From 2c27f5335eeb507b4c9d10e85816abda165bd16a Mon Sep 17 00:00:00 2001 From: Eric Loyd Date: Thu, 15 Aug 2024 09:16:18 -0400 Subject: [PATCH] Better highlighting and now host/service selectors work as well as --current --- nlog | 92 +++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 32 deletions(-) diff --git a/nlog b/nlog index 4753f0e..719f3a9 100755 --- a/nlog +++ b/nlog @@ -20,36 +20,46 @@ num="" # These two need to be regexp wildcards to match everything when nothing is specified aSource="(HOST|SERVICE)" aType="(ALERT|NOTIFICATION|EVENT HANDLER)" +verbose="" + +do_debug() { + [ -n "$verbose" ] && echo "$*" +} print_help() { - echo "Usage:" - echo " -d (debug mode)" - echo " -h|--host " - echo " -s|--service " - echo " --state no default" - echo " --ok|--warn|--warning|--crit|--critical only print things that match" - echo " --hard only print hard stuff" - echo " --soft only print soft stuff" - echo " --sev|--severity , default=all" - echo " -Q does a quick version of HARD CRITICAL" - echo " -n <#> selects the alert number, no default" - echo " --type , default=all" - echo " --event set alert type to EVENT HANDLER" - echo " --src|--source , default=all" - echo " --from , default=today at midnight" - echo " --to , default=now" - echo " --notime don't convert timestamp to human time" - echo " -c|--constant) the equivalent of a tail -f on the Nagios log file" - echo " --file ) scan instead of $file; use \"...\" if wildcards" - echo "" - echo "All input is evaluated as a case-insensitive regexp surrounded by wildcards." - echo "Time values can be in the following formats:" - echo " HH:MM[:SS] YYYY-MM-DD YYYY-MM-DD HH:MM[:SS]*" - echo "This program does not directly scan log files other than the current one. If you want" - echo "to scan older files, use the --file option. Note that this can be combined with the" - echo "--from and --to options, but keep in mind that file names are named based on the date they" - echo "were rotated, not the date of their contents." - echo "*Due to the awk pattern matching, dates before 2020-09-09 will produce empty output." + cat << HELP_EOF +Usage: + -d (debug mode) + -h|--host + -s|--service + --current show CURRENT HOST|SERVICE STATE information + --state no default + --ok|--warn|--warning|--crit|--critical only print things that match + --hard|--sort only print things that match + --soft only print soft stuff + --sev|--severity , default=all + -Q does a quick version of HARD CRITICAL + -n <#> selects the alert number (of max_retries), no default + --type , default=all + --event set alert type to EVENT HANDLER + --src|--source , default=all + --from , default=today at midnight + --to , default=now + --notime don't convert timestamp to human time + -c|--constant) the equivalent of a tail -f on the Nagios log file + --file ) scan instead of $files; use "..." if wildcards + -v turn on verbose/debug mode + +All input is evaluated as a case-insensitive regexp surrounded by wildcards. +Time values can be in the following formats: + HH:MM[:SS] YYYY-MM-DD YYYY-MM-DD HH:MM[:SS]* +This program does not directly scan log files other than the current one. If you want +to scan older files, use the --file option. Note that this can be combined with the +--from and --to options, but keep in mind that file names are named based on the date they +were rotated, not the date of their contents. +Some options set others, so options earlier on the command line can be overwritten by later ones +*Due to the awk pattern matching, dates before 2020-09-09 will produce empty output. +HELP_EOF exit; } @@ -61,6 +71,7 @@ while [ -n "$1" ]; do -s|--service) service="$2"; shift 2;; --state) state="$2"; shift 2;; --ok) state="OK"; shift 1;; + --current) aSource="(HOST|SERVICE)"; aType="STATE"; shift 1;; --warn|--warning) state="WARNING"; shift 1;; --crit|--critical) state="CRITICAL"; shift 1;; --hard) severity="HARD"; shift 1;; @@ -74,7 +85,8 @@ while [ -n "$1" ]; do --from) fromTime="$2"; shift 2;; --to) toTime="$2"; shift 2;; --notime) noTime="true"; shift 1;; - -c|--constant) tailMode="-f"; shift 1;; + -c|--constant) tailMode="--follow=name"; shift 1;; + -v) verbose="true"; shift 1;; *) shift 1;; esac done @@ -85,6 +97,7 @@ done # [1690749418] HOST ALERT: Security Cameras; DOWN; SOFT; 1; CRITICAL - 192.168.1.88: rta nan, lost 100% # [1690765779] SERVICE ALERT: DD-WRT; Port: vlan1 Bandwidth; CRITICAL; SOFT; 4; CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps # (NF-3) (NF-2)(NF-1) +# [1723694400] CURRENT HOST STATE: localhost;UP;HARD;1;OK - 127.0.0.1 rta 0.067ms lost 0% # (HOST|SERVICE) (DOWNTIME|FLAPPING)? (ALERT|NOTIFICATION) timeSel="" @@ -99,13 +112,28 @@ fi timeSub="" [ -z "$noTime" ] && timeSub="&& sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" +do_debug "DEBUG: host=$host" +do_debug "DEBUG: service=$service" +do_debug "DEBUG: awk=^\[[0-9]{10}] (GLOBAL |CURRENT )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*$service" + tail -n +1 $tailMode $files | gawk -F\; "\ BEGIN {IGNORECASE=1} \ - /^\[[0-9]{10}] (GLOBAL )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*;$service/ \ + /^\[[0-9]{10}] (GLOBAL |CURRENT )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*$service/ \ && \$(NF-3)~/$state/ \ && \$(NF-2)~/$severity/ \ && \$(NF-1)~/$num/ \ $timeSel \ $timeSub \ - {printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6}" | - sed -e "s/;OK;/;\x1b[32mOK\x1b[0m;/" -e "s/;CRITICAL;/;\x1b[31mCRITICAL\x1b[0m;/" -e "s/;WARNING;/;\x1b[33mWARNING\x1b[0m;/" -e "s/;HARD;/;\x1b[35mHARD\x1b[0m;/" -e "s/;SOFT;/;\x1b[36mSOFT\x1b[0m;/" + { + sub(/OK/, \"\x1b[32mOK\x1b[0m\", \$3) + sub(/WARNING/, \"\x1b[31mWARNING\x1b[0m\", \$3) + sub(/CRITICAL/, \"\x1b[33mCRITICAL\x1b[0m\", \$3) + sub(/UP/, \"\x1b[32mUP\x1b[0m\", \$2) + sub(/UNREACHABLE/, \"\x1b[31mUNREACHABLE\x1b[0m\", \$2) + sub(/DOWN/, \"\x1b[33mDOWN\x1b[0m\", \$2) + sub(/HARD/, \"\x1b[35mHARD\x1b[0m\", \$3) + sub(/SOFT/, \"\x1b[36mSOFT\x1b[0m\", \$3) + sub(/HARD/, \"\x1b[35mHARD\x1b[0m\", \$4) + sub(/SOFT/, \"\x1b[36mSOFT\x1b[0m\", \$4) + printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6 +}"