From: Jeremy Laidman [mailto:user-71895fb2e44c@xymon.invalid]
Sent: 14 March 2014 22:14
To: Neil Simmonds
Cc: xymon at xymon.com
Subject: Re: [Xymon] Log file monitoring
On 4 March 2014 00:17, Neil Simmonds <user-feff97fabd3d@xymon.invalid
<mailto:user-feff97fabd3d@xymon.invalid> > wrote:
As far as I can see there is no built in way in Xymon to monitor a log for
the number of times a string has occurred in a specified time period.
Sure there is. From the client-local.cfg file comments:
# "linecount:FILENAME"
# Monitor the text-based logfile FILENAME, but just
# count the number of times certain expressions appear.
# This processes the entire file every time. It must
# be followed by one or more lines with
# "KEYWORD PATTERN"
# KEYWORD identifies this count. You can use any string
# except whitespace. PATTERN is a regular expression
# that you want to search for in the file.
I use this to monitor the count of "xfer-in" and "xfer-out" messages on my
DNS servers. There's already a graphs.cfg definition called [lines] that
presents them nicely in a graph.
J
II've just had a chance to look at this and it still doesn't fir my original
requirements. I want to count the number of lines matching a regex within a
specific time period. So for example I might want to alert if I get 10
warning messages in 30 minutes.
Built in Xymon functionality does not seem to give me a way of doing this.
I'm looking into Simple Event Correlator as suggested by Henrik as a
solution for this but it seems a little heavy solution for a simple
requirement. I'm hopeful other requirements will occur in the future to
justify the time spent on SEC,
Given the fact that once people hear of the capability they'll come up with
all sorts of ways of using it, I'm guessing it will get used.
Neil.