hobbit-clients.cfg LOG configuration
list Geng Hu
Hi, In hobbit-clients.cfg LOG configuration, I want to catch critical event lines, which have the keyword "EventID" and either keyword of failed, failure or error. Looks this line doesn't work, any idea please? LOG /var/log/messages %EventID.*(failed|failure|error) thanks, Geng
list Henrik Størner
▸
On Tue, Oct 30, 2007 at 05:17:10PM +0800, Geng Hu wrote:
In hobbit-clients.cfg LOG configuration, I want to catch critical event lines, which have the keyword "EventID" and either keyword of failed, failure or error. Looks this line doesn't work, any idea please? LOG /var/log/messages %EventID.*(failed|failure|error)
It would help if you could show us some of the actual lines from the logfile that you would expect this to catch. Henrik
list Geng Hu
For each line with "EventID", i want to catch the lines have keyword like "failed" or "error",which is critical. lines i want to match: EventID:2083 Physical disk rebuild failed EventID:2272 uncorrectable media error. lines i don't want to match: EventID:2086 Virtual disk format completed other lines without "EventID" thanks! Geng
list Michael A. Price
Fellow Hobbit users, I need a little help with something, it has stumped me... I have two hosts on the same network, if one goes down. The other will be down also because of a switch issue. I don't want to receive two alerts. So I wrote in the depends tag, is this correct format??? 192.168.192.20 toronto # trace conn 192.168.192.21 oriole # trace conn depends=(conn:toronto/conn) If toronto is down and oriole is down, I just one one email alert. Thanks for the help, michael
list Eric Meddaugh
I use the "route" tag for that instead: 192.168.192.20 toronto # trace conn 192.168.192.21 oriole # trace conn route:Toronto You'd get an alert on Toronto...... someone please correct me if my understanding is wrong. ---Eric
▸
From: Michael A. Price [mailto:user-d7d653acf808@xymon.invalid]
Sent: Wednesday, October 31, 2007 07:30
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will
be down also because of a switch issue. I don't want to receive two
alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn
depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
list Darin D [eit] Dugan
Eric is right. When Toronto goes red oriole will go yellow with a message like "The router toronto (IP:192.168.192.20) is not reachable, causing this host to be unreachable." You can also have multiple things in the route tag if it makes sense to do so. I have a Hobbit server on our main LAN and monitored devices at the far end of WAN links...so I use route to check the router at this side, the router's WAN at the far side, and the router's LAN at the far side. That quickly tells me if I have a router problem here, a WAN link problem, or a LAN problem at the remote site. Cheers. D
▸
From: Eric Meddaugh [mailto:user-4e1e735fdc96@xymon.invalid]
Sent: Wednesday, October 31, 2007 9:15 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] The Depends Tag
I use the "route" tag for that instead:
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn route:Toronto
You'd get an alert on Toronto...... someone please correct me if my
understanding is wrong.
---Eric
From: Michael A. Price [mailto:user-d7d653acf808@xymon.invalid]
Sent: Wednesday, October 31, 2007 07:30
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will
be down also because of a switch issue. I don't want to receive two
alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn
depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
list Michael A. Price
Gents, I configured everything for the route tag and it works great :-) Thanks, michael
▸
From: Dugan, Darin D [EIT] [mailto:user-b33a1547d27a@xymon.invalid]
Sent: Wednesday, October 31, 2007 2:25 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] The Depends Tag
Eric is right. When Toronto goes red oriole will go yellow with a
message like "The router toronto (IP:192.168.192.20) is not reachable,
causing this host to be unreachable."
You can also have multiple things in the route tag if it makes sense to
do so. I have a Hobbit server on our main LAN and monitored devices at
the far end of WAN links...so I use route to check the router at this
side, the router's WAN at the far side, and the router's LAN at the far
side. That quickly tells me if I have a router problem here, a WAN link
problem, or a LAN problem at the remote site.
Cheers.
D
From: Eric Meddaugh [mailto:user-4e1e735fdc96@xymon.invalid]
Sent: Wednesday, October 31, 2007 9:15 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] The Depends Tag
I use the "route" tag for that instead:
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn route:Toronto
You'd get an alert on Toronto...... someone please correct me if my
understanding is wrong.
---Eric
From: Michael A. Price [mailto:user-d7d653acf808@xymon.invalid]
Sent: Wednesday, October 31, 2007 07:30
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will
be down also because of a switch issue. I don't want to receive two
alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn
depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael