現象
Nagiosのログ監視で複数の除外キーワードや正規表現を使う(check_log3.pl)
前後10行分のログを取得するようにしてあるのですが、nagiosのWEBインターフェースなどで確認すると、以下のように途中で途切れていました。
調査
# /usr/lib/nagios/plugins/check_log3 -l /etc/httpd/logs/access_log -s /etc/nagios/seeks/check_log3.httpd.seek -p hoge -w 1 -c 5 CRITICAL: Found 7 lines (limit=1/5): 219.117.233.241 - - [27/Jan/2013:14:53:35 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:35 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:35 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17 219.117.233.241 - - [27/Jan/2013:14:53:35 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:36 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:36 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:37 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:37 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:38 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:38 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:39 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:39 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:39 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 54.248.239.80 - - [27/Jan/2013:14:53:40 +0900] "GET / HTTP/1.0" 200 1 "-" "check_http/v1.4.16 (nagios-plugins 1.4.16)" 219.117.233.241 - - [27/Jan/2013:14:53:40 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:41 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:41 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:41 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:42 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:42 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:42 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:14:53:43 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17"
どうやらチェックコマンド自体は必要な長さで正常に出力してくれているようです。
次に、監視サーバー側で直接check_nrpeコマンドを叩いてみます。
# /usr/lib64/nagios/plugins/check_nrpe -H xxx.xxx.xxx.xxx -c check_log3 -a '/etc/httpd/logs/access_log' '/etc/nagios/seeks/check_log3.httpd.seek' 'hoge' 1 5 CRITICAL: Found 5 lines (limit=1/5): 219.117.233.241 - - [27/Jan/2013:18:27:43 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:27:44 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:27:44 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 54.248.235.241 - - [27/Jan/2013:18:27:45 +0900] "GET / HTTP/1.0" 200 1 "-" "check_http/v1.4.16 (nagios-plugins 1.4.16)" 219.117.233.241 - - [27/Jan/2013:18:27:45 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Ja
こちらは途切れているようです。つまりnagios本体でもなく、どちらかのnrpeかcheck_nrpeに問題がありそうです。
また、nrpe.cfgをみる限り、それらしき設定は見つかりませんでした。
受信or送信側のnrpeが内部で固定長でカットオフしている可能性が高そうですが、この環境では、nrpeはyumでインストールされているため何をしているのかわかりません。
そこで、nrpeのソースをダウンロードしてソースをさらってみました。
まず、リモートサーバーにnrpeを落としてみます。
# cd /usr/local/src # curl -L -o nrpe-2.13.tar.gz http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz # tar nrpe-2.13.tar.gz # cd nrpe-2.13
固定長でカットしているとしたらどうせ定数で、MAXが付いているだろうということで探してみます。
# find . -print | xargs grep "define MAX" ./include/common.h:#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ ./include/common.h:#define MAX_FILENAME_LENGTH 256 ./include/common.h:#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */ ./include/common.h:#define MAX_COMMAND_ARGUMENTS 16 ./include/common.h:#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ ./contrib/nrpe_check_control.c:#define MAX_CHARS 1024 ./configure:#define MAX(x, y) ((x) > (y) ? (x) : (y)) ./src/nrpe.c:#define MAXFD 64 ./src/snprintf.c:#define MAX(p,q) (((p) >= (q)) ? (p) : (q))
MAX_INPUT_BUFFERとMAX_PACKETBUFFER_LENGTHというのが怪しそうです。
cat ./include/common.h #define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ ..... #define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */
まずは、MAX_PACKETBUFFER_LENGTHを長くしてみます。
vim ./include/common.h ~ //#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ #define MAX_PACKETBUFFER_LENGTH 10240 /* max amount of data we'll send in one query/response */ ~
そしてこのソースからインストールし直します。
(既存のcfgファイルなどは適宜バックアップしておきます。)
# mkdir /tmp/nagios # cp -R /etc/nagios/* /tmp/nagios/# ./configure --enable-command-args # make all # make install # mkdir /usr/local/nagios/etc # cp ./init-script /etc/init.d/nrpe # chmod 755 /etc/init.d/nrpe # cp /tmp/nagios/* /usr/local/nagios/etc/nagios/ # /etc/init.d/nrpe restart
これでもう一度監視サーバーからcheck_nrpeを叩いてみます。
# /usr/lib64/nagios/plugins/check_nrpe -H xxx.xxx.xxx.xxx -c check_log3 -a '/etc/httpd/logs/access_log' '/etc/nagios/seeks/check_log3.httpd.seek' 'hoge' 1 5 CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
エラーになりました。メッセージ通りリモートサーバー側のログを見てみます。
Jan 27 18:40:26 ip-10-132-10-146 nrpe[13812]: Error: Request packet had invalid CRC32. Jan 27 18:40:26 ip-10-132-10-146 nrpe[13812]: Client request was invalid, bailing out...
CRC32ハッシュが間違っていると言われます。CRCは送信側と受信側のデータ整合性をチェックするために使われることが多いので、どうやら受信側(監視サーバー)でも同じパケット長に設定する必要があるようです。
そこで、監視サーバー側もソースからインストールし、同じくMAX_PACKETBUFFER_LENGTHを合わせてみます。
# cd /usr/local/src # curl -L -o nrpe-2.13.tar.gz http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz # tar xzvf nrpe-2.13.tar.gz # nrpe-2.13 # vim ./include/common.h ~ //#define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ #define MAX_PACKETBUFFER_LENGTH 10240 /* max amount of data we'll send in one query/response */ ~ # yum install make openssl openssl-devel -y # cd /usr/local/src # ./configure # make all # make install # /usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -c check_log3 -a '/etc/httpd/logs/access_log' '/etc/nagios/seeks/check_log3.httpd.seek' 'hoge' 1 5 CRITICAL: Found 5 lines (limit=1/5): 219.117.233.241 - - [27/Jan/2013:18:32:19 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:20 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:20 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:21 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:21 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:21 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:22 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:22 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:22 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:18:32:23 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel M
うーん、、これでも途切れるようです。
次に、MAX_INPUT_BUFFERも長さを変えてみます。長さは念のためMAX_PACKETBUFFER_LENGTHと同じ倍率で変更します。
まずは、リモートサーバーから
vim ./include/common.h ~ //#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ #define MAX_INPUT_BUFFER 20480 ~ # /usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -c check_log3 -a '/etc/httpd/logs/access_log' '/etc/nagios/seeks/check_log3.httpd.seek' 'hoge' 1 5 CRITICAL: Found 5 lines (limit=1/5): 219.117.233.241 - - [27/Jan/2013:19:12:40 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:41 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:41 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:42 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:42 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:42 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:43 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:43 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:43 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:44 +0900] "GET /test/hoge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:44 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:45 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 54.248.235.241 - - [27/Jan/2013:19:12:45 +0900] "GET / HTTP/1.0" 200 1 "-" "check_http/v1.4.16 (nagios-plugins 1.4.16)" 219.117.233.241 - - [27/Jan/2013:19:12:45 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:45 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:47 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:47 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:48 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:48 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:49 +0900] "GET /test/moge HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17" 219.117.233.241 - - [27/Jan/2013:19:12:49 +0900] "GET /favicon.ico HTTP/1.1" 404 288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17"
おぉ、全部取得出来ました!
結果
リモートサーバー側
- MAX_INPUT_BUFFER(内部で貯めこむバッファ長)
- MAX_PACKETBUFFER_LENGTH(nrpeが送信するバッファ長)
- MAX_PACKETBUFFER_LENGTH(chech_nrpeが受信するバッファ長)
の変更が必要なようです。
また監視サーバー側はcheck_nrpeコマンドの直叩きだったので、うまくいけましたが、既存のnagiosがyumのnrpeを使おうとしているので、check_nrpeは失敗します。
そこで、コマンドの定義でソースからインストールしたcheck_nrpeを使用するように変更しておきます。
#vim /etc/nagios/objects/commands.cfg ~ define command { command_name check-nrpe # command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ command_line /usr/local/nagios/libexec/check_nrpe/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ } ~ # /etc/init.d/nagios restart
すると、nagiosから接続した場合でも以下のように必要な長さのログが取得できました。
まとめ
また、今回は、yumと動作を比較しやすくするためにyumのパッケージを残したままソースインストールをしましたが、
本来はyumを削除してから入れなおしたほうが安全ですし、--prefixなどでyumと同じ位置に配置するようにするともっとスマートかも知れません。
今回は以上です。