Xymon Mailing List Archive search

log file monitoring issues

list Gary B.
Fri, 11 Aug 2006 20:07:34 -0400
Message-Id: <user-d1e253c2bc7d@xymon.invalid>

On 8/11/06, Henrik Stoerner <user-ce4a2c883f75@xymon.invalid> wrote:
On Fri, Aug 11, 2006 at 01:37:28PM -0400, Gary B. wrote:
Hmm.  Any ideas why the following wouldn't work?

log:/var/log/messages:10240
ignore upsd* Client|Connection 127.0.0.1
ignore session opened|closed for user mailman|root
Two errors:

The first line has a wrong regex - it's a classic mistake to use
"*" by itself to mean "anything", but that's not what it does.
Your expression should be
   ignore upsd.* Client|Connection 127.0.0.1
Ah.  I actually had that originally, but since it wasn't working, I
wasn't sure if it used "real" regexes, or "DOS command-line" regexes.

Second, you can only have one "ignore" line. I admit that it would
probably be useful to have multiple ignore lines, but that is
not possible right now.

The "full log" output is still showing those lines.  Could it be the
same reason I wasn't seeing any data at all on the other servers; that
is, the log file just hasn't been updated, and it's still showing
those from previous lines?
No, Hobbit processes all of the logfile data through the ignore- and
trigger patterns each time it sends a message to the server.
Ah ha!  That explains it.  I removed the second ignore, and it's
working perfectly now.

If so, is there a way I could tell Hobbit to clear the existing data?
Yes: Delete the ~hobbit/client/tmp/logfetch.HOSTNAME.status file.
Ah, that's simple.  Note to self: if there's something you want to do
with Hobbit, it's probably done fairly simply ;-)


Just ONE remaining issue now.  There are still additional log files I
want to check for that aren't showing up.  I have this specific
hosts's client-local.cfg entry defined as:

[master.homeoffice.none]
log:/var/log/samba/client.nmbd.log
log:/var/log/messages:10240
log:/var/log/maillog:10240
ignore relay=localhost\.localdomain
trigger denied

The "messages" and "maillog" entries are showing up just fine, but the
"client.nmbd.log" file is not showing up; not even with an empty "full
log" section.  Any ideas?

Also, do I need the escape character "\" to ignore the line that says
"relay=localhost.localdomain"?  I guess since "." means "any
character", it will work anyway without the "\"...