0

I want to monitor a logfile and I am only interested in the "Received new block" lines. I need two different scripts to monitor

  • The height, which should always be one number higher then the height in the previous "Received new block"-line. If it's not +1 AND if it's not changing within 120 seconds THEN alarm.
  • The timestamp (only for the "Received new block"-lines), which should always change. If no change occurs for 120 seconds THEN alarm.

All other lines are not of interest here and can be ignored. I tried to find any examples to bring this together but I am still not successful, so I hope you can help me.

log-snippet

{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:33","data":50}
{"level":"info","message":"Checking blockchain on 11.22.33.44:1234","timestamp":"2016-04-30 19:49:33"}
{"level":"warn","message":"Balance queue","timestamp":"2016-04-30 19:49:39","data":50}

{"level":"info","message":"Received new block id: 12345678901234567890 height: 8761 round: 87 slot: 3350818 reward: 100000000","timestamp":"2016-04-30 19:49:41"}

{"level":"info","message":"Removing peer POST http://11.22.33.44:1234/peer/transactions","timestamp":"2016-04-30 19:49:42"}
{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:43","data":94}
{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:43","data":93}
{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:43","data":52}
{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:43","data":51}
{"level":"warn","message":"Main queue","timestamp":"2016-04-30 19:49:43","data":50}
{"level":"info","message":"Checking blockchain on 11.22.33.44:1234","timestamp":"2016-04-30 19:49:44"}
{"level":"info","message":"Removing peer POST http://11.22.33.44:1234/peer/blocks","timestamp":"2016-04-30 19:49:46"}

{"level":"info","message":"Received new block id: 12345678901234567890 height: 8762 round: 87 slot: 3350819 reward: 100000000","timestamp":"2016-04-30 19:49:50"}

monitrc

set daemon 120            # check services at 2-minute intervals
set logfile /var/log/monit.log
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set mailserver SMTP.MAILHOSTER.COM port 587         # primary mailserver
     username "LoginUsername" password "LoginPassword"
     using ssl
     with timeout 30 seconds
set eventqueue
      basedir /var/lib/monit/events # set the base directory where events will be stored
      slots 100                     # optionally limit the queue size
set   mail-format {
        from: SEND@MAILHOSTER.COM
        subject: ALARM on Test-Server -- $EVENT $SERVICE
        message: $EVENT Service $SERVICE
        Date:        $DATE
        Action:      $ACTION
        Host:        $HOST
        Description: $DESCRIPTION

        Bye,
        Monit
}
set alert RECEIVE@example.net       # receive all alerts
include /etc/monit/conf.d/*
Giacomo1968
  • 3,522
  • 25
  • 38
John Doof
  • 169
  • 3
  • 9

1 Answers1

0
If no change occurs for 30 seconds THEN alarm

Did you set monit to run every 30 second ? Monit is not mean for such metric as it check every (2) minute(s) from default configuration. Also to detect that a timestamp didn't change every 30 second is not the same as check each second if not older than 30 second

Also for such specific case, use a custom script with all your logic then act according to exit code. see https://mmonit.com/monit/documentation/monit.html#PROGRAM-STATUS-TESTING

DevOps
  • 720
  • 3
  • 15
  • Did you have a look at other post also : http://serverfault.com/questions/480345/i-need-to-monitor-a-log-file-with-monit-if-the-file-does-not-change-monit-will-a – DevOps May 02 '16 at 15:18
  • Well, no. MONIT itself is on 120 seconds. I am okay with 120 seconds, if it's a problem to let MONIT check the logfile every 30 seconds. But how to tell MONIT to check only the "Received new block"-lines? And what about script **a)**? – John Doof May 02 '16 at 15:49