Alert on Log Entry
list Nick Pettefar
Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry? I have HOST=server-abc-ge1 MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red Can I put something like SERVICE=log:Fail.log="Big-Failure" Regards, Nick Pettefar - Xymon Rookie
list Paul Root
Yes, You set the log files to look at in client-local.cfg (on the server) in the proper machine type area. Then you edit the analysis.cfg file with the LOG command. Then you use msgs test not the log test.
▸
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Nick Pettefar
Sent: Wednesday, February 06, 2013 11:56 AM
To: xymon
Subject: [Xymon] Alert on Log Entry
Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry?
I have
HOST=server-abc-ge1
MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red
Can I put something like SERVICE=log:Fail.log="Big-Failure"
Regards,
Nick Pettefar - Xymon Rookie
list Nick Pettefar
Hi Paul, Could you explain the last part: "Then you use msgs test not the log test." please? Do you mean do something with "msgs" in the alerts.cfg file? if so, what - could you give an example please? Regards, Nick Pettefar - Xymon Rookie
▸
On 6 February 2013 20:35, Root, Paul <user-76fdb6883669@xymon.invalid> wrote:Yes,
You set the log files to look at in client-local.cfg (on the server) in the proper machine type area.
Then you edit the analysis.cfg file with the LOG command.
Then you use msgs test not the log test.
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Nick Pettefar
Sent: Wednesday, February 06, 2013 11:56 AM
To: xymon
Subject: [Xymon] Alert on Log Entry
Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry?
I have
HOST=server-abc-ge1
MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red
Can I put something like SERVICE=log:Fail.log="Big-Failure"
Regards,
Nick Pettefar - Xymon Rookie
list Michael Beatty
The configuring xymon to monitor a log file is a 2 step process. First, you need to tell the client which log file it needs to gather data from to send to the server. Then you need to tell the server how to read the data.
In your case, you will put an entry in client-local.cfg to be:
[linux] #or whatever operating system or host name this is for
log:/home/user/log/Fail.log:10240
The above entry tell the client to gather the most recent 10240 bytes from Fail.log and send it to the xymon server. You will want to read the client-local.cfg man page to learn more about the option "trigger" and "ignore" tags as these can help you optimize the message with only relevant data from that log file.
Xymon then receives a big chuck of the log file. You now need to configure the server to read that data and analyze it. This is done in analysis.cfg. The LOG entry tells xymon how to do this.
In your case, you will put an entry in analysis.cfg to be:
LOG /home/user/log/Fail.log "Big Failure"
The above entry tells xymon to look through the client message it received that has data from the /home/user/log/Fail.log file then look to see if the string "Big Failure" in it. If it finds it, it will send a red alert to the "msgs" column.
You will also want to read the analysis.cfg man page as the LOG tag has more options.
Michael Beatty
Sherwin-Williams
IT Analyst/Developer
user-4aea7c115850@xymon.invalid
XXX-XXX-XXXX
▸
On 02/06/2013 06:06 PM, Nick Pettefar wrote:Hi Paul, Could you explain the last part: "Then you use msgs test not the log test." please? Do you mean do something with "msgs" in the alerts.cfg file? if so, what - could you give an example please? Regards, Nick Pettefar - Xymon Rookie On 6 February 2013 20:35, Root, Paul <user-76fdb6883669@xymon.invalid> wrote:Yes, You set the log files to look at in client-local.cfg (on the server) in the proper machine type area. Then you edit the analysis.cfg file with the LOG command. Then you use msgs test not the log test. -----Original Message----- From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Nick Pettefar Sent: Wednesday, February 06, 2013 11:56 AM To: xymon Subject: [Xymon] Alert on Log Entry Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry? I have HOST=server-abc-ge1 MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red Can I put something like SERVICE=log:Fail.log="Big-Failure" Regards, Nick Pettefar - Xymon Rookie
list Paul Root
The test will be messages not log. This is basic Xymon stuff. Read the man pages or just read the comments in the config files. Sent via Divide iOS
▸
On Wednesday, February 6, 2013, 5:07:07 PM, "Nick Pettefar" <user-2027539dd102@xymon.invalid> wrote:
Hi Paul,
Could you explain the last part: "Then you use msgs test not the log
test." please? Do you mean do something with "msgs" in the alerts.cfg
file? if so, what - could you give an example please?
Regards,
Nick Pettefar - Xymon Rookie
On 6 February 2013 20:35, Root, Paul <user-76fdb6883669@xymon.invalid> wrote:Yes,
You set the log files to look at in client-local.cfg (on the server) in the proper machine type area.
Then you edit the analysis.cfg file with the LOG command.
Then you use msgs test not the log test.
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Nick Pettefar
Sent: Wednesday, February 06, 2013 11:56 AM
To: xymon
Subject: [Xymon] Alert on Log Entry
Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry?
I have
HOST=server-abc-ge1
MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red
Can I put something like SERVICE=log:Fail.log="Big-Failure"
Regards,
Nick Pettefar - Xymon Rookie
list Nick Pettefar
Well, the answer is to use the "GROUP" keyword after the test.
On the Xymon server:
In the ~xymon/server/etc/analysis.cfg file, use this:
HOST=sparky
LOG /tmp/test.log wibble COLOR=red GROUP=wibble
("wibble" is the keyword to check on in the log file and red is the
colour to set the web page "msgs" icon to.)
In the ~xymon/server/etc/alerts.cfg file, use this:
GROUP=wibble
MAIL user-4a93aacab394@xymon.invalid SERVICE=log FORMAT=PLAIN COLOR=red
On the Xymon client.
In the ~xymon/server/etc/client-local.cfg file, use this:
log:/tmp/test.log:1024
This will collect up to 1024 lines from the log file. Adjust accordingly.
Now if "wibble" appears in the /tmp/test.log file, an e-mail will be
sent to user-4a93aacab394@xymon.invalid
Regards,
Nick Pettefar
▸
On 6 February 2013 17:55, Nick Pettefar <user-2027539dd102@xymon.invalid> wrote:Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry? I have HOST=server-abc-ge1 MAIL user-bbed4d766b23@xymon.invalid SERVICE=log COLOR=red Can I put something like SERVICE=log:Fail.log="Big-Failure" Regards, Nick Pettefar - Xymon Rookie