sensu-plugins / sensu-plugins-logs Goto Github PK

I've installed sensu-plugins-logs as a Sensu Go asset via Bonsai, and I've hit a bit of a snag with running checks on our CentOS systems, namely that they don't pick up the asset.

It looks like this is because the filter expression in the asset definition is checking entity.system.platform for the value 'rhel', but this key contains 'centos' on the systems in question. I've noticed that most of the other plugins we're using are checking entity.system.platform_family, which does contain 'rhel'.

Is this by design because of a compatibility issue, or is this something that could potentially be changed?

Versions of things: CentOS 7.7, Sensu Go 5.18.1, sensu-plugins-logs 4.0.0

Please release 0.0.3 here on github and on rubygems...

I have few application i would like to monitor with application logs that the log entries have multiple lines. i would like for the check-log check to read not only one line but to read the whole log entry to match or exclude against the patterns i supplied.

is this possible?

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::GemNotFound with message: Could not find gem 'kitchen-localhost (~> 0.3)' in any of the gem sources listed in your Gemfile.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

Hi,

I'm using the check_log to check my logfiles on certain keywords, for example "error". If a new error is written to the log file, sensu gives me an error. After a couple of seconds, the critical error disappears. How should I configure my check in order to check the log file on a word like ERROR and that the error stays as long the error exists in the log file?

My check looks a bit like this:

{
  "checks": {
    "check_log": {
      "command": "/etc/sensu/plugins/check-log.rb -f /opt/test/logs/testDocker.log -q 'ERROR'",
      "interval": 10,
      "subscribers": ["subscriber1"]
    }
  }
}

Thanks in advance

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::GemNotFound with message: Could not find gem 'kitchen-localhost (<= 0.3.0, >= 0.3)' in any of the gem sources listed in your Gemfile.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

I don't know how to interpret "Critical/Warning level if pattern has a group."

It seems like --crit N would only trigger a critical event if the check found N or more matching lines.
It seems like --warn-only --warn N would trigger a warning event if the check found N or more matching lines.

These don't work for me as expected, and don't seem relevant to the code at all. Was a breaking change in Ruby that's affecting this? I'm using Ruby 2.3.1, and it seems like it's impossible to get in to the if m[1] clause at https://github.com/sensu-plugins/sensu-plugins-logs/blob/master/bin/check-log.rb#L192.

If I'm misunderstanding the intended use of --crit and --warn, what are they intended to do?

If my interpretation is correct, I'm happy to submit a PR to update them (it's pretty much ready to go). But I worry that it could be a breaking change for existing implementations.

I was wondering if we can have a new option for the check-logs.rb plugin, since I'm running into a new issue in my env.
Can we have an option to not alert if the file is not present?

Please let me know
Thank you
Devon

Happens when file lines contain characters which are not in UTF-8 format

First, thank you for the ruby plugin.

I would like to suggest the capability to ignore the initial search on a log file. This is option is important when you are starting to watch an existing log file which in some cases are extremely large in size. The initial read takes a higher that normal amount of cpu and memory to traverse the file. This new option would give the check-log.rb the capability to commerce monitoring from the last line / end of file position line in the file.

Per user feedback: Having a flag to return number of lines before and/or after from a matching pattern line.

This will give user added context in instances where you have, as an example, a stack trace in the log file and may need the previous 15 lines or so for context.

To get this working, I had to add sensu user to the adm group so that I can address /var/log/auth.log. But for some reason I started to get Permission Denied for /var/cache/check-log/.../var/log/auth.log. I had to give chmod 777 access (without -R) to /var/cache/check-log/.../var/log/auth.log to get it to work. Ideally adding sensu user to root group should have done the trick.

Please help me solve this issue without having to do chmod on /var/cache/check-log/.../var/log/auth.log.

Hi, It would be great if the rows where the pattern matches are send with the output. As it is now, once I get a match I have to manually look up what the error was.

check-journal.rb lauch journalctl with library path pointing to embeded library.
So journalctl returns :

journalctl: /var/cache/sensu/sensu-agent/ff3ba13e1a20f89eaac7613fc2c072a8a355918dbaf158b8d1565ebf02d066f3382dde872c1d80002ded762d8a3a860ccce20410b8d
edb47b69fd7038e918dde/lib/libcrypt.so.1: version `XCRYPT_2.0' not found (required by /lib/systemd/libsystemd-shared-245.so)
journalctl: /var/cache/sensu/sensu-agent/ff3ba13e1a20f89eaac7613fc2c072a8a355918dbaf158b8d1565ebf02d066f3382dde872c1d80002ded762d8a3a860ccce20410b8d
edb47b69fd7038e918dde/lib/libcrypt.so.1: version `XCRYPT_4.4' not found (required by /lib/systemd/libsystemd-shared-245.so)

Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal

Workaround can be add LD_LIBRARY_PATH= in front of journalctl cmd
So the command is LD_LIBRARY_PATH= journalctl #{journalctl_args}

Updating the README.md with

• Basic functionality is documented
• Examples are documented: At least one per script
• Has a license
• Platforms

when specifying a directory with -s to store the state file, the check naively assumes that there is only a single check against the given file.

If you are monitoring /var/log/nginx/access.log for instances of http_status=502 and specify -s /tmp, then a state file containing the last scanned line number gets created as /tmp/var/log/nginx/access.log.

The problem comes when you attempt to create a second check, say for instances of http_status=503 and specify the same -s /tmp directory. the two checks will end up clobbering the other's files, and detection of the regex match will be inconsistent and unreliable.

Perhaps the file's contents should contain the check name as well, i.e. /tmp/var/log/nginx/access.log should contain two lines, such as:

check_http_502:80105
check_http_503:79940

I wonder why all sensu plugins have this common issue in them. Documentation is so lacking. How can a documentation just have 3 lines in it for 4 commands that are provided ? How come the options and tricks and tips are just not mentioned ? We have to google like crazy to find anything regarding the plugin.

You have 4 files
bin/check-journal.rb
bin/check-log.rb
bin/handler-logevent.rb
bin/handler-show-event-config.rb

And your doc has
{
"logevent": {
"eventdir": "/var/log/sensu/events",
"keep": 10
}
}

What am I missing, why isn't anyone else complaining. I am sure I am missing something really silly here. I found something useful in a issue, #1

Sorry to sound so frustrated, but all sensu plugins have the EXACT same issue. Each and every one of them. Please correct me if I am wrong here.

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::GemNotFound with message: Could not find gem 'kitchen-localhost (~> 0.3)' in any of the gem sources listed in your Gemfile.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::GemNotFound with message: Could not find gem 'kitchen-localhost (<= 0.3.0, >= 0.3)' in any of the gem sources listed in your Gemfile.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

Hi,
When is a new release planned for the plugin? Since the last release on March 12 2016 there have been a couple of fixes made to the plugin.
I install all plugins as gems on my servers, is there some better way to get the latest fixes other than waiting for new gem to be released?

tail on /var/cache/check-log/.../var/log/auth.log reports
9333715tail: /var/cache/check-log/default/var/log/auth.log: file truncated
9333715tail: /var/cache/check-log/default/var/log/auth.log: file truncated
9333715tail: /var/cache/check-log/default/var/log/auth.log: file truncated

URGENT ISSUE

We encounter some issue when a large amount of errors has been written to the log and the --return flag is set all. the matched errors in the log are collected and sent in the response body sent to the sensu server. few times we encounter a very large response that caused the sensu server to hang.

We might want to implement an option to limit the number of errors in order to avoid large output sent to the sensu server.