eloyd
/
nagios
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dev
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f09467966b'
${ noResults }
nagios/nlog

113 lines
4.6 KiB
Bash
Raw Blame History

#!/bin/bash
nagBase="/usr/local/nagios"
nagLog="$nagBase/var/nagios.log"
archives="$nagBase/var/archives"
# [fromTime] aSource aType: host;service;state;severity;num;text
#fromTime=`date -d "" +"%s"`
files="$nagLog"
tailMode=""
fromTime=""
toTime=""
noTime=""
host=""
service=""
state=""
severity=""
num=""
# These two need to be regexp wildcards to match everything when nothing is specified
aSource="(HOST|SERVICE)"
aType="(ALERT|NOTIFICATION|EVENT HANDLER)"
print_help() {
echo "Usage:"
echo " -d (debug mode)"
echo " -h|--host <host>"
echo " -s|--service <service>"
echo " --state <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default"
echo " --ok|--warn|--warning|--crit|--critical only print things that match"
echo " --hard only print hard stuff"
echo " --soft only print soft stuff"
echo " --sev|--severity <type (HARD, SOFT)>, default=all"
echo " -Q does a quick version of HARD CRITICAL"
echo " -n <#> selects the alert number, no default"
echo " --type <alert type (ALERT, EVENT, NOTIFICATION)>, default=all"
echo " --event set alert type to EVENT HANDLER"
echo " --src|--source <alert source (HOST, SERVICE)>, default=all"
echo " --from <from time>, default=today at midnight"
echo " --to <to time>, default=now"
echo " --notime don't convert timestamp to human time"
echo " -c|--constant) the equivalent of a tail -f on the Nagios log file"
echo "All input is evaluated as a regexp for pattern matching."
echo "Time values can be in the following formats:"
echo " HH:MM[:SS] MM/DD/YYYY MM/DD/YYYY HH:MM[:SS] -2 (ie, two days ago)"
echo "So to see yesterday's critical service alerts, try this:"
echo " $0 [-A SERVICE] [-a ALERT] -f 00:00 -t 23:59 -y 1"
echo "The logic for scanning which files to search relies upon Nagios rotating log"
echo "files once per day, at midnight. This causes a \"LOGFILE ROTATE\" message to"
echo "occur in the logfile, which this program uses to determine if the logfile could"
echo "contain valid information for the date range specified on the command line."
echo "While this dramatically speeds up file processing time, it could lead to skipped"
echo "data if the Nagios logfile rotation schedule is ever changed."
exit;
}
while [ -n "$1" ]; do
case "$1" in
--help) print_help;;
--file) files="$2"; shift 2;;
-h|--host) host="$2"; shift 2;;
-s|--service) service="$2"; shift 2;;
--state) state="$2"; shift 2;;
--ok) state="OK"; shift 1;;
--warn|--warning) state="WARNING"; shift 1;;
--crit|--critical) state="CRITICAL"; shift 1;;
--hard) severity="HARD"; shift 1;;
--soft) severity="SOFT"; shift 1;;
--sev|--severity) severity="$2"; shift 2;;
-Q) severity="HARD"; state="CRITICAL"; shift 1;;
-n|--num) num="$2"; shift 2;;
--type) aType="$2"; shift 2;;
--event) aType="EVENT HANDLER"; shift 1;;
--src|--source) aSource="$2"; shift 2;;
--from) fromTime="$2"; shift 2;;
--to) toTime="$2"; shift 2;;
--notime) noTime="true"; shift 1;;
-c|--constant) tailMode="-f"; shift 1;;
*) shift 1;;
esac
done
# $1 $2 $3 $4 $5 $6
# [fromTime] aSource aType: host;service;state;severity;num;text
# $1 $2 $3 $4 $5
# [1690749418] HOST ALERT: Security Cameras; DOWN; SOFT; 1; CRITICAL - 192.168.1.88: rta nan, lost 100%
# [1690765779] SERVICE ALERT: DD-WRT; Port: vlan1 Bandwidth; CRITICAL; SOFT; 4; CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps
# (NF-3) (NF-2)(NF-1)
# (HOST|SERVICE) (DOWNTIME|FLAPPING)? (ALERT|NOTIFICATION)
timeSel=""
if [ -n "$fromTime" ]; then
fromTimeUnix=$(date -d "$fromTime" +"%s")
timeSel="&& substr (\$1, 2, 10) >= $fromTimeUnix"
fi
if [ -n "$toTime" ]; then
toTimeUnix=$(date -d "$toTime" +"%s")
timeSel="$timeSel && substr (\$1, 2, 10) <= $toTimeUnix"
fi
timeSub=""
[ -z "$noTime" ] && timeSub="&& sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)"
tail -n +1 $tailMode $files | gawk -F\; "\
BEGIN {IGNORECASE=1} \
/^\[[0-9]{10}] (GLOBAL )?$aSource (DOWNTIME |FLAPPING )?$aType: .*$host.*;$service/ \
&& \$(NF-3)~/$state/ \
&& \$(NF-2)~/$severity/ \
&& \$(NF-1)~/$num/ \
$timeSel \
$timeSub \
{printf \"%s: %s;%s;%s;%s;%s\n\", \$1, \$2, \$3, \$4, \$5, \$6}" |
sed -e "s/;OK;/;\x1b[32mOK\x1b[0m;/" -e "s/;CRITICAL;/;\x1b[31mCRITICAL\x1b[0m;/" -e "s/;WARNING;/;\x1b[33mWARNING\x1b[0m;/" -e "s/;HARD;/;\x1b[35mHARD\x1b[0m;/" -e "s/;SOFT;/;\x1b[36mSOFT\x1b[0m;/"
Reference in New Issue View Git Blame Copy Permalink