Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linux Module
#1
Hi all,

We have a variety of servers we monitor and our logging server is debian based linux.
One of the log files produces an 'Events Per Second' stat and I wish to create a module from this.

This is what I have so far but cannot get this to work
# Alienvault EPS
module_begin
module_name EPS
module_type generic_data
module_exec tail -100 /var/log/alienvault/agent/agent.log | grep eps | tac | awk '{ print $6 }'
module_description Alienvault events per second
module_end

/var/log/alienvault/agent/agent.log is the log location and when tailing it this is what it would display:
2016-04-05 09:37:14,488 Stats [INFO]: Total events captured: 2770407 - eps:2.55

The number following 'eps:' is the value I want to utilize in the module.

Any help is greatly appreciated

Regards
Ste
 Reply
#2
Hi No_One911,

I'm not sure the generic_data module can hold that command. Note that it's printing every single value of the sixth column of every line that has the string "eps" in it. So, if there were more than one line containing that 'eps' string within the last hundred of the log, awk would print more than one value, which is not compatible with the way a module works (as it only evaluates one value at a time).

Maybe you could try with something as  awk ' BEGIN {sum=0}{sum+=$6}END{print sum/NR}'    instead (not sure if the syntax is 100% correct).
Hope it helps.

Kind regards,
Kevin.
 Reply
#3
Thanks for your help Kevin

This now displays as a module but unfortunately it results in a value of 0

I'm not 100% familiar with the awk function but could this be to do with the sum part of the syntax or if its not printing the correct column?

The eventual aim is to have it monitoring the eps value at a continuous rate because our live environment logger produces an eps value at a much higher frequency

Thanks
Ste
 Reply
#4
It appears that it is working with a slight change to the syntax

Original:
awk ' BEGIN {sum=0}{sum+=$6}END{print sum/NR}

New:
awk ' BEGIN {sum=0}{sum+=$10}END{print sum+NR}'

This now seems to print to correct value at regular intervals

Thanks for the help with this

Ste
 Reply
#5
Hi No_One911,

I fear I've read your reply a little late, then. I'm glad to read you got it working, anyway.

Kind regards,
Kevin.
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2017 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes