How to watch file content tests for several events in the same cycle?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How to watch file content tests for several events in the same cycle?

Marcus Mülbüsch-3
Hello all,

the following lines alert me if the logfiles contains 2 Criticals in 2
minutes and ignores single Crits:

> check file log_to_watch with path /var/log/log_to_watch
>   if match "CRITICAL" for 2 times within 2 cycles then alert

However, my Crits mostly happen in the same second. I can safely ignore
a single one, but want monit to alert me if several happen at once (or
in short succession). The above lines does not do that.

Unfortunately I can't figure out how to proceed. Is there a way?

Any suggestion would be highly appreciated.

Marcus

Reply | Threaded
Open this post in threaded view
|

Re: How to watch file content tests for several events in the same cycle?

Tino Hendricks
Marcus,

my suggestion as usual pleas for use of a script, because I don’t think monit can do what you need out of the box.

Something like

if [[ $((`tail -3 /var/log/log_to_watch | grep CRITICAL | wc -l`)) -gt 1 ]] ; then …

might be a way to go?

Take care

Tino

> Am 26.09.2019 um 11:11 schrieb Marcus Mülbüsch <[hidden email]>:
>
> Hello all,
>
> the following lines alert me if the logfiles contains 2 Criticals in 2 minutes and ignores single Crits:
>
>> check file log_to_watch with path /var/log/log_to_watch
>>  if match "CRITICAL" for 2 times within 2 cycles then alert
>
> However, my Crits mostly happen in the same second. I can safely ignore a single one, but want monit to alert me if several happen at once (or in short succession). The above lines does not do that.
>
> Unfortunately I can't figure out how to proceed. Is there a way?
>
> Any suggestion would be highly appreciated.
>
> Marcus
>


Reply | Threaded
Open this post in threaded view
|

Re: How to watch file content tests for several events in the same cycle?

Lutz Mader
In reply to this post by Marcus Mülbüsch-3
Hello Marcus,
monit does not handle times or cycles with the match/content test,
unfortunetely.

With regards,
Lutz

p.s.
See my issue/ticket:
check file doesn't handle the times/cycles setting
https://bitbucket.org/tildeslash/monit/issues/822/check-file-doesnt-handle-the-times-cycles

Feel free to vote for the issue/ticket.

Reply | Threaded
Open this post in threaded view
|

Re: How to watch file content tests for several events in the same cycle?

Marcus Mülbüsch-3
In reply to this post by Tino Hendricks
Hello Tino, hello list,

    I "feared" as much. As usual, a script is the way to go. Alas, I was
hoping for something ready-to-go.

    (Not that writing a script is taht difficult.)

Marcus

 > Am 26.09.2019 um 12:25 schrieb Tino Hendricks:

> Marcus,
>
> my suggestion as usual pleas for use of a script, because I don’t think monit can do what you need out of the box.
>
> Something like
>
> if [[ $((`tail -3 /var/log/log_to_watch | grep CRITICAL | wc -l`)) -gt 1 ]] ; then …
>
> might be a way to go?
>
> Take care
>
> Tino
>
>> Am 26.09.2019 um 11:11 schrieb Marcus Mülbüsch <[hidden email]>:
>>
>> Hello all,
>>
>> the following lines alert me if the logfiles contains 2 Criticals in 2 minutes and ignores single Crits:
>>
>>> check file log_to_watch with path /var/log/log_to_watch
>>>   if match "CRITICAL" for 2 times within 2 cycles then alert
>>
>> However, my Crits mostly happen in the same second. I can safely ignore a single one, but want monit to alert me if several happen at once (or in short succession). The above lines does not do that.
>>
>> Unfortunately I can't figure out how to proceed. Is there a way?
>>
>> Any suggestion would be highly appreciated.
>>
>> Marcus
>>
>
>


--

Marcus Mülbüsch
Systemadministration

fon: +49 (0)208 9898 98-49
fax: +49 (0)208 9898 98-949
_______________________________________

AS-Infodienste GmbH
Timmerhellstr. 39
45478 Mülheim

mail: [hidden email]
web: www.as-infodienste.de

Kontakt zum Telefonsupport für
Servicerufnummern:    +49 (0)208 9898 98-11
Telefonsekretariat:   +49 (0)208 9898 98-12
Telefonkonferenzen:   +49 (0)208 9898 98-17

Unternehmenszentrale:
fon: +49 (0)208 9898 98-00
fax: +49 (0)208 9898 98-900
_______________________________________

Unternehmensangaben:

Die AS-Infodienste GmbH ist im
Handelsregister des AG Duisburg
unter HRB 16061 registriert.

Geschäftsführer:
Andreas Schlacht

USt.-ID: DE 813295188
St.-Nr.: 120/5742/0589

Unsere Datenschutzerklärung finden Sie hier:
http://www.as-infodienste.de/datenschutz/
_______________________________________

Wir nutzen klimafreundlichen Ökostrom
von NATURSTROM. Damit leisten wir
einen Beitrag zum Umweltschutz.

Reply | Threaded
Open this post in threaded view
|

Re: How to watch file content tests for several events in the same cycle?

Lutz Mader
Hello Marcus,
you are right.

> I "feared" as much. As usual, a script is the way to go. Alas, I was
> hoping for something ready-to-go.

Feel free to open an issue/ticket and ask the team to implement a
corresponding feature. This succeeds sometimes when a feature is deemed
useful.

I also missed this feature.

With regards,
Lutz