There's always a way (it's open source after all) but nothing simple comes
to mind.
If it were me, I would create my own log monitoring subsystem and have it
report into Xymon after working out $MACHINE from the logfile (or some
configuration). You might be able to do this sort of thing using swatch,
sawmill or splunk.
Another option might be to create a job that runs your own instance of
logtetch after setting MACHINE the way you want it. Something like this:
#!/bin/sh
[ "$XYMON" ] || { echo "Plese run using xymoncmd"; exit 1; }
MACHINEDOTS="Server09"
LOGFILE="/opt/syslogs/$MACHINE/apache2.error.log"
LOGFETCHCFG=/tmp/logfetch.$MACHINE.cfg
LOGFETCHSTATUS=/tmp/logfetch.$MACHINE.status
{
echo "client/apachelog" $MACHINEDOTS.$OSTYPE"
echo "[msgs:$LOGFILE]"
$XYMONHOME/bin/logfetch $LOGFETCHCFG $LOGFETCHSTATUS > $TEMPFILE
} | $XYMON $XYMSRV @
Note that the logfetch config file (/tmp/logfetch.$MACHINE.cfg) is
something you'd need to fill out yourself, probably with the relevant entry
from your client-local.cfg file.
Alternatively, you could create this file dynamically from queries to the
server. You can get the "log:" entries for Server09 by issuing the
following command (from any Xymon client, not just Server09):
$XYMON $XYMSRV "client/bogus Server09.bogos"
But first you'd have to have the "log:" entry in client-local.cfg moved
from [syslogserver] to a new [Server09] section if it doesn't already exist.
From this, you could (optionally) grep out the "apache2.error.log" entries,
drop them directly into $LOGFETCHCFG for the server, and then the logfetch
command can go to work.
If the Server09 server already has its own entry in client-local.cfg, then
you don't want Server09 trying to do the log processing that syslogserver
is already doing. So you could create a special entry for
[syslogserver-Server09] and adjust the script accordingly.
I hope that all makes sense.
J
On 30 December 2014 at 05:32, usa ims via Xymon <xymon at xymon.com> wrote:
---------- Forwarded message ----------
From: usa ims <user-42bb6445007b@xymon.invalid>
To: xymon at xymon.com
Cc:
Date: Mon, 29 Dec 2014 10:29:42 -0800
Subject: monitoring multiple log files on a single syslog server
Greetings,
I'm monitoring multiple log files on a single syslog server.
I have a syslog server that stores the apache error logs in a server named
‘syslogserver’ looking for the word ‘CurlTransfer’.
When xymon finds the word ‘CurlTransfer’ it sends an alert but it alerts
that it is coming from ‘syslogserver’ and the guys are complaining that
‘nongreen.html’ is reporting the servername rather than the actual name of
the server where the error originated from.
Is there a way if xymon finds the word ‘CurlTransfer’ in
‘/opt/syslogs/Server09/apache2.error.log’, to get it to report in the
‘msgs’ column that it came from ‘Server09’?
Here is my current config for this.
[syslogserver]
log:/opt/syslogs/Server09/apache2.error.log:4096
log:/opt/syslogs/Server10/apache2.error.log:4096
log:/opt/syslogs/Server11/apache2.error.log:4096
log:/opt/syslogs/Server12/apache2.error.log:4096
log:/opt/syslogs/Server13/apache2.error.log:4096
I have configured my analysis.cfg with:
HOST= syslogserver
LOG /opt/syslogs/Server09/apache2.error.log CurlTransfer COLOR=red
LOG /opt/syslogs/Server10/apache2.error.log CurlTransfer COLOR=red
LOG /opt/syslogs/Server11/apache2.error.log CurlTransfer COLOR=red
LOG /opt/syslogs/Server12/apache2.error.log CurlTransfer COLOR=red
LOG /opt/syslogs/Server13/apache2.error.log CurlTransfer COLOR=red
Thanks in advance.
usaims