check_logfiles icon indicating copy to clipboard operation
check_logfiles copied to clipboard
verified publisher icon lausser

logs with dateext (RHEL /var/log/messages)

Open dfrise opened this issue 7 years ago • 1 comments

Hi,

We are trying to configure check_logfiles for /var/log/messages on RHEL 6/7 servers which use date as a suffix of the rotated file.

Extract of our search directive:

@searches = (
  {
    tag => 'messages',
    logfile => '/var/log/messages',
    rotation => 'messages\-[0-9]{8}',
    criticalpatterns => [
      'Redundancy lost',
      '[d,D]egraded',
      '[e,E]rror',
      'ERROR',
    ],
    ...

All went fine before the log rotation of the 21.10.2018. The log files looked like this:

/var/log/messages
/var/log/messages-20181014
/var/log/messages-20181007
/var/log/messages-20180930
/var/log/messages-20180923

After the log rotation, they looked like this:

/var/log/messages
/var/log/messages-20181021
/var/log/messages-20181014
/var/log/messages-20181007
/var/log/messages-20180930

We then got a bunch of alerts that we already had seen in /var/log/messages that probably came from the new /var/log/messages-20181021 file.

How can we handle this? Is it better to not configure the rotation directive for these kind of logs? Are we missing something?

Thanks, Dominique

dfrise avatar Oct 22 '18 12:10 dfrise

+1

nicutor avatar Jan 20 '22 09:01 nicutor