| Version 2 (modified by mickem, 4 years ago) (diff) |
|---|
TracNav
Documentation
Guides
Information
Sponsoring
Modules
- overview
Checks and commands
- overview
CauseCrashes
CheckNSCP
CheckDisk
CheckLogFile
CheckEventLog
CheckSystem
CheckHelpers
- overview
- check_always_ok
- check_always_critical
- check_always_warning
- check_ok
- check_critical
- check_warning
- check_multi
- check_version
- check_timeout
- check_negate
CheckTaskSched
CheckTaskSched2
CheckWMI
Scripting Languages?
Servers and protocols?
- overview?
check_nrpe (NRPE Server)
check_nrpe (NRPE Client)
check_nt (NSClient Server)
check_nt (NSClient Client)?
NSCA (NSCA Server)
NSCA (NSCA Client)
NRDP (NRDP Client)
check_mk (CheckMK Server)
check_mk (CheckMK Client)
graphite (Graphite Client)
SMTP (SMTP Client)
syslog (Syslog Client)
Utilities and tools?
Donate
CheckFile2
A command to check aspects on several files it can be used to check one file but that is not the goal. The core scenario is: "do I have more then x files matching this criteria?" but it is flexible enough to be applicable in many other scenarios as well.
The main concept is much like the eventlog checks where you have a data-set which you want to "filter" and then check the resulting number of lines against a criteria.
The CheckFile2 command Uses filters to define the "interesting" files.
Syntax
A filter is made up of three things:
- Filter mode Determines what happens when the filter is matched.
- Filter type What the filter will match (ie. which field).
- An Expression What to check for.
The syntax of a filter is: filter<mode><type>=<expression>
Order
Order is important, as soon as a positive (+) or negative (-) rule is matched it is either discarded or included and the entry is "finished" and it will continue with the next entry. The best way here is to have an "idea" either remove all entries first or include all required ones first (depending on what you want to do). You can mix and such but this will probably complicate things for you unless you actually need to.
Filter modes
Capturing files (or discarding them) are done with filters. There are three kinds of filters.
| <filter mode> | title | description |
| + | positive requirements | All these filters must match or the row is discarded. |
| . | potential matches | If this matches the line is included (unless another lines overrides). |
| - | negative requirements | None of these filters can match (if any do the row is discarded). |
Thus if you want to have: all files from the last month but not the ones smaller then 5kbI would break this down as such: (notice there are other options).
- date=older than 2 months
+ size=larget then 5k This would discard all files older then 2 month and then include all files larger then 5kb.
Filter Types
| <filter type> | Values | Description |
time expression
A time expression is a date/time interval as a number prefixed by a filter prefix (<, >, =, <>) and followed by a unit postfix (m, s, h, d, w). A few examples of time expression are: filter+generated=>2d means filter will match any records older than 2 days, filter+generated=<2h means match any records newer then 2 hours. Warning, the bash interprets the "<,>,!". Use the "\" to avoid this. e.g. filter+generated=\>2d . On the Client activate the "Nasty Metachars" Option, to allow the \.
string expression
A string expression is a key followed by a string that specifies a string expression. Currently substr and regexp are supported. Thus you enter filter.message=regexp:(foo|bar) to enter a regular expression and filter-message=substr:foo to enter a substring patter match.
Filter in/out
There are two basic ways to filter:
- in When you filter in it means all records matching your filter will be returned (the "simplest way")
- out When you filter out it means all records matching your filter will be discarded.
So:
filter=in filter+size==5k ... filter=out filter-size=ne:5k
Will both have the same effect as the first one filters "in" and matches all siles with 5kb and the second one filters out and discards all files not 5kb.
Sample Command:
CheckFile2 path=c:\test pattern=*.txt MaxCrit=1 filter+written=gt:2h
ok: CheckFile ok
