|
|
|
|
@ -20,36 +20,46 @@ num=""
|
|
|
|
|
# These two need to be regexp wildcards to match everything when nothing is specified
|
|
|
|
|
aSource="(HOST|SERVICE)"
|
|
|
|
|
aType="(ALERT|NOTIFICATION|EVENT HANDLER)"
|
|
|
|
|
verbose=""
|
|
|
|
|
|
|
|
|
|
do_debug() {
|
|
|
|
|
[ -n "$verbose" ] && echo "$*"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
print_help() {
|
|
|
|
|
echo "Usage:"
|
|
|
|
|
echo " -d (debug mode)"
|
|
|
|
|
echo " -h|--host <host>"
|
|
|
|
|
echo " -s|--service <service>"
|
|
|
|
|
echo " --state <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default"
|
|
|
|
|
echo " --ok|--warn|--warning|--crit|--critical only print things that match"
|
|
|
|
|
echo " --hard only print hard stuff"
|
|
|
|
|
echo " --soft only print soft stuff"
|
|
|
|
|
echo " --sev|--severity <type (HARD, SOFT)>, default=all"
|
|
|
|
|
echo " -Q does a quick version of HARD CRITICAL"
|
|
|
|
|
echo " -n <#> selects the alert number, no default"
|
|
|
|
|
echo " --type <alert type (ALERT, EVENT, NOTIFICATION)>, default=all"
|
|
|
|
|
echo " --event set alert type to EVENT HANDLER"
|
|
|
|
|
echo " --src|--source <alert source (HOST, SERVICE)>, default=all"
|
|
|
|
|
echo " --from <from time>, default=today at midnight"
|
|
|
|
|
echo " --to <to time>, default=now"
|
|
|
|
|
echo " --notime don't convert timestamp to human time"
|
|
|
|
|
echo " -c|--constant) the equivalent of a tail -f on the Nagios log file"
|
|
|
|
|
echo " --file <file[s]>) scan <file[s]> instead of $file; use \"...\" if wildcards"
|
|
|
|
|
echo ""
|
|
|
|
|
echo "All input is evaluated as a case-insensitive regexp surrounded by wildcards."
|
|
|
|
|
echo "Time values can be in the following formats:"
|
|
|
|
|
echo " HH:MM[:SS] YYYY-MM-DD YYYY-MM-DD HH:MM[:SS]*"
|
|
|
|
|
echo "This program does not directly scan log files other than the current one. If you want"
|
|
|
|
|
echo "to scan older files, use the --file option. Note that this can be combined with the"
|
|
|
|
|
echo "--from and --to options, but keep in mind that file names are named based on the date they"
|
|
|
|
|
echo "were rotated, not the date of their contents."
|
|
|
|
|
echo "*Due to the awk pattern matching, dates before 2020-09-09 will produce empty output."
|
|
|
|
|
cat << HELP_EOF
|
|
|
|
|
Usage:
|
|
|
|
|
-d (debug mode)
|
|
|
|
|
-h|--host <host>
|
|
|
|
|
-s|--service <service>
|
|
|
|
|
--current show CURRENT HOST|SERVICE STATE information
|
|
|
|
|
--state <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default
|
|
|
|
|
--ok|--warn|--warning|--crit|--critical only print things that match
|
|
|
|
|
--hard|--sort only print things that match
|
|
|
|
|
--soft only print soft stuff
|
|
|
|
|
--sev|--severity <type (HARD, SOFT)>, default=all
|
|
|
|
|
-Q does a quick version of HARD CRITICAL
|
|
|
|
|
-n <#> selects the alert number (of max_retries), no default
|
|
|
|
|
--type <alert type (ALERT, EVENT, NOTIFICATION)>, default=all
|
|
|
|
|
--event set alert type to EVENT HANDLER
|
|
|
|
|
--src|--source <alert source (HOST, SERVICE)>, default=all
|
|
|
|
|
--from <from time>, default=today at midnight
|
|
|
|
|
--to <to time>, default=now
|
|
|
|
|
--notime don't convert timestamp to human time
|
|
|
|
|
-c|--constant) the equivalent of a tail -f on the Nagios log file
|
|
|
|
|
--file <file[s]>) scan <file[s]> instead of $files; use "..." if wildcards
|
|
|
|
|
-v turn on verbose/debug mode
|
|
|
|
|
|
|
|
|
|
All input is evaluated as a case-insensitive regexp surrounded by wildcards.
|
|
|
|
|
Time values can be in the following formats:
|
|
|
|
|
HH:MM[:SS] YYYY-MM-DD YYYY-MM-DD HH:MM[:SS]*
|
|
|
|
|
This program does not directly scan log files other than the current one. If you want
|
|
|
|
|
to scan older files, use the --file option. Note that this can be combined with the
|
|
|
|
|
--from and --to options, but keep in mind that file names are named based on the date they
|
|
|
|
|
were rotated, not the date of their contents.
|
|
|
|
|
Some options set others, so options earlier on the command line can be overwritten by later ones
|
|
|
|
|
*Due to the awk pattern matching, dates before 2020-09-09 will produce empty output.
|
|
|
|
|
HELP_EOF
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -61,6 +71,7 @@ while [ -n "$1" ]; do
|
|
|
|
|
-s|--service) service="$2"; shift 2;;
|
|
|
|
|
--state) state="$2"; shift 2;;
|
|
|
|
|
--ok) state="OK"; shift 1;;
|
|
|
|
|
--current) aSource="(HOST|SERVICE)"; aType="STATE"; shift 1;;
|
|
|
|
|
--warn|--warning) state="WARNING"; shift 1;;
|
|
|
|
|
--crit|--critical) state="CRITICAL"; shift 1;;
|
|
|
|
|
--hard) severity="HARD"; shift 1;;
|
|
|
|
|
@ -74,7 +85,8 @@ while [ -n "$1" ]; do
|
|
|
|
|
--from) fromTime="$2"; shift 2;;
|
|
|
|
|
--to) toTime="$2"; shift 2;;
|
|
|
|
|
--notime) noTime="true"; shift 1;;
|
|
|
|
|
-c|--constant) tailMode="-f"; shift 1;;
|
|
|
|
|
-c|--constant) tailMode="--follow=name"; shift 1;;
|
|
|
|
|
-v) verbose="true"; shift 1;;
|
|
|
|
|
*) shift 1;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
@ -85,6 +97,7 @@ done
|
|
|
|
|
# [1690749418] HOST ALERT: Security Cameras; DOWN; SOFT; 1; CRITICAL - 192.168.1.88: rta nan, lost 100%
|
|
|
|
|
# [1690765779] SERVICE ALERT: DD-WRT; Port: vlan1 Bandwidth; CRITICAL; SOFT; 4; CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps
|
|
|
|
|
# (NF-3) (NF-2)(NF-1)
|
|
|
|
|
# [1723694400] CURRENT HOST STATE: localhost;UP;HARD;1;OK - 127.0.0.1 rta 0.067ms lost 0%
|
|
|
|
|
# (HOST|SERVICE) (DOWNTIME|FLAPPING)? (ALERT|NOTIFICATION)
|
|
|
|
|
|
|
|
|
|
timeSel=""
|
|
|
|
|
@ -99,13 +112,28 @@ fi
|
|
|
|
|
timeSub=""
|
|
|
|
|
[ -z "$noTime" ] && timeSub="&& sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)"
|
|
|
|
|
|
|
|
|
|
do_debug "DEBUG: host=$host"
|
|
|
|
|
do_debug "DEBUG: service=$service"
|
|
|
|
|
do_debug "DEBUG: awk=^\[[0-9]{10}] (GLOBAL |CURRENT )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*$service"
|
|
|
|
|
|
|
|
|
|
tail -n +1 $tailMode $files | gawk -F\; "\
|
|
|
|
|
BEGIN {IGNORECASE=1} \
|
|
|
|
|
/^\[[0-9]{10}] (GLOBAL )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*;$service/ \
|
|
|
|
|
/^\[[0-9]{10}] (GLOBAL |CURRENT )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*$service/ \
|
|
|
|
|
&& \$(NF-3)~/$state/ \
|
|
|
|
|
&& \$(NF-2)~/$severity/ \
|
|
|
|
|
&& \$(NF-1)~/$num/ \
|
|
|
|
|
$timeSel \
|
|
|
|
|
$timeSub \
|
|
|
|
|
{printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6}" |
|
|
|
|
|
sed -e "s/;OK;/;\x1b[32mOK\x1b[0m;/" -e "s/;CRITICAL;/;\x1b[31mCRITICAL\x1b[0m;/" -e "s/;WARNING;/;\x1b[33mWARNING\x1b[0m;/" -e "s/;HARD;/;\x1b[35mHARD\x1b[0m;/" -e "s/;SOFT;/;\x1b[36mSOFT\x1b[0m;/"
|
|
|
|
|
{
|
|
|
|
|
sub(/OK/, \"\x1b[32mOK\x1b[0m\", \$3)
|
|
|
|
|
sub(/WARNING/, \"\x1b[31mWARNING\x1b[0m\", \$3)
|
|
|
|
|
sub(/CRITICAL/, \"\x1b[33mCRITICAL\x1b[0m\", \$3)
|
|
|
|
|
sub(/UP/, \"\x1b[32mUP\x1b[0m\", \$2)
|
|
|
|
|
sub(/UNREACHABLE/, \"\x1b[31mUNREACHABLE\x1b[0m\", \$2)
|
|
|
|
|
sub(/DOWN/, \"\x1b[33mDOWN\x1b[0m\", \$2)
|
|
|
|
|
sub(/HARD/, \"\x1b[35mHARD\x1b[0m\", \$3)
|
|
|
|
|
sub(/SOFT/, \"\x1b[36mSOFT\x1b[0m\", \$3)
|
|
|
|
|
sub(/HARD/, \"\x1b[35mHARD\x1b[0m\", \$4)
|
|
|
|
|
sub(/SOFT/, \"\x1b[36mSOFT\x1b[0m\", \$4)
|
|
|
|
|
printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6
|
|
|
|
|
}"
|
|
|
|
|
|
