Bug#298495: [Logcheck-devel] Bug#298495: logcheck-database: add nagios unreachable filter

[Geoff Crompton]

maximilian attems wrote:
> 
> thanks for the nicely crafted rules.

No worries.

>  
> 
>>=== nagios
>>==================================================================
>>--- nagios  (revision 55)
>>+++ nagios  (local)
>>@@ -10,6 +10,7 @@
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;OK;.*$
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;DOWN;(SOFT|HARD);.*$
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;UP;(SOFT|HARD);.*$
>>+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;UNREACHABLE;(SOFT|HARD);.*$
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;DOWN;.*$
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;UP;.*$
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST DOWNTIME ALERT: [._[:alnum:]-]+;STOPPED;.*$
>>
> 
> could you post some of the loglines they are intended to supress.
> 
> .* should only used for remote supplied strings,
> where we have _no_ controll on what gets supplied.
> 
> thanks for your feedback
> maks

Here are some sample loglines: (Please excuse if they are linewrapped, 
I've separated them out to make it clear which ones are/were full lines)

Mar  7 16:51:50 sd01 nagios: HOST ALERT: 
wire-server;UNREACHABLE;HARD;10;CRITICAL - Plugin timed out after 10 seconds

Mar  7 17:40:50 sd01 nagios: HOST ALERT: 
wire-server;UNREACHABLE;HARD;10;/bin/ping 202.137.92.18 -n -c 1

Mar  7 23:54:09 sd01 nagios: HOST ALERT: 
philoz-server;UNREACHABLE;HARD;10;PING CRITICAL - Packet loss = 0%, RTA 
= 8861.88 ms

Mar  9 02:29:39 sd01 nagios: HOST ALERT: 
oe-server;UNREACHABLE;HARD;10;Socket timeout after
10 seconds

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000