You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 lines
4.5 KiB
Bash
124 lines
4.5 KiB
Bash
#!/bin/bash
|
|
|
|
nagBase="/usr/local/nagios"
|
|
nagLog="$nagBase/var/nagios.log"
|
|
archives="$nagBase/var/archives"
|
|
|
|
# [fromTime] aSource aType: host;service;state;severity;num;text
|
|
|
|
#fromTime=`date -d "" +"%s"`
|
|
file="$nagLog"
|
|
fromTime=""
|
|
toTime=""
|
|
noTime=""
|
|
host=""
|
|
service=""
|
|
state=""
|
|
severity=""
|
|
num=""
|
|
# These two need to be regexp wildcards to match everything when nothing is specified
|
|
aSource=".*"
|
|
aType=".*"
|
|
|
|
print_help() {
|
|
echo "Usage:"
|
|
echo " -d (debug mode)"
|
|
echo " -m <machine>"
|
|
echo " -s <service>"
|
|
echo " -f <from time>, default=today at midnight"
|
|
echo " -t <to time>, default=now"
|
|
echo " -y <#> (subtracts # days from times specified"
|
|
echo " -x Skip remaining match checks and print all records in date range"
|
|
echo " -n <#> selects the alert number, no default"
|
|
echo " -T <type (HARD, SOFT)>, no default"
|
|
echo " -w <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default"
|
|
echo " --src|--source <alert source (HOST, SERVICE)>, default=SERVICE"
|
|
echo " --type <alert type (ALERT, EVENT, NOTIFICATION)>, no default"
|
|
echo " -q prints a quick report (doesn't print extended deatils)"
|
|
echo " -r Cancels all other selections except for times, and looks for restarts"
|
|
echo "All input is evaluated as a regexp for pattern matching."
|
|
echo "Time values can be in the following formats:"
|
|
echo " HH:MM[:SS] MM/DD/YYYY MM/DD/YYYY HH:MM[:SS] -2 (ie, two days ago)"
|
|
echo "So to see yesterday's critical service alerts, try this:"
|
|
echo " $0 [-A SERVICE] [-a ALERT] -f 00:00 -t 23:59 -y 1"
|
|
echo "The logic for scanning which files to search relies upon Nagios rotating log"
|
|
echo "files once per day, at midnight. This causes a \"LOGFILE ROTATE\" message to"
|
|
echo "occur in the logfile, which this program uses to determine if the logfile could"
|
|
echo "contain valid information for the date range specified on the command line."
|
|
echo "While this dramatically speeds up file processing time, it could lead to skipped"
|
|
echo "data if the Nagios logfile rotation schedule is ever changed."
|
|
exit;
|
|
}
|
|
|
|
while [ -n "$1" ]; do
|
|
case "$1" in
|
|
--help) print_help;;
|
|
--file) file="$2"; shift 2;;
|
|
-h|--host) host="$2"; shift 2;;
|
|
-s|--service) service="$2"; shift 2;;
|
|
--state) state="$2"; shift 2;;
|
|
--hard) severity="HARD"; shift 1;;
|
|
--soft) severity="SOFT"; shift 1;;
|
|
--sev|--severity) severity="$2"; shift 2;;
|
|
-n|--num) num="$2"; shift 2;;
|
|
-t|--type) aType="$2"; shift 2;;
|
|
--src|--source) aSource="$2"; shift 2;;
|
|
-f|--from) fromTime="$2"; shift 2;;
|
|
--to) toTime="$2"; shift 2;;
|
|
--notime) noTime="true"; shift 1;;
|
|
*) shift 1;;
|
|
esac
|
|
done
|
|
|
|
# $1 ; $2 ; $3 ; $4 ; $5; $6
|
|
# [fromTime] aSource aType: host;service;state;severity;num;text
|
|
# [1690749418] HOST ALERT: Security Cameras;DOWN;SOFT;1;CRITICAL - 192.168.1.88: rta nan, lost 100%
|
|
# [1690765779] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;CRITICAL;SOFT;4;CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps
|
|
# [1690765838] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;OK;SOFT;5;OK - Current BW in: .23Mbps Out: .15Mbps
|
|
|
|
files=""
|
|
if [ -n "$fromTime" ]; then
|
|
fromTime=`date -d "$fromTime" +"%s"`
|
|
for file in $archives/nagios-??-??-????-00.log; do
|
|
fdate=`stat -c "%Y" $file`
|
|
[ "$fdate" -lt "$fromTime" ] && continue
|
|
files="$files $file"
|
|
done
|
|
else
|
|
files="$nagLog"
|
|
fi
|
|
if [ -n "$toTime" ]; then
|
|
toTime=`date -d "$toTime" +"%s"`
|
|
fi
|
|
|
|
#awkScript=`mktemp`
|
|
#echo -n "//" >> $awkScript
|
|
#[ -n "$fromTime" ] && echo -n " && substr (\$1, 2, 10) >= $fromTime" >> $awkScript
|
|
#[ -n "$toTime" ] && echo -n " && substr (\$1, 2, 10) <= $toTime" >> $awkScript
|
|
#echo -n " && \$1~/\[[0-9]+] $aSource $aType: $host/" >> $awkScript
|
|
#[ -n "$service" ] && echo -n " && \$2~/$service/" >> $awkScript
|
|
#[ -n "$state" ] && echo -n " && \$3~/$state/" >> $awkScript
|
|
#[ -n "$severity" ] && echo -n " && \$4~/$severity/" >> $awkScript
|
|
#[ -n "$num" ] && echo -n " && \$5~/$num/" >> $awkScript
|
|
#[ -z "$noTime" ] && echo " && sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" >> $awkScript
|
|
#gawk -F\; -f $awkScript $files
|
|
#rm $awkScript
|
|
|
|
timeSelFrom=""
|
|
timeSelTo=""
|
|
[ -n "$fromTime" ] && timeSel=" && substr (\$1, 2, 10) >= $fromTime"
|
|
[ -n "$toTime" ] && timeSel=" && substr (\$1, 2, 10) <= $toTime"
|
|
|
|
svcSel=""
|
|
if [ -n "$host" ]; then
|
|
if [ -n "$service" ]; then
|
|
svcSel=" && \$2~/$service/ && \$3~/$state/"
|
|
else
|
|
svcSel=" && \$2~/$state/"
|
|
fi
|
|
else
|
|
svcSel=" && \$2~/$state/ || \$3~/$state/"
|
|
fi
|
|
|
|
awk -F\; "/^\[[0-9]+] $aSource $aType: .*$host.*;/ $svcSel {print}" $files
|