Messages file not reporting
list Edward Croft
I was able to have log file reporting under Big Brother and the df-msgstab would tell what to alert on. Is that functionality gone in Hobbit? System logs at Thu Feb 2 14:11:38 EST 2006 : No log data available The client did not report any logfile data -- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121
list Etienne Roulland
Read the FAQ please. Hobbit client doesn't (at this time) report logfile status.
▸
I was able to have log file reporting under Big Brother and the
df-msgstab would tell what to alert on. Is that functionality gone in
Hobbit?
*System logs at Thu Feb 2 14:11:38 EST 2006 : No log data available*
The client did not report any logfile data
--
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
list Edward Croft
Thanks, where is it? I looked in the documentation. I see nothing labeled FAQ. README.FAQ or anything like it. I would be more than happy to read the FAQ.
▸
On Thu, 2006-02-02 at 20:20 +0100, Etienne Roulland wrote:
Read the FAQ please. Hobbit client doesn't (at this time) report logfile status.I was able to have log file reporting under Big Brother and the > df-msgstab would tell what to alert on. Is that functionality gone in > Hobbit? *System logs at Thu Feb 2 14:11:38 EST 2006 : No log data available* The client did not report any logfile data-- > Edward M. CroftSr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121
-- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121
list Etienne Roulland
Thanks, where is it? I looked in the documentation. I see nothing labeled FAQ. README.FAQ or anything like it. I would be more than happy to read the FAQ.
It's a README file.. http://www.hswn.dk/hobbitsw/hobbit-4.1.2p1/README.CLIENT " The Hobbit client will report data for the "cpu", "disk", "memory" and "procs" columns to Hobbit, in addition to data for the "vmstat" and "netstat" graphs. It does not currently provide any data for the system-log "msgs" column. " Rgds,
list Edward Croft
Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be expected, if ever? This one thing prevents me from using it as the programs that monitor our systems write warnings into the log file which currently gets picked up by big brother and an alert sent.
▸
On Thu, 2006-02-02 at 22:13 +0100, Etienne Roulland wrote:
Thanks, where is it? I looked in the documentation. I see nothing > labeled FAQ. README.FAQ or anything like it. I would be more than > happy to read the FAQ.It's a README file.. http://www.hswn.dk/hobbitsw/hobbit-4.1.2p1/README.CLIENT " The Hobbit client will report data for the "cpu", "disk", "memory" and "procs" columns to Hobbit, in addition to data for the "vmstat" and "netstat" graphs. It does not currently provide any data for the system-log "msgs" column. " Rgds,
-- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121
list Etienne Roulland
▸
Edward Croft wrote:
Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be expected, if ever? This one thing prevents me from using it as the programs that monitor our systems write warnings into the log file which currently gets picked up by big brother and an alert sent.
You can use external script from http://www.deadcat.net/ to monitor your logfiles.
list Edward Croft
▸
On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote:
Edward Croft wrote:Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be > expected, if ever? This one thing prevents me from using it as the programs that monitor > our systems write warnings into the log file which currently gets picked up by big > brother and an alert sent.You can use external script from http://www.deadcat.net/ to monitor your logfiles.
Thank you. I appreciate your response.
▸
--
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
list Allan Marillier
Hi Edward - I understand your frustration - I've been through the same things myself, and also initially not found the FAQ indicating that syslog monitoring is not yet supported. I believe that Henrik is making it a priority since so many of us are asking for it but there is no news yet or commitment from him on when it will be available. I searched deadcat.net and didn't find anything that looked worth using to me, but I may have missed it. One thing I have been working on, but I've had a few problems, is writing a custom extension. The extension itself is very easy to do - e.g. I have written two for my Linux servers, one to run some sql code to attach to an Oracle instance and report green if it is up or red if it is down, and another to check LAN adapter settings and turn yellow if it is not set to 100Mb full duplex. I have been working on a syslog monitor which looks at /var/log/messages, checks the inode to be sure logrotate has not run, and then uses tail to parse the last n lines. I determine n by checking how many lines are in the file with wc and recording that to a file on disk, then later come back and do the same again. If the inode is the same, and wc -l returned 1000 but now returns 1057, then I do tail -n 57 /var/log/messages | grep -i error and look for any problems. The problem I've encountered is that sometimes the inode changes. Yes, it really does and I'm not crazy, give it a try on Linux. Copy /var/log/messages, then ls -al -i the copy. Edit it with vi, even if all you do is open, then write and quit with no actual changes, and more often than not, the inode will change. I don't understand it. If I can get this working I'd be happy to share my custom extension with you - or maybe you will have some ideas on a different and more robust approach. I'm assuming of course that you're Unix/Linux based, which is not always a good assumption! Edward Croft <user-5619e8943180@xymon.invalid> 02/02/2006 05:16 PM Please respond to user-ae9b8668bcde@xymon.invalid To user-ae9b8668bcde@xymon.invalid cc Subject Re: [hobbit] Messages file not reporting
▸
On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote:
Edward Croft wrote:Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be expected, if ever? This one thing prevents me from using it as the programs that monitor our systems write warnings into the log file which currently gets picked up by big brother and an alert sent.
You can use external script from http://www.deadcat.net/ to monitor your logfiles. Thank you. I appreciate your response. -- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121 ********************************************************************************
This e-mail, and any attachments, is intended solely for use by the addressee(s) named above. It may contain the confidential or proprietary information of Dana Corporation, its subsidiaries, affiliates or business partners. If you are not the intended recipient of this e-mail or are an unauthorized recipient of the information, you are hereby notified that any dissemination, distribution or copying of this e-mail or any attachments, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by reply e-mail and permanently delete the original and any copies or printouts. Computer viruses can be transmitted via email. The recipient should check this e-mail and any attachments for the presence of viruses. Dana Corporation accepts no liability for any damage caused by any virus transmitted by this e-mail. English, Francais, Espanol, Deutsch, Italiano, Portugues: http://www.dana.com/overview/EmailDisclaimer.shtm ********************************************************************************
list Edward Croft
Yes, Linux based. I will have to look into what you are doing. I am wondering if maybe a grep on the log file with the expression "WARNING" would return only those warnings. Then bump up against the timestamp to see if it is old. Beyond an hour, ignore it. This would give me the alert and then I could shut it off and it would go past the time stamp. Big Brother gave you a file to show for each machine what you were looking to alert on. Thanks for giving me a direction to go.
▸
On Fri, 2006-02-03 at 08:41 -0500, user-e3a6ebbee6cd@xymon.invalid wrote:
Hi Edward - I understand your frustration - I've been through the same things myself, and also initially not found the FAQ indicating that syslog monitoring is not yet supported. I believe that Henrik is making it a priority since so many of us are asking for it but there is no news yet or commitment from him on when it will be available. I searched deadcat.net and didn't find anything that looked worth using to me, but I may have missed it. One thing I have been working on, but I've had a few problems, is writing a custom extension. The extension itself is very easy to do - e.g. I have written two for my Linux servers, one to run some sql code to attach to an Oracle instance and report green if it is up or red if it is down, and another to check LAN adapter settings and turn yellow if it is not set to 100Mb full duplex. I have been working on a syslog monitor which looks at /var/log/messages, checks the inode to be sure logrotate has not run, and then uses tail to parse the last n lines. I determine n by checking how many lines are in the file with wc and recording that to a file on disk, then later come back and do the same again. If the inode is the same, and wc -l returned 1000 but now returns 1057, then I do tail -n 57 /var/log/messages | grep -i error and look for any problems. The problem I've encountered is that sometimes the inode changes. Yes, it really does and I'm not crazy, give it a try on Linux. Copy /var/log/messages, then ls -al -i the copy. Edit it with vi, even if all you do is open, then write and quit with no actual changes, and more often than not, the inode will change. I don't understand it. If I can get this working I'd be happy to share my custom extension with you - or maybe you will have some ideas on a different and more robust approach. I'm assuming of course that you're Unix/Linux based, which is not always a good assumption! Edward Croft <user-5619e8943180@xymon.invalid> 02/02/2006 05:16 PM Please respond to user-ae9b8668bcde@xymon.invalid To user-ae9b8668bcde@xymon.invalid cc Subject Re: [hobbit] Messages file not reporting On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote: Edward Croft wrote:Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be > expected, if ever? This one thing prevents me from using it as the programs that monitor > our systems write warnings into the log file which currently gets picked up by big > brother and an alert sent.
You can use external script from http://www.deadcat.net/to monitor
▸
your logfiles. Thank you. I appreciate your response. -- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121 ******************************************************************************** This e-mail, and any attachments, is intended solely for use by the addressee(s) named above. It may contain the confidential or proprietary information of Dana Corporation, its subsidiaries, affiliates or business partners. If you are not the intended recipient of this e-mail or are an unauthorized recipient of the information, you are hereby notified that any dissemination, distribution or copying of this e-mail or any attachments, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by reply e-mail and permanently delete the original and any copies or printouts. Computer viruses can be transmitted via email. The recipient should check this e-mail and any attachments for the presence of viruses. Dana Corporation accepts no liability for any damage caused by any virus transmitted by this e-mail. English, Francais, Espanol, Deutsch, Italiano, Portugues: http://www.dana.com/overview/EmailDisclaimer.shtm ******************************************************************************** --
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.
▸
-- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121
list Ralph Mitchell
One thing to watch out for would be multi-line log messages. I don't know about Linux, but Solaris certainly reports some device messages with WARNING or ERROR on the first line, and the actual device on the next line with more information. Where I work, the jokers that set up CA Unicenter made it detect WARNING & ERROR and had the agent send "Disk error" messages to the console, and never mind that the device was /dev/st0 (scsi *tape*) and it just wanted cleaning, or a fresh tape... I seem to recall that the second and subsequent lines were indented a couple of spaces. Kinda like Linux seems to do, such as in the lines right after: BIOS-provided physical RAM map: and several other places in the boot messages. Ralph Mitchell
▸
On 2/3/06, Edward Croft <user-5619e8943180@xymon.invalid> wrote:Yes, Linux based. I will have to look into what you are doing. I am wondering if maybe a grep on the log file with the expression "WARNING" would return only those warnings. Then bump up against the timestamp to see if it is old. Beyond an hour, ignore it. This would give me the alert and then I could shut it off and it would go past the time stamp. Big Brother gave you a file to show for each machine what you were looking to alert on. Thanks for giving me a direction to go. On Fri, 2006-02-03 at 08:41 -0500, user-e3a6ebbee6cd@xymon.invalid wrote: Hi Edward - I understand your frustration - I've been through the same things myself, and also initially not found the FAQ indicating that syslog monitoring is not yet supported. I believe that Henrik is making it a priority since so many of us are asking for it but there is no news yet or commitment from him on when it will be available. I searched deadcat.net and didn't find anything that looked worth using to me, but I may have missed it. One thing I have been working on, but I've had a few problems, is writing a custom extension. The extension itself is very easy to do - e.g. I have written two for my Linux servers, one to run some sql code to attach to an Oracle instance and report green if it is up or red if it is down, and another to check LAN adapter settings and turn yellow if it is not set to 100Mb full duplex. I have been working on a syslog monitor which looks at /var/log/messages, checks the inode to be sure logrotate has not run, and then uses tail to parse the last n lines. I determine n by checking how many lines are in the file with wc and recording that to a file on disk, then later come back and do the same again. If the inode is the same, and wc -l returned 1000 but now returns 1057, then I do tail -n 57 /var/log/messages | grep -i error and look for any problems. The problem I've encountered is that sometimes the inode changes. Yes, it really does and I'm not crazy, give it a try on Linux. Copy /var/log/messages, then ls -al -i the copy. Edit it with vi, even if all you do is open, then write and quit with no actual changes, and more often than not, the inode will change. I don't understand it. If I can get this working I'd be happy to share my custom extension with you - or maybe you will have some ideas on a different and more robust approach. I'm assuming of course that you're Unix/Linux based, which is not always a good assumption! *Edward Croft <user-5619e8943180@xymon.invalid>* 02/02/2006 05:16 PM Please respond to user-ae9b8668bcde@xymon.invalid To user-ae9b8668bcde@xymon.invalid cc Subject Re: [hobbit] Messages file not reporting On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote: Edward Croft wrote:Why thank you. I did find the one line: It does not currently provide any data for the system-log "msgs" column. That is all it says. Does not currently. Sooooo when can it be expected, if ever? This one thing prevents me from using it as the programs that monitor our systems write warnings into the log file which currently gets picked up by big brother and an alert sent.You can use external script from *http://www.deadcat.net/*to monitor your logfiles. *Thank you. I appreciate your response.* -- Edward M. Croft Sr. Systems Engineer Open Ratings, Inc. 200 West Street Waltham, MA 02451-1121 ********************************************************************************** *This e-mail, and any attachments, is intended solely for use by the * *addressee(s) named above. It may contain the confidential or * *proprietary information of Dana Corporation, its subsidiaries, * *affiliates or business partners. If you are not the intended recipient * *of this e-mail or are an unauthorized recipient of the information, you * *are hereby notified that any dissemination, distribution or copying * *of this e-mail or any attachments, is strictly prohibited. If you have * *received this e-mail in error, please immediately notify the sender * *by reply e-mail and permanently delete the original and any copies * *or printouts.* *Computer viruses can be transmitted via email. The * *recipient should check this e-mail and any attachments for the * *presence of viruses. Dana Corporation accepts no liability for any * *damage caused by any virus transmitted by this e-mail. * *English, Francais, Espanol, Deutsch, Italiano, Portugues:* *http://www.dana.com/overview/EmailDisclaimer.shtm* ********************************************************************************** *-- * *This message has been scanned for viruses and* *dangerous content by*
*MailScanner <http://www.mailscanner.info/>**, and is*
▸
*believed to be clean.*
--
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
list Buchan Milne
▸
On Thursday 02 February 2006 21:15, Edward Croft wrote:
I was able to have log file reporting under Big Brother and the df-msgstab would tell what to alert on. Is that functionality gone in Hobbit? System logs at Thu Feb 2 14:11:38 EST 2006 : No log data available The client did not report any logfile data
You can find the perl script I am using as an extension (run from clientlaunch.cfg on clients, hobbitlaunch.cfg on the hobbit server) attached. It retreives the bb-msgstab file from the hobbit server on each run, and drops the result in $BBTMP/hobbit_msgs. You'd need to add something like this to the client script: if [ -r $BBTMP/hobbit_msgs ]; then echo "[msgs]";cat $BBTMP/hobbit_msgs;fi Lines in the bb-msgs tab follow (more or less) the convention from the extension user-e0894e22938e@xymon.invalid, but I'm not doing well-quoted parsing of regex's, so don't put spaces in the regex's to match on, eg: somehost: /var/log/messages : : Security.Warning : error : It scans the whole log file on every run, so rotate your logs! Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)