Skip to content

Instantly share code, notes, and snippets.

@nzlosh

nzlosh/nagios.xml

Created November 10, 2017 11:08
Show Gist options
  • Save nzlosh/8bdd98be85544ea7b415f9b219e15dbd to your computer and use it in GitHub Desktop.
Save nzlosh/8bdd98be85544ea7b415f9b219e15dbd to your computer and use it in GitHub Desktop.
Download ZIP
patterndb to extract key/value pairs using syslog-ng
Raw
nagios.xml
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='5' pub_date='2017-06-15'>
<ruleset id='a0dab742fc66ad5cdf41bfd0c105f3df' name='nagios'>
<patterns>
<pattern>nagios</pattern>
<pattern>shinken</pattern>
</patterns>
<rules>
<rule provider='github.com/nzlosh' id='nagios-1' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] SERVICE ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ESTRING:nagios_statelevel:;@@ESTRING:nagios_attempt:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">SERVICE ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497510490] SERVICE ALERT: test_host;test_service;OK;SOFT;2;OK: Queue size (0) is less than 50% of the maximum queue size (100000)</test_message>
<test_values>
<test_value name="nagios_epoch">1497510490</test_value>
<test_value name="nagios_type">SERVICE ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_service">test_service</test_value>
<test_value name="nagios_state">OK</test_value>
<test_value name="nagios_statelevel">SOFT</test_value>
<test_value name="nagios_attempt">2</test_value>
<test_value name="nagios_message">OK: Queue size (0) is less than 50% of the maximum queue size (100000)</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-2' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] SERVICE DOWNTIME ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">SERVICE DOWNTIME ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497502812] SERVICE DOWNTIME ALERT: test_host;test_service;STARTED; Service has entered a period of scheduled downtime</test_message>
<test_values>
<test_value name="nagios_epoch">1497502812</test_value>
<test_value name="nagios_type">SERVICE DOWNTIME ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_service">test_service</test_value>
<test_value name="nagios_state">STARTED</test_value>
<test_value name="nagios_message"> Service has entered a period of scheduled downtime</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-3' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] SERVICE EVENT HANDLER: @ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ESTRING:nagios_statelevel:;@@ESTRING:nagios_attempt:;@@ANYSTRING:nagios_event_handler_name@</pattern>
</patterns>
<values>
<value name="nagios_type">SERVICE EVENT HANDLER</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497515002] SERVICE EVENT HANDLER: test_host;test_service;CRITICAL;HARD;3;restart_snmpd_service</test_message>
<test_values>
<test_value name="nagios_epoch">1497515002</test_value>
<test_value name="nagios_type">SERVICE EVENT HANDLER</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_service">test_service</test_value>
<test_value name="nagios_state">CRITICAL</test_value>
<test_value name="nagios_statelevel">HARD</test_value>
<test_value name="nagios_attempt">3</test_value>
<test_value name="nagios_event_handler_name">restart_snmpd_service</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-4' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] SERVICE FLAPPING ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">SERVICE FLAPPING ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497515553] SERVICE FLAPPING ALERT: test_host;test_service;STOPPED; Service appears to have stopped flapping (19.6% change &lt; 20.0% threshold)</test_message>
<test_values>
<test_value name="nagios_epoch">1497515553</test_value>
<test_value name="nagios_type">SERVICE FLAPPING ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_service">test_service</test_value>
<test_value name="nagios_state">STOPPED</test_value>
<test_value name="nagios_message"> Service appears to have stopped flapping (19.6% change &lt; 20.0% threshold)</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-5' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] SERVICE NOTIFICATION: @ESTRING:nagios_notifyname:;@@ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ESTRING:nagios_contact:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">SERVICE NOTIFICATION</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497510581] SERVICE NOTIFICATION: test_user;test_host;BIGQUERY::AGGREGATOR processing DM API errors;CRITICAL;notify-by-email-html;CRITICAL: No passive check result received in time</test_message>
<test_values>
<test_value name="nagios_epoch">1497510581</test_value>
<test_value name="nagios_type">SERVICE NOTIFICATION</test_value>
<test_value name="nagios_notifyname">test_user</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_service">BIGQUERY::AGGREGATOR processing DM API errors</test_value>
<test_value name="nagios_state">CRITICAL</test_value>
<test_value name="nagios_contact">notify-by-email-html</test_value>
<test_value name="nagios_message">CRITICAL: No passive check result received in time</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-6' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] HOST ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_state:;@@ESTRING:nagios_statelevel:;@@ESTRING:nagios_attempt:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">HOST ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497517400] HOST ALERT: test_host;DOWN;HARD;3;PING CRITICAL - Packet loss = 100%</test_message>
<test_values>
<test_value name="nagios_epoch">1497517400</test_value>
<test_value name="nagios_type">HOST ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_state">DOWN</test_value>
<test_value name="nagios_statelevel">HARD</test_value>
<test_value name="nagios_attempt">3</test_value>
<test_value name="nagios_message">PING CRITICAL - Packet loss = 100%</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-7' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] HOST DOWNTIME ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_state:;@@ANYSTRING:nagios_comment@</pattern>
</patterns>
<values>
<value name="nagios_type">HOST DOWNTIME ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497513098] HOST DOWNTIME ALERT: test_host;STARTED; Host has entered a period of scheduled downtime</test_message>
<test_values>
<test_value name="nagios_epoch">1497513098</test_value>
<test_value name="nagios_type">HOST DOWNTIME ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_state">STARTED</test_value>
<test_value name="nagios_comment"> Host has entered a period of scheduled downtime</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-8' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] HOST FLAPPING ALERT: @ESTRING:nagios_hostname:;@@ESTRING:nagios_state:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">HOST FLAPPING ALERT</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497462094] HOST FLAPPING ALERT: test_host;STOPPED; Host appears to have stopped flapping (21.5% change &lt; 25.0% threshold)</test_message>
<test_values>
<test_value name="nagios_epoch">1497462094</test_value>
<test_value name="nagios_type">HOST FLAPPING ALERT</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_state">STOPPED</test_value>
<test_value name="nagios_message"> Host appears to have stopped flapping (21.5% change &lt; 25.0% threshold)</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-9' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] HOST NOTIFICATION: @ESTRING:nagios_notifyname:;@@ESTRING:nagios_hostname:;@@ESTRING:nagios_state:;@@ESTRING:nagios_contact:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">HOST NOTIFICATION</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497524019] HOST NOTIFICATION: test_user;test_host;DOWN;notify-by-jabber;PING CRITICAL - Packet loss = 66%, RTA = 10.93 ms</test_message>
<test_values>
<test_value name="nagios_epoch">1497524019</test_value>
<test_value name="nagios_type">HOST NOTIFICATION</test_value>
<test_value name="nagios_notifyname">test_user</test_value>
<test_value name="nagios_hostname">test_host</test_value>
<test_value name="nagios_state">DOWN</test_value>
<test_value name="nagios_contact">notify-by-jabber</test_value>
<test_value name="nagios_message">PING CRITICAL - Packet loss = 66%, RTA = 10.93 ms
</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-10' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] PASSIVE SERVICE CHECK: @ESTRING:nagios_hostname:;@@ESTRING:nagios_service:;@@ESTRING:nagios_state:;@@ANYSTRING:nagios_message@</pattern>
</patterns>
<values>
<value name="nagios_type">PASSIVE SERVICE CHECK</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497515102] PASSIVE SERVICE CHECK: services_mon;META::Onduty acknowledgement;0;Message successfully acknowledged</test_message>
<test_values>
<test_value name="nagios_epoch">1497515102</test_value>
<test_value name="nagios_type">PASSIVE SERVICE CHECK</test_value>
<test_value name="nagios_hostname">services_mon</test_value>
<test_value name="nagios_service">META::Onduty acknowledgement</test_value>
<test_value name="nagios_state">0</test_value>
<test_value name="nagios_message">Message successfully acknowledged</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-11' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] EXTERNAL COMMAND: [@NUMBER:nagios_command_epoch@] @ESTRING:nagios_command_name:;@@ANYSTRING:nagios_command_args@</pattern>
</patterns>
<values>
<value name="nagios_type">EXTERNAL COMMAND</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497515102] EXTERNAL COMMAND: [1497515101] PROCESS_SERVICE_CHECK_RESULT;services_mon;META::Onduty acknowledgement;0;Message successfully acknowledged</test_message>
<test_values>
<test_value name="nagios_epoch">1497515102</test_value>
<test_value name="nagios_type">EXTERNAL COMMAND</test_value>
<test_value name="nagios_command_epoch">1497515101</test_value>
<test_value name="nagios_command_name">PROCESS_SERVICE_CHECK_RESULT</test_value>
</test_values>
</example>
</examples>
</rule>
<rule provider='github.com/nzlosh' id='nagios-12' class='monitoring'>
<patterns>
<pattern>[@NUMBER:nagios_epoch@] TIMEPERIOD TRANSITION: @ESTRING:nagios_timeperiod:;@@ESTRING:nagios_transition_from:;@@ANYSTRING:nagios_transition_to@</pattern>
</patterns>
<values>
<value name="nagios_type">TIMEPERIOD TRANSITION</value>
</values>
<examples>
<example>
<test_message program="shinken">[1497500701] TIMEPERIOD TRANSITION: 24x7;1;0</test_message>
<test_values>
<test_value name="nagios_epoch">1497500701</test_value>
<test_value name="nagios_type">TIMEPERIOD TRANSITION</test_value>
<test_value name="nagios_timeperiod">24x7</test_value>
<test_value name="nagios_transition_from">1</test_value>
<test_value name="nagios_transition_to">0</test_value>
</test_values>
</example>
</examples>
</rule>
</rules>
</ruleset>
</patterndb>
<!--
NAGIOS_CURRENT_SERVICE_STATE %{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}
NAGIOS_CURRENT_HOST_STATE %{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}
NAGIOS_SERVICE_NOTIFICATION %{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
NAGIOS_HOST_NOTIFICATION %{NAGIOS_TYPE_HOST_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
NAGIOS_SERVICE_ALERT %{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
NAGIOS_HOST_ALERT %{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
NAGIOS_SERVICE_FLAPPING_ALERT %{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}
NAGIOS_HOST_FLAPPING_ALERT %{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}
NAGIOS_SERVICE_DOWNTIME_ALERT %{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
NAGIOS_HOST_DOWNTIME_ALERT %{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
NAGIOS_PASSIVE_SERVICE_CHECK %{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
NAGIOS_PASSIVE_HOST_CHECK %{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
NAGIOS_SERVICE_EVENT_HANDLER %{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
NAGIOS_HOST_EVENT_HANDLER %{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment