Xymon Mailing List Archive search

Alerting & IGNORE

5 messages in this thread

list James Wade · Fri, 20 Jul 2007 14:17:30 -0500 · 
I can't get the ignore working. Is this syntax wrong:

 
HOST=sau102

        LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error IGNORE="%setuid
execution not allowed" COLOR=yellow

 
Thie above is in the hobbit-clients.cfg file.

 
Thanks.James
list John Glowacki · Fri, 20 Jul 2007 15:36:38 -0400 ·
quoted from James Wade
James Wade wrote:
I can't get the ignore working. Is this syntax wrong:

HOST=sau102

        LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error IGNORE="%setuid
execution not allowed" COLOR=yellow

Thie above is in the hobbit-clients.cfg file.
Both of these lines work for me.

HOST=host1
  LOG     /var/adm/messages %(?-i)WARNING COLOR=yellow "IGNORE=%WARNING:
/var/adm/utmp exists"
HOST=host2
  LOG     /var/adm/messages %(?-i)WARNING "IGNORE=%VOLTAGE:" COLOR=yellow


Try moving your quote.

LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error "IGNORE=%setuid
execution not allowed" COLOR=yellow

John
list John Glowacki · Fri, 20 Jul 2007 15:48:47 -0400 ·
quoted from John Glowacki
John Glowacki wrote:
James Wade wrote:
I can't get the ignore working. Is this syntax wrong:

HOST=sau102

        LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error IGNORE="%setuid
execution not allowed" COLOR=yellow

Thie above is in the hobbit-clients.cfg file.
Both of these lines work for me.

HOST=host1
  LOG     /var/adm/messages %(?-i)WARNING COLOR=yellow "IGNORE=%WARNING:
/var/adm/utmp exists"
HOST=host2
  LOG     /var/adm/messages %(?-i)WARNING "IGNORE=%VOLTAGE:" COLOR=yellow


Try moving your quote.

LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error "IGNORE=%setuid
execution not allowed" COLOR=yellow

John


I forgot I also had to exclude the hosts from the CLASS. So check if you
have another rule that would alert.

CLASS=sunos EXHOST=host1,host2
    LOG     /var/adm/messages %(?-i)FAILED COLOR=yellow
    LOG     %.* %(?-i)NOTICE COLOR=yellow
    LOG     /var/adm/messages %NFS.*not.responding.still.trying COLOR=yellow
    LOG     /var/adm/messages %(?-i)REASON COLOR=red
    LOG     /var/adm/messages %(?-i)WARNING COLOR=yellow
list Giovanni - Gestor Redix · Fri, 20 Jul 2007 16:53:09 -0300 · 
Don't use SPACES, change by \s:

LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error IGNORE="%setuid\sexecution\snot\sallowed" COLOR=yellow


Cheers
quoted from John Glowacki

John Glowacki wrote:
James Wade wrote:
  
I can't get the ignore working. Is this syntax wrong:

HOST=sau102

        LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error IGNORE="%setuid
execution not allowed" COLOR=yellow

Thie above is in the hobbit-clients.cfg file.
    
Both of these lines work for me.

HOST=host1
  LOG     /var/adm/messages %(?-i)WARNING COLOR=yellow "IGNORE=%WARNING:
/var/adm/utmp exists"
HOST=host2
  LOG     /var/adm/messages %(?-i)WARNING "IGNORE=%VOLTAGE:" COLOR=yellow


Try moving your quote.

LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error "IGNORE=%setuid
execution not allowed" COLOR=yellow

John
list Charles Jones · Fri, 20 Jul 2007 13:15:37 -0700 · 
I think you have to use metachars instead of spaces if you are using a 
regex, so try this:
LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error 
IGNORE="%setuid.execution.not.allowed" COLOR=yellow

or even "%setuid.*allowed".

You may also have to put quotes around the previous regex.

-Charles
quoted from James Wade


James Wade wrote:
I can't get the ignore working. Is this syntax wrong:

 
HOST=sau102

        LOG /var/adm/messages %(?-i)NOTICE|WARNING|Error 
IGNORE="%setuid execution not allowed" COLOR=yellow

 
Thie above is in the hobbit-clients.cfg file.