unless I'm mistaken, you should be able to add the rules under os types.
It should hopefully be obvious from looking in the existing
client-local.cfg file. It's been a while since I messed in there but IIRC
you can even do expressions to group them.
=G=
On Thu, May 10, 2018 at 9:53 PM, Larry Bonham <user-7a867963a09a@xymon.invalid> wrote:
Thanks Galen. I really appreciate the response.
I have user-e73faa70d685@xymon.invalid and experimented with different
settings. Do you know if there is a practical limit to the size setting?
I know 10240 is the default but I would like it as large as possible.
Most of my problems are related to LOG settings in analysis.cfg. I could
try moving all that to client-local.cfg. I am correct in saying that
client-local.cfg does require duplication of global settings if you have
settings for a specific host (e.g. settings based on class RHEL7 will need
to be duplicated for specific hosts)? We have over 250 so I’d like as many
lumped together as possible.
I’ll review all this and reply tomorrow. Thanks.
Larry
*From:* Galen Johnson [mailto:user-fc632e705d24@xymon.invalid]
*Sent:* Thursday, May 10, 2018 8:12 PM
*To:* Larry Bonham
*Cc:* xymon at xymon.com
*Subject:* Re: [Xymon] Force logfetch to only process complete lines?
To be a bit more explicit...this section from the manpage:
*LOGFILE** CONFIGURATION ENTRIES *
* A logfile configuration entry looks like this:
log:/var/log/messages:10240 ignore MARK
trigger Oops The log:FILENAME:SIZE line defines the
filename of the log, and the maximum amount of data (in bytes) to send to
the Xymon server. FILENAME is usually an explicit full-path filename on the
client. If it is enclosed in backticks, it is a command which the Xymon
client runs and each line of output from this command is then used as a
filename. This allows scripting which files to monitor, e.g. if you
have logfiles that are named with some sort of timestamp. If FILENAME is
enclosed in angle brackets it is treated as a glob and passed through the
local glob(3) function first. The ignore PATTERN line (optional)
defines lines in the logfile which are ignored entirely, i.e. they are
stripped from the logfile data before sending it to the Xymon server.
It is used to remove completely unwanted "noise" entries from the logdata
processed by Xymon. "PATTERN" is a regular expression. The trigger
PATTERN line (optional) is used only when there is more data in the log
than the maximum size set in the "log:FILENAME:SIZE" line. The "trigger"
pattern is then used to find particularly interesting lines in the logfile
- these will always be sent to the Xymon server. After picking out the
"trigger" lines, any remaining space up to the maximum size is filled in
with the most recent entries from the logfile. "PATTERN" is a regular
expression.*
IIRC, you can even have multiple *ignore* entries. You should have
messages in your xymon logs if the file is too big when it's
fetched...also, I think you will also run up against the Xymon max data
size in the server configs.
=G=
CONFIDENTIALITY NOTICE:
This electronic mail message is intended exclusively for
recipient to which it is addressed. The contents of this message
and any attachments may contain confidential and privileged
information. Any unauthorized review, use, print, storage, copy,
disclosure or distribution is strictly prohibited. If you have
received this message in error, please advise the sender
immediately by replying to the message's sender and delete all
copies of this message and its attachments without disclosing
the contents to anyone, or using the contents for any purpose.