xymonpsclient (application) logfile monitoring

Hi,

Just to set expectations, even when you get the REGEX sorted, the lines 
appearing in the msgs column will only ever be from the last portion of 
the logfile, on a volatile log this will be a maximum of the last 30 
minutes but may be even shorter.? Hence the duration of any alerts in 
the msgs column may be as little as 5 minutes and I have lost count of 
the number of times support complained that they got called out by 
operations but when they checked Xymon it was all green.? I have in the 
past needed to create a customised extension to collect (and present) 
the data that people wanted to be able to see (in the Xymon page without 
visiting each client individually).? Fortunately, managing such 
extensions centrally is easy with winpsclient.

-- 
Andy


On 20/08/2020 12:39, Becker Christian wrote:

Hi,

oh yes ? that?s a thing that i?ve totally disregarded.

However, i cannot get any content of the logfile into the msgs column, 
even if i surround the filename with quotes.

Regards

Christian

*Von:* Jeremy Laidman <user-0608abae5e7c@xymon.invalid>
*Gesendet:* Mittwoch, 19. August 2020 14:50
*An:* Becker Christian <user-e4a19bfb94c0@xymon.invalid>
*Cc:* xymon at xymon.com
*Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring

Christian

I don't think it matters that the pattern is not at the start of the line.

However, I don't think you can have spaces in the filename. Instead 
you should wrap it on double quotes. Perhaps try this:

LOG?"C:\Program Files\PATH-TO-LOGFILE\filename.log"?"Unable to cancel 
connection to" COLOR=RED

The fact that you're getting the correct filename in the status page 
suggests that the clientlocal.cfg configuration is correct. So is just 
a matter of tweaking the analysis.cfg entry.

I have to admit that I don't use the psclient so I don't have much 
experience to offer.

Cheers

Jeremy

On Wed, 19 Aug 2020, 17:27 Becker Christian, 
<user-e4a19bfb94c0@xymon.invalid 
<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:

    Jeremy,

    Sorry for writing it a bit weird.

    As soon as i configure the logfile in client-local.cfg and
    analysis.cfg, it shows up a couple of minutes later in the msgs
    column showing the name oft he logfile only, not it?s content.

    The upper line says No entries in C:\Program
    Files\PATH-TO-LOGFILE\filename.log, the second line says Full log
    C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.

    Now i have configured as described by you by enclosing the pattern
    in quotes:

    LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
    cancel connection to" COLOR=RED

    After very long time, every now and then (and not on a regular
    basis?) the appropriate line shows up below the line Full log
    C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays
    green, but the pattern is present more than 50 times and it is
    actually written into the logfile.

      * Does it matter, that the pattern is *NOT* at the beginning of
        the line of the logfile?? (There are time stamps before the
        pattern and return codes after it?.).

    Regards and thanks

    Christian

    *Von:* Jeremy Laidman <user-0608abae5e7c@xymon.invalid
    *Gesendet:* Donnerstag, 13. August 2020 01:43
    *An:* Becker Christian <user-e4a19bfb94c0@xymon.invalid
    *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
    *Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring

    Hi Christian

    Sorry, I'm not sure I understand what?you mean. "It seems to me
    that ..." - does that mean: "From reading the docs, it seems to me
    that expected behaviour is..." or: "After the configuration
    changes, it seems to me that actual behaviour is...". It's my
    understanding that adding a LOG entry in analysis.cfg is for
    determining which log lines trigger an alert condition (eg red or
    yellow), but the rest of the log status page is the same - that
    is, it contains all of the log lines from the logfile since the
    last client status message (typically in the last 5 minutes).

    The "pattern" is either a string or a regular expression. Your use
    of dots in the pattern suggest that you're expecting it to be a
    regular expression. However, you haven't prefixed it with "%" to
    tell Xymon this is the case. You perhaps want:

    LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
    %Unable.to.cancel.connection.to
    <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309873011&sdata=GPlm7p8nvbI1ahA%2B8cBrndU1Z3HSsAzJS3JYyxp42J0%3D&reserved=0>;
    COLOR=RED

    If the reason for the regexp is only to match spaces, because you
    don't want the words in the pattern to be treated as different LOG
    keywords, then you might find it easier to just enclose the
    pattern in quotes:

    LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
    cancel connection to" COLOR=RED

    Cheers

    Jeremy

    On Wed, 12 Aug 2020 at 20:46, Becker Christian
    <user-e4a19bfb94c0@xymon.invalid
    <mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:

        Hello to the list,

        i need help in setting up logfile monitoring with xymonpsclient.

        My setup is a Windows 10 client pc, running xymonpsclient
        v2.42, reporting to a xymon server running xymon 4.3.30.

        In the client-local.cfg i have configured the logfile that i
        want to monitor, and an amount of time later, the logfile
        shows up in the msgs column.

        After that i configured analysis.cfg to look for a specific
        pattern in this logfile, it seems to me that only the
        appearance of this pattern is displayed in the msgs column,
        but nothing else from this logfile.

        In addition tot hat, the msgs column didn?t change to red state.

        Here?s the part of my client-local.cfg:

        [win10client1]

        log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600

        And here the part of my analysis.cfg:

        HOST=win10client1

        LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
        Unable.to.cancel.connection.to
        <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>;
        COLOR=RED

        With this setup it seems to me that only lines containing this
        pattern Unable.to.cancel.connection.to
        <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>;
        are displayed in the msgs column of win10client1.

        Any idea what i?m doing wrong? Or do i understand any basics
        the wrong way?

        Regards

        Christian

        
        <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309893002&sdata=idH7gPh5oRQRr3%2BEFt%2B4dfDEel5MxHYPZRPQrEcCES4%3D&reserved=0>;