I am trying to set up a sensu check-log check. Logs look similar to the following:
2015-09-22 06:05:44,710 DEBUG log output here
2015-09-22 06:05:44,712 ERROR more log output here
2015-09-22 06:05:44,713 ERROR even more log output here
2015-09-22 06:05:44,714 WARN so much log output
I am running the check manually to test as follows:
sudo -u sensu /path/to/ruby /path/to/sensu/plugins/check-log.rb -f /path/to/log.log -q '/.*ERROR.*/' -r
which when I run the regex here:
http://rubular.com/r/j1NO8RFY2p
it captures the two lines I want. However the manual check returns this:
CheckLog OK: 0 warnings, 0 criticals for pattern /.*ERROR.*/.
So I keep getting falsely passing checks. Failing to see what I am doing wrong here and documentation is fairly lacking with this particular plugin. And yes, there are errors in the log to capture. Any and all help would be greatly appreciated. Thank you in advance.
EDIT Working code:
rm -rf /var/cache/check-log
sudo -u sensu /path/to/ruby /path/to/sensu/plugins/check-log.rb -f /path/to/log.log -q '.*ERROR.*' -r
The script generates cache in /var/cache/log, it stores the number of bytes read, and seeks to that position, so every time to do the test, you need clean the folder first.
rm -rf /var/cache/check-log
then run the fix code
sudo -u sensu /path/to/ruby /path/to/sensu/plugins/check-log.rb -f /path/to/log.log -q '.*ERROR.*' -r
CheckLog CRITICAL: 0 warnings, 2 criticals for pattern .*ERROR.*.
2015-09-22 06:05:44,712 ERROR more log output here
2015-09-22 06:05:44,713 ERROR even more log output here
Refer: check-log.rb