Hello Guest

Author Topic: Linux Module  (Read 3948 times)

0 Members and 1 Guest are viewing this topic.

Offline No_One911

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Linux Module
« on: April 05, 2016, 01:39:49 AM »
Hi all,

We have a variety of servers we monitor and our logging server is debian based linux.
One of the log files produces an 'Events Per Second' stat and I wish to create a module from this.

This is what I have so far but cannot get this to work
# Alienvault EPS
module_begin
module_name EPS
module_type generic_data
module_exec tail -100 /var/log/alienvault/agent/agent.log | grep eps | tac | awk '{ print $6 }'
module_description Alienvault events per second
module_end

/var/log/alienvault/agent/agent.log is the log location and when tailing it this is what it would display:
2016-04-05 09:37:14,488 Stats [INFO]: Total events captured: 2770407 - eps:2.55

The number following 'eps:' is the value I want to utilize in the module.

Any help is greatly appreciated

Regards
Ste

Offline AKevin

  • Administrator
  • Sr. Member
  • *****
  • Posts: 97
  • Karma: 3
    • View Profile
Re: Linux Module
« Reply #1 on: April 05, 2016, 09:00:01 AM »
Hi No_One911,

I'm not sure the generic_data module can hold that command. Note that it's printing every single value of the sixth column of every line that has the string "eps" in it. So, if there were more than one line containing that 'eps' string within the last hundred of the log, awk would print more than one value, which is not compatible with the way a module works (as it only evaluates one value at a time).

Maybe you could try with something as   awk ' BEGIN {sum=0}{sum+=$6}END{print sum/NR}'     instead (not sure if the syntax is 100% correct).
Hope it helps.

Kind regards,
Kevin.

Offline No_One911

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Linux Module
« Reply #2 on: April 06, 2016, 02:29:09 AM »
Thanks for your help Kevin

This now displays as a module but unfortunately it results in a value of 0

I'm not 100% familiar with the awk function but could this be to do with the sum part of the syntax or if its not printing the correct column?

The eventual aim is to have it monitoring the eps value at a continuous rate because our live environment logger produces an eps value at a much higher frequency

Thanks
Ste

Offline No_One911

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Linux Module
« Reply #3 on: April 06, 2016, 02:41:09 AM »
It appears that it is working with a slight change to the syntax

Original:
awk ' BEGIN {sum=0}{sum+=$6}END{print sum/NR}

New:
awk ' BEGIN {sum=0}{sum+=$10}END{print sum+NR}'

This now seems to print to correct value at regular intervals

Thanks for the help with this

Ste

Offline AKevin

  • Administrator
  • Sr. Member
  • *****
  • Posts: 97
  • Karma: 3
    • View Profile
Re: Linux Module
« Reply #4 on: April 06, 2016, 07:39:29 AM »
Hi No_One911,

I fear I've read your reply a little late, then. I'm glad to read you got it working, anyway.

Kind regards,
Kevin.