Check plugin for remote log files on linux systems


is there a plugin which is able to check log files for specific key words (e.g. critical, error, …) remotely from the icinga master?

None of these modules seems to be able to do this:

There is a NCPA check for this, but it can only check syslogs on Windows…
./ -H -t Str0ngT0k3n -M logs -q name=system,severity=warning,severity=error,severity=critical,logged_after=1h

I use monitoring-plugins/check-plugins/logfile at main · Linuxfabrik/monitoring-plugins · GitHub

Is it remote checks? I don’t see any --host option int he documentation?

And could you describe how you installed this plugin and share your check commands and the services? :slight_smile:

Sorry, I overread the remote part of your question.
I’m not sure if the file open part can be easily replaced by a smb/cifs access but you could give it a try or open a issue.

I don’t know any plugins that can do that.
Is checking via SSH (check_by_ssh) not an option for you/this host?
With that you would have a secure connection/way to check, with the small drawback that the script has to be on the remote host.

This may be a heavier solution than what you are looking for, but you may consider using Logstash to watch those files and the Icinga output plugin for Logstash to submit a passive check back to your monitor when the filter detects events that match your criteria.