nagios qmail current log alert check

here is a real dirty way for counting and monitoring how many “alerts” are in qmails current log using bash:

#!/bin/bash
# this script requires Date::Parse module in CPAN

TMP_TIME=/tmp/tmp_time
TMP_FILE=/tmp/tmp_file
TMP_FILE2=/tmp/tmp_file2

if [ -f ${TMP_FILE2} ]; then
  rm -f ${TMP_FILE2} && touch ${TMP_FILE2}
fi

# CURTIME is present time in epoch
perl -MDate::Parse -le'print str2time(`date`)' > ${TMP_TIME}
CURTIME=`cat ${TMP_TIME}`

# CURTIMEM2 is CURTIME minus 60 (1 minutes)
let CURTIMEM2=${CURTIME}-60

# tai64n2tai -- http://www.qmailrocks.org/downloads/qlo ... i64n2tai.c
tail -n 14000 /var/log/qmail/qmail-send/current | tai64n2tai | egrep alert | cut -b-10,21- > ${TMP_FILE}
FOR_TEST=`cat ${TMP_FILE} | awk '{print $1}'`

for OUTL in ${FOR_TEST}
  do
    if [ ${OUTL} -ge ${CURTIMEM2} ]; then
      echo ${OUTL} >>${TMP_FILE2}
    fi
  done

if [ -s ${TMP_FILE2} ]; then
  # if [ ${COUNT} -le 10 -a ${COUNT} -gt 0 ]; then
  COUNT=`cat ${TMP_FILE2} | wc -l`
  if [ ${COUNT} -le 10 ]; then
      printf "OK - ${COUNT} alert occurences\n"
      exit 0
    else
      printf "WARNING - ${COUNT} alert occurences\n"
      exit 1
  fi
  else
    printf "OK - 0 alert occurences\n"
    exit 0
fi

all this script is doing is tail -n of /var/log/qmail/qmail-send/current and using tai64n2tai, turning the hex stamp to epoch. from there we are checking for all “alerts” for lines where the epoch is less than 60 seconds from the point that this script is run.

messy but works