LOG monitoring from serverside 🔗 link

ZanDAhaR wrote:

Hi All

I have been playing with the latest release of the client and sever over the past few days and have managed to get everything working (and some cool new bits) apart from the log file monitoring. I can get it so it shows the log file on the hobbit display/web but I cannot get it to search for anything and cause a status change

I have this in client-local.cfg
[db184.corporatesystems.com.au]
file:/usr/bin/make
file:/usr/bin/gcc
log:/var/log/messages:10240

And then this in the hobbit-clients.cfg

HOST=db184.corporatesystems.com.au
   PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
   PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
   PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
   PROC cron 1 -1 yellow
   FILE /usr/bin/make MODE=644
   FILE /usr/bin/gcc MODE=644
   LOG /var/log/messages verify COLOR=yellow

This is a few lines from the log

[root at db184 root]# cat /var/log/messages |grep Verify
Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify complete: Unit #0.
Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on unit 0 on controller ID:2. (0x29)

I have tried regex entries and all sorts and still cant get anything out of it and I'm going crazy. 'verify' is part of a string that comes out when you start a verify on the 3ware raid controller in that server. The man page says the matching string is case insensitive but I have tried it with proper case also.

Can someone please help point out the stupid thing I'm doing as I'm sure the log file monitoring does actually work :)

Cheers

Allan

Dominique Frise wrote:

ZanDAhaR wrote:

Hi All

I have been playing with the latest release of the client and sever over the past few days and have managed to get everything working (and some cool new bits) apart from the log file monitoring. I can get it so it shows the log file on the hobbit display/web but I cannot get it to search for anything and cause a status change

I have this in client-local.cfg
[db184.corporatesystems.com.au]
file:/usr/bin/make
file:/usr/bin/gcc
log:/var/log/messages:10240

And then this in the hobbit-clients.cfg

HOST=db184.corporatesystems.com.au
   PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
   PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
   PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
   PROC cron 1 -1 yellow
   FILE /usr/bin/make MODE=644
   FILE /usr/bin/gcc MODE=644
   LOG /var/log/messages verify COLOR=yellow

This is a few lines from the log

[root at db184 root]# cat /var/log/messages |grep Verify
Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify complete: Unit #0.
Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on unit 0 on controller ID:2. (0x29)

I have tried regex entries and all sorts and still cant get anything out of it and I'm going crazy. 'verify' is part of a string that comes out when you start a verify on the 3ware raid controller in that server. The man page says the matching string is case insensitive but I have tried it with proper case also.

Can someone please help point out the stupid thing I'm doing as I'm sure the log file monitoring does actually work :)

Cheers

Allan

Extract of hobbit-clients.cfg man page:

     Note that Hobbit defaults to  case-
     insensitive  pattern matching; if that is not what you want,
     put "(?-i)" between the "%" and the  regular  expression  to
     turn  this off.


Try this:

LOG /var/log/messages %(?-i)verify COLOR=yellow


Dominique
UNIL - University of Lausanne

ZanDAhaR wrote:

Dominique Frise wrote:

ZanDAhaR wrote:

Hi All

I have been playing with the latest release of the client and sever over the past few days and have managed to get everything working (and some cool new bits) apart from the log file monitoring. I can get it so it shows the log file on the hobbit display/web but I cannot get it to search for anything and cause a status change

I have this in client-local.cfg
[db184.corporatesystems.com.au]
file:/usr/bin/make
file:/usr/bin/gcc
log:/var/log/messages:10240

And then this in the hobbit-clients.cfg

HOST=db184.corporatesystems.com.au
   PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
   PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
   PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
   PROC cron 1 -1 yellow
   FILE /usr/bin/make MODE=644
   FILE /usr/bin/gcc MODE=644
   LOG /var/log/messages verify COLOR=yellow

This is a few lines from the log

[root at db184 root]# cat /var/log/messages |grep Verify
Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify complete: Unit #0.
Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on unit 0 on controller ID:2. (0x29)

I have tried regex entries and all sorts and still cant get anything out of it and I'm going crazy. 'verify' is part of a string that comes out when you start a verify on the 3ware raid controller in that server. The man page says the matching string is case insensitive but I have tried it with proper case also.

Can someone please help point out the stupid thing I'm doing as I'm sure the log file monitoring does actually work :)

Cheers

Allan

Extract of hobbit-clients.cfg man page:

     Note that Hobbit defaults to  case-
     insensitive  pattern matching; if that is not what you want,
     put "(?-i)" between the "%" and the  regular  expression  to
     turn  this off.


Try this:

LOG /var/log/messages %(?-i)verify COLOR=yellow


Dominique
UNIL - University of Lausanne

I had already tried that as per the man page and I also tried against a lower case string such as 'session' which gets written everytime you open an ssh connection and even that didnt do anything.

Also something that I havent found clear is how do you define multiple strings ? On the same line with spaces or one LOG line per string ?

Allan

David Gore wrote:

ZanDAhaR wrote:

Dominique Frise wrote:

ZanDAhaR wrote:

Hi All

I have been playing with the latest release of the client and sever over the past few days and have managed to get everything working (and some cool new bits) apart from the log file monitoring. I can get it so it shows the log file on the hobbit display/web but I cannot get it to search for anything and cause a status change

I have this in client-local.cfg
[db184.corporatesystems.com.au]
file:/usr/bin/make
file:/usr/bin/gcc
log:/var/log/messages:10240

And then this in the hobbit-clients.cfg

HOST=db184.corporatesystems.com.au
   PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
   PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
   PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
   PROC cron 1 -1 yellow
   FILE /usr/bin/make MODE=644
   FILE /usr/bin/gcc MODE=644
   LOG /var/log/messages verify COLOR=yellow

This is a few lines from the log

[root at db184 root]# cat /var/log/messages |grep Verify
Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify complete: Unit #0.
Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on unit 0 on controller ID:2. (0x29)

I have tried regex entries and all sorts and still cant get anything out of it and I'm going crazy. 'verify' is part of a string that comes out when you start a verify on the 3ware raid controller in that server. The man page says the matching string is case insensitive but I have tried it with proper case also.

Can someone please help point out the stupid thing I'm doing as I'm sure the log file monitoring does actually work :)

Cheers

Allan

Extract of hobbit-clients.cfg man page:

     Note that Hobbit defaults to  case-
     insensitive  pattern matching; if that is not what you want,
     put "(?-i)" between the "%" and the  regular  expression  to
     turn  this off.


Try this:

LOG /var/log/messages %(?-i)verify COLOR=yellow


Dominique
UNIL - University of Lausanne

I had already tried that as per the man page and I also tried against a lower case string such as 'session' which gets written everytime you open an ssh connection and even that didnt do anything.

Also something that I havent found clear is how do you define multiple strings ? On the same line with spaces or one LOG line per string ?

Allan

You do have to be very careful, if the log file is logging A LOT of messages.  Specifically  more than the 10240 bytes you are asking for.  In other words, if the log file grows by more than 10240 bytes every five minutes you will lose part of the log file.


Your config entries look OK to me, those are both on the hobbit server right?  Do you see the 'Verify' string in the output on the web page, Client data link?

~David

ZanDAhaR wrote:

Dominique Frise wrote:

ZanDAhaR wrote:

Hi All

I have been playing with the latest release of the client and sever over the past few days and have managed to get everything working (and some cool new bits) apart from the log file monitoring. I can get it so it shows the log file on the hobbit display/web but I cannot get it to search for anything and cause a status change

I have this in client-local.cfg
[db184.corporatesystems.com.au]
file:/usr/bin/make
file:/usr/bin/gcc
log:/var/log/messages:10240

And then this in the hobbit-clients.cfg

HOST=db184.corporatesystems.com.au
   PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
   PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
   PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
   PROC cron 1 -1 yellow
   FILE /usr/bin/make MODE=644
   FILE /usr/bin/gcc MODE=644
   LOG /var/log/messages verify COLOR=yellow

This is a few lines from the log

[root at db184 root]# cat /var/log/messages |grep Verify
Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify complete: Unit #0.
Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify started: Unit #0.
Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on unit 0 on controller ID:2. (0x29)

I have tried regex entries and all sorts and still cant get anything out of it and I'm going crazy. 'verify' is part of a string that comes out when you start a verify on the 3ware raid controller in that server. The man page says the matching string is case insensitive but I have tried it with proper case also.

Can someone please help point out the stupid thing I'm doing as I'm sure the log file monitoring does actually work :)

Cheers

Allan

Extract of hobbit-clients.cfg man page:

     Note that Hobbit defaults to  case-
     insensitive  pattern matching; if that is not what you want,
     put "(?-i)" between the "%" and the  regular  expression  to
     turn  this off.


Try this:

LOG /var/log/messages %(?-i)verify COLOR=yellow


Dominique
UNIL - University of Lausanne

I had already tried that as per the man page and I also tried against a lower case string such as 'session' which gets written everytime you open an ssh connection and even that didnt do anything.

Also something that I havent found clear is how do you define multiple strings ? On the same line with spaces or one LOG line per string ?

On Fri, Jun 09, 2006 at 02:38:05PM +1000, ZanDAhaR wrote:

And yes I have defined the log in the local.cfg and also the log and the string to match in the hobbit-clients.cfg under the appropriate host definition.
I can see the parts of the log coming out in the client data link, and also it appears on the web page itself where it says Full Log /var/log/messages

I might try do some testing on a different client and see if I get anything different.

Henrik Stoerner wrote:

On Fri, Jun 09, 2006 at 02:38:05PM +1000, ZanDAhaR wrote:
  

And yes I have defined the log in the local.cfg and also the log and the string to match in the hobbit-clients.cfg under the appropriate host definition.
I can see the parts of the log coming out in the client data link, and also it appears on the web page itself where it says Full Log /var/log/messages

I might try do some testing on a different client and see if I get anything different.
    

Just for testing, perhaps you could send me a copy of the log file,
your hobbit-clients.cfg and client-local.cfg files ? Send them
directly to me instead of the list ...

I cannot see anything wrong with your config that you've posted here,
so I'm rather puzzled why it doesn't work.


Regards,
Henrik

ZanDAhaR wrote:

Henrik Stoerner wrote:

On Fri, Jun 09, 2006 at 02:38:05PM +1000, ZanDAhaR wrote:
  

And yes I have defined the log in the local.cfg and also the log and the string to match in the hobbit-clients.cfg under the appropriate host definition.
I can see the parts of the log coming out in the client data link, and also it appears on the web page itself where it says Full Log /var/log/messages

I might try do some testing on a different client and see if I get anything different.
    

Just for testing, perhaps you could send me a copy of the log file,
your hobbit-clients.cfg and client-local.cfg files ? Send them
directly to me instead of the list ...

I cannot see anything wrong with your config that you've posted here,
so I'm rather puzzled why it doesn't work.


Regards,
Henrik

Yey im not going insane!!

Its Friday and almost 5pm here and its also a public holiday here on Monday so I will do some more testing maybe on Monday if I can and if I still get strange issues on another host then I might take you up on that offer cheers

Allan