My apologies, Lars - you were right.
I changed it to LOG /var/log/messages %somestring COLOR=red, and it
works.
Thanks!
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 08 August 2008 15:51
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] monitoring logs
Are you sure (not that I'm in a position to question anyone else's
knowledge about hobbit..)?
hobbit-clients.cfg says:
Example: Go yellow if the text "WARNING" shows up in any logfile.
LOG %.* WARNING COLOR=yellow
So I thought it could be a simple text string...
From: Lars Ebeling [mailto:user-1fecd3eafd52@xymon.invalid]
Sent: 08 August 2008 15:37
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] monitoring logs
somestring has to be a regular expression (which i know nothing about),
but %Relay works for me.
Regards
Lars
----- Original Message -----
From: Johan Booysen <mailto:user-6f017f1ad8a9@xymon.invalid>
To: user-ae9b8668bcde@xymon.invalid
Sent: Friday, August 08, 2008 4:28 PM
Subject: [hobbit] monitoring logs
I'm trying to get hobbit to monitor /var/log/messages for
specific entries ("somestring" in my example below) on server1.
In hobbit-clients.cfg I've added (above DEFAULT):
HOST=server1
LOG /var/log/messages somestring COLOR=red
And in client-local.cfg, I've added:
server1
log:/var/log/messages:10240
ignore MARK
My understanding is that server1 should now collect data from
/var/log/messages, and the hobbit server will then, if it finds
"somestring" in the log file, flag it as red in the msgs column.
I can now see the entire log for server1 on the web interface,
but the msgs icon doesn't change to red.
What am I missing?
Also, does any of the defaults in client-local.cfg match RHEL5
machines, e.g.
[redhat]
log:/var/log/messages:10240
ignore MARK
or
[redhatES]
log:/var/log/messages:10240
ignore MARK
Thanks.