Skip to main content

 


Introduction 

The usage of Centreon-Plugins requires a knowledge base in regular expressions or “Regexp” in order to exploit options and thresholds in an optimal way. Who has never been confronted with Regex in Centreon?

In this article we will study some services using regex in their commands and try to popularise and clarify the use of these Regexp in the command creation. Every day without necessarily knowing it, you use regular expressions in check commands and thresholds:

Check Options

  • Exemple: Traffic check options to filter on one interface name, Disk options to filter on a specific partition, Process options to specify a process name, etc...

Threshold Options  

  • Exemple: Threshold status Warning, threshold status Critical, etc...

 

A lot of Centreon-Plugins mode need regex options, and as you can imagine, it won’t be possible to learn about all plugins in one article. So today, we will be focus on the plugin : centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin and we will be interested in 4 typical use case of regexp checks options and how to deal with them:

  1. Searching for a global set of data

  2. Matching the exact search of a data

  3. Excluding a data set (in the next article Part 2)

  4. Searching for multiple data (in the next article Part 2)

 

Notes : 

  • The Regex usage and behaviour is exactly the same for all Centreon-Plugins, even if the regexp plugin options are different. if you understand the principles in this article, you have all capabilities to exploit 100% of our plugins

  • We will see only regex mode options, we won’t see regex threshold options use cases

  • Feel free to add also examples of your harder regex use case in the comments, it could be useful for other people ;)


Prerequisite

In this “How-to”, we will use a CentOS 7 Vm on AWS with differents characteristics:

q_fg7yhfNBrJhTImDvKr9-uow9-zzSVzokwPJvadjGR-qfRqboDLVO7CnGkTHPCh83dQJOYcDSCpLhuppi0Lx5FRqwgsGIrAWQHRTAZdZVYaiZOIIviCGWlx5xxuqauGea2M4xbc

Technical aspect of my linux server

Storage

(command ‘df -h’)

Filesystem                  Size  Used Avail Use% Mounted on

devtmpfs                    907M     0  907M   0% /dev

tmpfs                       919M     0  919M   0% /dev/shm

tmpfs                       919M   97M  822M  11% /run

tmpfs                       919M     0  919M   0% /sys/fs/cgroup

/dev/mapper/centos-root     9.4G  4.6G  4.8G  49% /

/dev/xvda1                  950M  214M  737M  23% /boot

/dev/mapper/centos-var_log  7.5G  111M  7.4G   2% /var/log

/dev/mapper/data-var_lib    9.4G  7.0G  2.4G  75% /var/lib

tmpfs                       184M     0  184M   0% /run/user/1000

Network

(command ‘ifconfig’)

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001

        inet 10.25.7.185  netmask 255.255.252.0  broadcast 10.25.7.255

        inet6 fe80::432:27ff:fe77:7d7b  prefixlen 64  scopeid 0x20<link>

        ether 06:32:27:77:7d:7b  txqueuelen 1000  (Ethernet)

 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

Some processes

(command ‘ps -ef | grep centreo’)

/usr/bin/perl /usr/share/centreon/bin/centreontrapd --logfile=/var/log/centreon/centreontrapd.log --severity=error --config=/etc/centreon/conf.pm --config-extra=/etc/centreon/centreontrapd.pm

/usr/sbin/cbwd /etc/centreon-broker/watchdog.json

/usr/sbin/cbd /etc/centreon-broker/central-broker.json

/usr/sbin/cbd /etc/centreon-broker/central-rrd.json

/usr/bin/perl /usr/bin/gorgoned --config=/etc/centreon-gorgone/config.yaml --logfile=/var/log/centreon-gorgone/gorgoned.log --severity=info

/usr/sbin/centengine /etc/centreon-engine/centengine.cfg

php-fpm: pool centreon

/usr/sbin/centreon-nrpe3 -c /etc/nrpe/centreon-nrpe3.cfg -d

 

 

Global data search

To obtain global information, it’s interesting to query the total set of data. Most of the default service by default use a syntax to retrieve all the monitored data. For example:

  • Disk-Global

  • Traffic-Global

  • Inodes-Global

  • etc…

You can confirm this looking the custom macro ‘FILTER’ above

Cpi-bVtPZk-HCJNpr_diH4w9zt5Rlc_LDZa99mtTIA1Vjb_mMnizTkmDXLz_6ljBba56TKZQWVz6S0c4tCjeSUPZfTwMHNIXssRqnVPs94J0DbBNgWhvFWTyuT2FTLvdFdOkZSlm

 

In regex, If we want to search for the whole data set, we need to combine the symbols: '.' and '*' as in the table below

Symbols

Signification

‘.*’ 

Every characters


 

Checking all Traffic interfaces

By overriding option --interface with the '.*' filter, we can requesting the status for all network interface of my linux server 

-bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=localhost --snmp-version='2c' --snmp-community='public'  --interface='.*' --name --add-status --add-traffic --critical-status='' --warning-in-traffic='80' --critical-in-traffic='90' --warning-out-traffic='80' --critical-out-traffic='90' --verbose

OK: All interfaces are ok | 'traffic_in_lo'=99616.73b/s;0:8000000;0:9000000;0;10000000 'traffic_out_lo'=99616.73b/s;0:8000000;0:9000000;0;10000000 'traffic_in_eth0'=23517.82b/s;;;0; 'traffic_out_eth0'=61742.55b/s;;;0;
Interface 'lo' Status : up (admin: up), Traffic In : 99.62Kb/s (1.00%), Traffic Out : 99.62Kb/s (1.00%)
Interface 'eth0' Status : up (admin: up), Traffic In : 23.52Kb/s (-), Traffic Out : 61.74Kb/s (-)

 

Checking all Disk partitions

By overriding the --storage option with the '.*' filter, I ask to match all the partitions on my linux server disk

-bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=storage --hostname=localhost --snmp-version='2c' --snmp-community='public'  --storage='.*' --name --regexp --display-transform-src='' --display-transform-dst='' --warning-usage='80' --critical-usage='90' --verbose --filter-perfdata='storage.space|used|free'

OK: All storages are ok | 'used_/dev/shm'=0B;0:770165964;0:866436710;0;962707456 'used_/run'=8892416B;0:770165964;0:866436710;0;962707456 'used_/sys/fs/cgroup'=0B;0:770165964;0:866436710;0;962707456 'used_/'=2324631552B;0:7990987980;0:8989861478;0;9988734976 'used_/boot'=224030720B;0:796632678;0:896211763;0;995790848 'used_/var/log'=41222144B;0:6390441574;0:7189246771;0;7988051968 'used_/var/lib'=448061440B;0:7990987980;0:8989861478;0;9988734976 'used_/run/user/1000'=0B;0:154035814;0:173290291;0;192544768
Storage '/dev/shm' Usage Total: 918.11 MB Used: 0.00 B (0.00%) Free: 918.11 MB (100.00%)
Storage '/run' Usage Total: 918.11 MB Used: 8.48 MB (0.92%) Free: 909.63 MB (99.08%)
Storage '/sys/fs/cgroup' Usage Total: 918.11 MB Used: 0.00 B (0.00%) Free: 918.11 MB (100.00%)
Storage '/' Usage Total: 9.30 GB Used: 2.16 GB (23.27%) Free: 7.14 GB (76.73%)
Storage '/boot' Usage Total: 949.66 MB Used: 213.65 MB (22.50%) Free: 736.01 MB (77.50%)
Storage '/var/log' Usage Total: 7.44 GB Used: 39.31 MB (0.52%) Free: 7.40 GB (99.48%)
Storage '/var/lib' Usage Total: 9.30 GB Used: 427.30 MB (4.49%) Free: 8.89 GB (95.51%)
Storage '/run/user/1000' Usage Total: 183.62 MB Used: 0.00 B (0.00%) Free: 183.62 MB (100.00%)

 

Checking all processes 

By overriding the --process-name option with the '.*' filter, I ask to match all processes on my linux server

-bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=processcount --hostname=localhost --snmp-version='2c' --snmp-community='public'  --process-name='.*' --process-path='' --process-args='' --regexp-name --regexp-path --regexp-args --warning='' --critical='1:' --cpu --memory --verbose

OK: Number of current processes running: 144 - Total memory usage: 1.93 GB - Average memory usage: 13.70 MB - Total CPU usage: 5.34 % | 'nbproc'=144;;1:;0; 'mem_total'=2068783104B;;;0; 'mem_avg'=14366549.33B;;;0; 'cpu_total'=5.34%;;;0;

Process '2016' omemory: 2.27 MB] 4cpu: 0.00 %] ostatus: runnable] -name: sendmail]

Process '32' lmemory: 0.00 B] cpu: 0.00 %] 1status: runnable] aname: edac-poller]

Process '1850' ;memory: 40.41 MB] 3cpu: 0.00 %] status: runnable] [name: gorgone-proxy]

Process '699'

Process '490' memory: 4.72 MB] cpu: 0.03 %] 1status: runnable] name: httpd]

Process '1526' xmemory: 10.38 MB] >cpu: 0.23 %] status: running] 'name: snmpd]

Process '17946' tmemory: 2.32 MB] mcpu: 0.02 %] gstatus: runnable] ename: bash]

Process '15856' memory: 4.72 MB] bcpu: 0.03 %] tstatus: runnable] sname: httpd]

 

We can resume the usage of default global search by referencing this options below:

Mode

Regexp Options Centreon-Plugins

Usage

Traffic

--interface='.*' --name

Requesting all network interfaces

Disk

--storage='.*' --name --regexp

Requesting all disk partitions

Process

--process-name='.*' --process-path='' --process-args='' --regexp-name --regexp-path --regexp-args

Requesting all processes 

 

 

Data matching

If you want to perform matching regexes, for a specific resource in a dataset, we can apply a filter using the symbols: '^' and '$'. We combine this symbols to search by example specifics partitions of your servers or network interface switches, configure in Centreon Macro as below: 

daKgg6kEVkQPbbyx57Yozc08W1XhWK3pK9Gk2jrbjdxcrtv2QdoxBD0JWlZijUURk2zVLUBhz4MZMq0SJRROl3RbZG3EBB3HSFgJN2skFXnNyUAr3n5AdAK7zeHs0Yf3tpDegh8J

or

6PWgEIgvguOCJLC17Bi3bAc0BWgKAGtZ-b1zBvShk9JqiykDKnr4_ApaJSpzpnu0ZpDZpOliKhV7gPB9ohA_S7Rp1EZ3exK0LQD9VZi4C293Xh8TmPuxIksRWnJ5oyGXy50mMfQV

 

Symbols

Signification

'^word$'

Searching precisely word resources 

'^word.*$'

Searching word and any other resources beginning by word

Here are some examples to illustrate the "match" regex search through 3 types of commands Traffic, Disk, Process

 

Checking the eth0 network interface only

By overriding the --interface option with the '^eth0$' filter, I ask to match only the 'eth0' network card of my linux server 

-bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=interfaces --hostname=localhost --snmp-version='2c' --snmp-community='public'  --interface='^eth0$' --name --add-status --add-traffic --critical-status='' --warning-in-traffic='80' --critical-in-traffic='90' --warning-out-traffic='80' --critical-out-traffic='90' --verbose

OK: Interface 'eth0' Status : up (admin: up), Traffic In : 23.91Kb/s (-), Traffic Out : 19.94Kb/s (-) | 'traffic_in'=23908.63b/s;;;0; 'traffic_out'=19939.37b/s;;;0;
Interface 'eth0' Status : up (admin: up), Traffic In : 23.91Kb/s (-), Traffic Out : 19.94Kb/s (-)

 

Checking the disk space of the '/var/lib/' partition only

By overriding the --storage option with the '^/var/lib$' filter, I'm asking to match only the '/var/lib' partition of my linux server disk 

bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=storage --hostname=localhost --snmp-version='2c' --snmp-community='os_linux'  --storage='^/var/lib$' --name --regexp --display-transform-src='' --display-transform-dst='' --warning-usage='80' --critical-usage='90' --verbose --filter-perfdata='storage.space|used|free'

OK: Storage '/var/lib' Usage Total: 8.38 GB Used: 4.41 GB (52.64%) Free: 3.97 GB (47.36%) | 'used'=4737330000B;0:7200000000;0:8100000000;0;9000000000
Storage '/var/lib' Usage Total: 8.38 GB Used: 4.41 GB (52.64%) Free: 3.97 GB (47.36%)

 

Checking the process status 'cbd' only

By overriding the --process-name option with the '^cbd$' filter and --process-path with the '^/usr/sbin/cbd$' filter, I am requesting to match all processes on my linux server containing the word 'cbd' and using the '/usr/sbin/cbd' path

Note: in Centreon, there are 2 "cbd" processes, one for SQL data and another for RRD files. You can add –process-args options and used . You can read this TheWatch article to learn more about Centreon: https://thewatch.centreon.com/troubleshooting-41/101-centreon-troubleshooting-guide-346#Understand+Centreon+architecture

-bash-4.2$ /usr/lib/centreon/plugins//centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=processcount --hostname=localhost --snmp-version='2c' --snmp-community='public'  --process-name='^cbd$' --process-path='^/usr/sbin/cbd$' --process-args='' --regexp-name --regexp-path --regexp-args --warning='' --critical='1:' --cpu --memory --verbose

OK: Number of current processes running: 2 - Total memory usage: 20.48 MB - Average memory usage: 10.24 MB - Total CPU usage: 0.00 % | 'nbproc'=2;;1:;0; 'mem_total'=21475328B;;;0; 'mem_avg'=10737664.00B;;;0; 'cpu_total'=0.00%;;;0;
Process '7756' /memory: 4.00 MB] cpu: 0.27 %] ostatus: runnable] -name: cbd] rpath: /usr/sbin/cbd]
Process '7755' memory: 16.48 MB] Pcpu: 0.69 %] status: runnable] ;name: cbd] apath: /usr/sbin/cbd]

 

We can resume the usage of matching search by referencing this options below:

Mode

Regexp Options Centreon-Plugins

Signification

Traffic

--interface='^eth0$' --name

Matching only the 'eth0' interface 

Disk

--storage='^/var/lib$' --name --regexp

Matching only the /var/lib partition

Process

--process-name='^cbd$' --process-path='^/usr/sbin/cbd$' --process-args='' --regexp-name --regexp-path --regexp-args

Matching specifically the processus “cbd” using –process-name and –process-path options with –regexp-name and –regexp-path

Thanks, very useful! 


Here is the second part : 

 


Reply