diff --git a/nlog b/nlog index 70cea42..632ed22 100755 --- a/nlog +++ b/nlog @@ -7,7 +7,8 @@ archives="$nagBase/var/archives" # [fromTime] aSource aType: host;service;state;severity;num;text #fromTime=`date -d "" +"%s"` -file="$nagLog" +files="$nagLog" +tailMode="" fromTime="" toTime="" noTime="" @@ -17,25 +18,27 @@ state="" severity="" num="" # These two need to be regexp wildcards to match everything when nothing is specified -aSource=".*" -aType=".*" +aSource="(HOST|SERVICE)" +aType="(ALERT|NOTIFICATION|EVENT HANDLER)" print_help() { echo "Usage:" echo " -d (debug mode)" - echo " -m " - echo " -s " - echo " -f , default=today at midnight" - echo " -t , default=now" - echo " -y <#> (subtracts # days from times specified" - echo " -x Skip remaining match checks and print all records in date range" + echo " -h|--host " + echo " -s|--service " + echo " --state no default" + echo " --ok|--warn|--warning|--crit|--critical only print things that match" + echo " --hard only print hard stuff" + echo " --soft only print soft stuff" + echo " --sev|--severity , default=all" + echo " -Q does a quick version of HARD CRITICAL" echo " -n <#> selects the alert number, no default" - echo " -T , no default" - echo " -w no default" - echo " --src|--source , default=SERVICE" - echo " --type , no default" - echo " -q prints a quick report (doesn't print extended deatils)" - echo " -r Cancels all other selections except for times, and looks for restarts" + echo " --type , default=all" + echo " --src|--source , default=all" + echo " --from , default=today at midnight" + echo " --to , default=now" + echo " --notime don't convert timestamp to human time" + echo " -c|--constant) the equivalent of a tail -f on the Nagios log file" echo "All input is evaluated as a regexp for pattern matching." echo "Time values can be in the following formats:" echo " HH:MM[:SS] MM/DD/YYYY MM/DD/YYYY HH:MM[:SS] -2 (ie, two days ago)" @@ -53,71 +56,55 @@ print_help() { while [ -n "$1" ]; do case "$1" in --help) print_help;; - --file) file="$2"; shift 2;; + --file) files="$2"; shift 2;; -h|--host) host="$2"; shift 2;; -s|--service) service="$2"; shift 2;; --state) state="$2"; shift 2;; + --ok) state="OK"; shift 1;; + --warn|--warning) state="WARNING"; shift 1;; + --crit|--critical) state="CRITICAL"; shift 1;; --hard) severity="HARD"; shift 1;; --soft) severity="SOFT"; shift 1;; --sev|--severity) severity="$2"; shift 2;; + -Q) severity="HARD"; state="CRITICAL"; shift 1;; -n|--num) num="$2"; shift 2;; - -t|--type) aType="$2"; shift 2;; + --type) aType="$2"; shift 2;; --src|--source) aSource="$2"; shift 2;; - -f|--from) fromTime="$2"; shift 2;; + --from) fromTime="$2"; shift 2;; --to) toTime="$2"; shift 2;; --notime) noTime="true"; shift 1;; + -c|--constant) tailMode="-f"; shift 1;; *) shift 1;; esac done -# $1 ; $2 ; $3 ; $4 ; $5; $6 +# $1 $2 $3 $4 $5 $6 # [fromTime] aSource aType: host;service;state;severity;num;text -# [1690749418] HOST ALERT: Security Cameras;DOWN;SOFT;1;CRITICAL - 192.168.1.88: rta nan, lost 100% -# [1690765779] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;CRITICAL;SOFT;4;CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps -# [1690765838] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;OK;SOFT;5;OK - Current BW in: .23Mbps Out: .15Mbps +# $1 $2 $3 $4 $5 +# [1690749418] HOST ALERT: Security Cameras; DOWN; SOFT; 1; CRITICAL - 192.168.1.88: rta nan, lost 100% +# [1690765779] SERVICE ALERT: DD-WRT; Port: vlan1 Bandwidth; CRITICAL; SOFT; 4; CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps +# (NF-3) (NF-2)(NF-1) +# (HOST|SERVICE) (DOWNTIME|FLAPPING)? (ALERT|NOTIFICATION) -files="" +timeSel="" if [ -n "$fromTime" ]; then - fromTime=`date -d "$fromTime" +"%s"` - for file in $archives/nagios-??-??-????-00.log; do - fdate=`stat -c "%Y" $file` - [ "$fdate" -lt "$fromTime" ] && continue - files="$files $file" - done -else - files="$nagLog" + fromTimeUnix=$(date -d "$fromTime" +"%s") + timeSel="&& substr (\$1, 2, 10) >= $fromTimeUnix" fi if [ -n "$toTime" ]; then - toTime=`date -d "$toTime" +"%s"` + toTimeUnix=$(date -d "$toTime" +"%s") + timeSel="$timeSel && substr (\$1, 2, 10) <= $toTimeUnix" fi +timeSub="" +[ -z "$noTime" ] && timeSub="&& sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" -#awkScript=`mktemp` -#echo -n "//" >> $awkScript -#[ -n "$fromTime" ] && echo -n " && substr (\$1, 2, 10) >= $fromTime" >> $awkScript -#[ -n "$toTime" ] && echo -n " && substr (\$1, 2, 10) <= $toTime" >> $awkScript -#echo -n " && \$1~/\[[0-9]+] $aSource $aType: $host/" >> $awkScript -#[ -n "$service" ] && echo -n " && \$2~/$service/" >> $awkScript -#[ -n "$state" ] && echo -n " && \$3~/$state/" >> $awkScript -#[ -n "$severity" ] && echo -n " && \$4~/$severity/" >> $awkScript -#[ -n "$num" ] && echo -n " && \$5~/$num/" >> $awkScript -#[ -z "$noTime" ] && echo " && sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" >> $awkScript -#gawk -F\; -f $awkScript $files -#rm $awkScript - -timeSelFrom="" -timeSelTo="" -[ -n "$fromTime" ] && timeSel=" && substr (\$1, 2, 10) >= $fromTime" -[ -n "$toTime" ] && timeSel=" && substr (\$1, 2, 10) <= $toTime" - -svcSel="" -if [ -n "$host" ]; then - if [ -n "$service" ]; then - svcSel=" && \$2~/$service/ && \$3~/$state/" - else - svcSel=" && \$2~/$state/" - fi -else - svcSel=" && \$2~/$state/ || \$3~/$state/" -fi - -awk -F\; "/^\[[0-9]+] $aSource $aType: .*$host.*;/ $svcSel {print}" $files +tail -n +1 $tailMode $files | gawk -F\; "\ + BEGIN {IGNORECASE=1} \ + /^\[[0-9]{10}] (GLOBAL )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*;$service/ \ + && \$(NF-3)~/$state/ \ + && \$(NF-2)~/$severity/ \ + && \$(NF-1)~/$num/ \ + $timeSel \ + $timeSub \ + {printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6}" | + sed -e "s/;OK;/;\x1b[32mOK\x1b[0m;/" -e "s/;CRITICAL;/;\x1b[31mCRITICAL\x1b[0m;/" -e "s/;WARNING;/;\x1b[33mWARNING\x1b[0m;/" -e "s/;HARD;/;\x1b[35mHARD\x1b[0m;/" -e "s/;SOFT;/;\x1b[36mSOFT\x1b[0m;/"