5 minute read
Monitoring Log Files with Nagios Plugins
by Hiba Dweib
Plugins allow admins to monitor computer systems for errors in their functioning. The official Nagios package has 50 plugins to enable the monitoring of all basics. There are, however, more than 4000 Nagios plugins available to monitor every aspect of infrastructure. This article covers the installation of a plugin called check_logfiles.
The Nagios monitoring tool is one of the best open source solutions available to systems administrators to monitor servers and network elements. Using the Nagios framework, one can monitor servers, running processes, connected devices and network services. Also, it's easy to monitor custom applications.
Advertisement
This article focuses more on monitoring the log files using a Nagios plugin. We hope you have already set up Nagios core, Nagios plugins and NRPE (Nagios Remote Plugin Executer).
Some of the features of the Nagios monitoring tool include: Monitoring of network services (SMTP, POP3, HTTP,
NNTP, PING, etc) Monitoring of host resources (processor load, disk usage, etc) A simple plugin design that allows users to easily develop their own service checks Support for implementing redundant monitoring hosts Contact notifications when service or host problems occur and get resolved (via email, SMS, or a userdefined method)
Overview of Nagios plugins
Unlike many other monitoring tools, Nagios does not include any internal mechanisms for checking the status of hosts and services on the network. Instead, it relies on external programs (called plugins) to collect the data.
Plugins are compiled executables or scripts that can be executed from the command line to check the status of a host or a service. Nagios uses the results from plugins to determine the current status of hosts and services on the network.
Nagios will execute a plugin whenever there is a need to check the status of a service or host. The plugin performs the check and then simply returns the results for processing. Nagios will process the results that it receives from the plugin and take any necessary action (running event handlers, sending out notifications, etc).
Plugins as an abstraction layer
Plugins act as an abstraction layer between the monitoring logic present in the Nagios daemon and the actual services and hosts that are being monitored. Refer to Figure 1 for Plugins abstraction layer.
Available plugins
Currently, there are plugins available to monitor many different kinds of devices and services, including: HTTP, POP3, IMAP, FTP, SSH and DHCP CPU load, disk usage, memory usage, current users UNIX/Linux, Windows servers Routers and switches
Installing a plugin for log monitoring
Let’s consider the SSH server installed at the client side for monitoring the log files using Nagios. There are several monitoring plugins available for Nagios, so let’s go with the widely used check_logfiles to monitor the log files for the SSH server. check_logfiles has some extra features compared to the default monitoring plugin: 1) It detects the log rotations and scans within the rotated archives as well. 2) More than one pattern can be defined, which can be classified as warning patterns and critical patterns. 3) check_logfiles lets you call scripts either after every hit, at the beginning or at the end of its runtime.
4) The plugin works with UNIX as well as with Windows.
Installation
The plugin can be built and installed on a GNU/Linux-based system (such as CentOS). Download the plugin file check_ logfiles-3.6.1.tar.gz and unzip it to a folder. Once you have installed the required software packages, building is simple. Follow the steps given below to start the installation. The plugin has to be installed at both the server and the client side. We have installed CentOS 6.4 at both server and client side. The installation and configuration procedure will work on other Linux distributions as well.
[root@nagiosserver]#tar xvfz check_logfiles-3.6.1.tar.gz [root@nagiosserver]#cd check_logfiles-3.6.1 [root@nagiosserver check_logfiles-3.6.1]#./configure [root@nagiosserver check_logfiles-3.6.1]#make [root@nagiosserver check_logfiles-3.6.1]#make install
Configuring a service for monitoring
On the server side
Step 1: After installing the check_logfiles plugin, change the ownership of check_logfiles file to Nagios.
Step 2: For monitoring the log file at the remote client running the SSH server, define the service in /usr/local/ nagios/etc/objects/nagiosclient.cfg file. In this set-up, I have named the remote Linux client as nagiosclient. So I have created the configuration file nagiosclient.cfg for the same.
Step 3: Reload the Nagios service.
[root@nagiosserver]#service nagios reload
Refer to Figure 2 for step-by-step instructions.
On the client side
Step 1: Change the ownership to Nagios for the check_ logfiles file located in /usr/local/nagios/libexec.
Step 2: Add the following line to the nrpe.cfg file located in /usr/local/nagios/etc.
Command [check_logfiles]=/usr/local/nagios/libexec/check_ logfiles --config /usr/local/nagios/libexec/logs.cfg
Step 3: Create the logs.cfg file under /usr/local/ nagios/libexec and change the ownership to Nagios and permission (755).
Step 4: Change the group ownership (nagios) and permission (g+r) to the log file /var/log/secure.
Step 5: Restart the xinetd service.
[root@nagiosclient]#service xinetd restart
Refer to Figure 3 for step-by-step instructions.
We also attempted an SSH login with the wrong password to see the plugin’s behaviour.
Nagios Process
Check Logic
Embedded Perl Interpreter
Plugins Perl Plugins Monitoring Logic
Monitoring Abstraction Layer
Hosts and Services Monitored Entites
Figure 1: Plugin abstraction layer
Figure 2: Define a service
Figure 3: Client configuration
In this example, I have defined a service, and configured a Linux client to monitor the SSH log file and generate a warning if there are any authentication failures. Similar steps can be followed to configure other such services (Apache, for instance) and log files to be monitored by the Nagios system. I would recommend that you refer to the URLs given below for more insight into the check_logfiles plugin.
References
[1] http://www.nagios.org [2] http://labs.consol.de/nagios/check_logfiles/ [3] http://exchange.nagios.org/directory/Plugins/Log-Files [4] http://exchange.nagios.org/directory/Plugins/Operating-
Systems/Linux/check_logfiles/details
By: Kannan K and Avinash Bendigeri
Kannan K and Avinash Bendigeri work as software development engineers at the Dell India R&D Centre in Bengaluru. Kannan has eight years of experience in the Linux and virtualisation domains, and is interested in networking and security technologies. Avinash is interested in the automation and systems management domains.
