We currently use the Consol Labs (https://labs.consol.de/nagios/check_logfiles/) check_logfile plugin to alert on strings found within our application logs. One thing that we are having some issues with is that whenever there are several alerts within a time frame or one alert is has a bit a length to it. The nagios alert that is created only shows a small amount of the alert. Which requires the support staff to always connect to the systems to see what the full alert is.
Is there any way to make with the check_logfile, or Nagios/NRPE be able to display the full log alert in the nagios alert that is created?
Thanks,
I too just started with this Nagios plugin, check_logfiles. I have gotten it to work under Unix/Linux. I can't get the plugin to work on Windows which is what I need.
But, I did see while in there, $options A list of options which control the influence of pre- and postscript. Known options are smartpostscript, supersmartpostscript, smartprescript and supersmartprescript. With the option report=”short|long|html” you can customize the plugin’s output. With report=long/html, the plugin’s output can possibly become very long. By default it will be truncated to 4096 characters (The amount of data an unpatched Nagios is able to process). The option maxlength can be used to raise this limit, e.g. maxlength=8192. The option seekfileerror defines the errorlevel, if a seekfile cannot be written, e.g. seekfileerror=unknown (default:critical). The same applies to protocolfileerror (default: ok). Usually the last error message will be shown in the first line of the output. With preview=5 you can tell check_logfiles to show for example the last 5 hits. (default is: preview=1)
also, I'm not completely sure that this is Gospel anymore, as it looks like Nagios has done something to allow longer messages. ? Functionally, NRPE can only handle a payload of 1024 bytes, which limits the amount of data that you can receive on your Nagios server.
so, I really don't know. I also seen that there is a multi-line NRPE agent capability.
please see this article - interestingly - it appears there is a way, however, it is not clear. I think your best bet would be to enter a case ticket with Nagios Core support forum. I've had success with Nagios support forum.
https://sourceforge.net/p/nagios/mailman/nagios-users/thread/C68E26BB.5E2E4%25dszmandi%40imc.net.au/#msg23143763