good write-up, Gary. maybe this should be added to the Hobbit Wiki.
Question, which takes precedence, if a line matches both IGNORE and the
alert string/reg. One line of particular interests to me is the SELinux's
pts relabeling warning in /var/log/messages, which is harmless but annoying.
I am on 4.2-RC1-20060712 and have seen such a log line causing this log test
to go red.
In 'hobbit-clients.cfg', I have
log /var/log/messages %WARNING|NOTICE|ERROR IGNORE=relabeling
The offending log lines goes line:
Jul 30 18:22:25 SRV01 su[31747]: Warning! Could not relabel /dev/pts/0 with
user_u:object_r:devpts_t, not relabeling.Operation not permitted
On 8/28/06, Gary B. <user-33b796116d5f@xymon.invalid> wrote:
On 8/28/06, Gary B. <user-33b796116d5f@xymon.invalid> wrote:
On 8/28/06, Henrik Stoerner <user-ce4a2c883f75@xymon.invalid> wrote:
Hi Gary,
On Sun, Aug 27, 2006 at 11:19:47PM -0400, Gary B. wrote:
I must commend Henrik, not only on this wonderful achievement, but
also
on the amazing new features in 4.2. May all your releases be so
good!
And after much time spent RTFM'ing and asking on this mailing list,
I've finally figured out the log monitoring. It works a little
differently than I thought, but after getting used to it, it's so
much
better than BB's implementation. I look forward to see what future
releases will bring.
It would be interesting to hear what it was that confused you. If you
have any suggestions for extra documentation or such that would make
it easier to setup, I'm all ears.
I will be putting together some internal documentation on log file
monitoring--a "cheat-sheet" of sorts. Once I complete it, I'll post
what I have here.
I've attached two plaintext files. One is the internal documentation
I wrote for setting up clients for monitoring and alerting. The other
is the internal documentation I just wrote for setting up log
monitoring. Both are meant to be used as supplements to the full
documentation.