 28 08:33:14 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;172.25.3.27;Fast Ping Check;0;FPING CRITICAL - 172.25.3.27 (loss=100.000000% )
Apr 28 08:34:44 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;kvfw4.example.com;SSH Service;0;Socket timeout after 10 seconds
Apr 28 08:39:15 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;172.25.3.27;Fast Ping Check;0;FPING CRITICAL - 172.25.3.27 (loss=100.000000% )
Apr 28 08:41:23 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;kvfw4.example.com;SSH Service;0;Socket timeout after 10 seconds
Apr 28 08:46:24 linux01 nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;cyan.example.com;Standard HTTP Service;0;Connection refused by host

Those are a sample - I can provide more if need be.

This is a setup with distributed nagios monitoring.  We have one monitor
on the public internet, and one on an intranet.  The intranet one sends
updates to the internet one via ncsa.  These log lines come from the
updates.  Sorry about obfuscating the domain names - they are clients
who I am not sure want there LAN details leaked in a bug report.  That
is all I have changed, though.

Thanks,
-- 
 -----------------------------------------------------------------
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran at debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050428/d672297e/attachment.pgp

More information about the Logcheck-devel mailing list