Xymon Mailing List Archive search

monitoring /var/log/messages for new occurence of a string

6 messages in this thread

list Nicole Beck · Fri, 5 Oct 2012 19:00:00 +0000 · 
Hi,
The answer to this is probably in the archives already, but I didn't find it.

I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients.  I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages.  What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if  that string occurred hours ago.    Is there a way to parse the file to only send an alert if it is a new occurrence of the string?  We only rotate this file once a week, so we might get an alert on something that's a day old.

Thanks!
Nicole Beck
list Larry Barber · Fri, 5 Oct 2012 15:27:57 -0500 · 
Is there some reason you can't use a Xymon client?

Thanks,
Larry Barber
quoted from Nicole Beck

On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <user-80034b0579c6@xymon.invalid> wrote:

 Hi,****

The answer to this is probably in the archives already, but I didn’t find
it.****

** **

I’m running Xymon 4.2.3 server on RHEL, and running Big Brother on the
clients.  I setup the bb-msgstab file on a Linux client to alert for a
specific string in /var/log/messages.  What I’m seeing is that anytime
/var/log/messages is updated, we get an alert for the string we are testing
for, even if  that string occurred hours ago.    Is there a way to parse
the file to only send an alert if it is a new occurrence of the string?  We
only rotate this file once a week, so we might get an alert on something
that’s a day old.****

** **

Thanks!****

Nicole Beck****

** **
list Nicole Beck · Mon, 8 Oct 2012 17:35:04 +0000 · 
I just haven't had a chance to test it much.  If I recall correctly, it didn't monitor everything that we currently monitor with big brother.  I'll have to investigate it further.

Thanks,
Nicole
quoted from Larry Barber

From: Larry Barber [mailto:user-6ef9c2864140@xymon.invalid]
Sent: Friday, October 05, 2012 4:28 PM
To: Nicole Beck
Cc: xymon at xymon.com
Subject: Re: [Xymon] monitoring /var/log/messages for new occurence of a string

Is there some reason you can't use a Xymon client?

Thanks,
Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <user-80034b0579c6@xymon.invalid<mailto:user-80034b0579c6@xymon.invalid>> wrote:
Hi,
The answer to this is probably in the archives already, but I didn't find it.

I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients.  I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages.  What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if  that string occurred hours ago.    Is there a way to parse the file to only send an alert if it is a new occurrence of the string?  We only rotate this file once a week, so we might get an alert on something that's a day old.

Thanks!
Nicole Beck
list Ryan Novosielski · Mon, 8 Oct 2012 13:39:01 -0400 · 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It definitely works better, and monitors all the same things. You may
need to modify your external tests a little bit, but just because the
environment variables/names have just changed a little.

I've got a big selling point for you if you need one: you cannot
configure client settings centrally on the server side if you use a
Big Brother client. They will be ignored.
quoted from Nicole Beck

On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven’t had a chance to test it much.  If I recall
correctly, it didn’t monitor everything that we currently monitor
with big brother. I’ll have to investigate it further.


Thanks,

Nicole



*From:*Larry Barber [mailto:user-6ef9c2864140@xymon.invalid] *Sent:* Friday,
quoted from Nicole Beck
October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com *Subject:* Re: [Xymon] monitoring /var/log/messages for new
occurence of a string


Is there some reason you can't use a Xymon client?

Thanks, Larry Barber

On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <user-80034b0579c6@xymon.invalid <mailto:user-80034b0579c6@xymon.invalid>> wrote:

Hi,

The answer to this is probably in the archives already, but I
didn’t find it.


I’m running Xymon 4.2.3 server on RHEL, and running Big Brother on
the clients.  I setup the bb-msgstab file on a Linux client to
alert for a specific string in /var/log/messages.  What I’m seeing
is that anytime /var/log/messages is updated, we get an alert for
the string we are testing for, even if  that string occurred hours
ago.    Is there a way to parse the file to only send an alert if
it is a new occurrence of the string?  We only rotate this file
once a week, so we might get an alert on something that’s a day
old.


Thanks!

Nicole Beck


- -- - ---- _  _ _  _ ___  _  _  _

|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzD7UACgkQmb+gadEcsb54fgCffOb1tL0U6zbBFUiYGovSxfsi
AlUAnAu73H8glQQ3YAd0Bzu8iOqw96en
=ovXt
-----END PGP SIGNATURE-----
list Nicole Beck · Thu, 11 Oct 2012 19:08:23 +0000 · 
I installed the xymon client on a test server, and that seems to work better for monitoring the log files.  IE, it only alerts for new occurrences of the string in the log. Thanks!

Now to figure out my scripts that I called from the bb-bbexttab file on the client.  I got one to work by adding it to the clientlaunch.cfg file on the client.   But you mentioned doing it centrally on the server?  
Thanks again,
Nicole
quoted from Ryan Novosielski

-----Original Message-----
From: Novosielski, Ryan [mailto:user-ae4522577e16@xymon.invalid] Sent: Monday, October 08, 2012 1:39 PM
To: Nicole Beck
Cc: 'Larry Barber'; 'xymon at xymon.com'
Subject: Re: [Xymon] monitoring /var/log/messages for new occurence of a string

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It definitely works better, and monitors all the same things. You may need to modify your external tests a little bit, but just because the environment variables/names have just changed a little.

I've got a big selling point for you if you need one: you cannot configure client settings centrally on the server side if you use a Big Brother client. They will be ignored.

On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven't had a chance to test it much.  If I recall correctly, it didn't monitor everything that we currently monitor with big brother. I'll have to investigate it further.


Thanks,

Nicole


*From:*Larry Barber [mailto:user-6ef9c2864140@xymon.invalid] *Sent:* Friday, October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com
*Subject:* Re: [Xymon] monitoring /var/log/messages for new occurence of a string


Is there some reason you can't use a Xymon client?

Thanks, Larry Barber

On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <user-80034b0579c6@xymon.invalid <mailto:user-80034b0579c6@xymon.invalid>> wrote:

Hi,

The answer to this is probably in the archives already, but I didn't find it.


I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients.  I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages.  What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if  that string occurred hours
ago.    Is there a way to parse the file to only send an alert if
it is a new occurrence of the string?  We only rotate this file once a week, so we might get an alert on something that's a day old.


Thanks!

Nicole Beck


- --
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| |  | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBzD7UACgkQmb+gadEcsb54fgCffOb1tL0U6zbBFUiYGovSxfsi
AlUAnAu73H8glQQ3YAd0Bzu8iOqw96en
=ovXt
-----END PGP SIGNATURE-----
list Ryan Novosielski · Thu, 11 Oct 2012 15:23:48 -0400 · 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, you do need to set these up on the clients and you've done this in
the right place. What I was referring to is configuring alerting
behavior on the tests. For example, you can centrally ignore all
instances of say /CDROM as not relevant in a disk space test, or do
other stuff with regex's. On BB, you had to ignore FSs or set CPU
limits, etc., on each individual client.
quoted from Nicole Beck

On 10/11/2012 03:08 PM, Nicole Beck wrote:
I installed the xymon client on a test server, and that seems to
work better for monitoring the log files.  IE, it only alerts for
new occurrences of the string in the log. Thanks!

Now to figure out my scripts that I called from the bb-bbexttab
file on the client.  I got one to work by adding it to the
clientlaunch.cfg file on the client.   But you mentioned doing it
centrally on the server?

Thanks again, Nicole

-----Original Message----- From: Novosielski, Ryan
[mailto:user-ae4522577e16@xymon.invalid] Sent: Monday, October 08, 2012 1:39 PM To: Nicole Beck Cc: 'Larry Barber'; 'xymon at xymon.com' Subject: Re:
[Xymon] monitoring /var/log/messages for new occurence of a string

It definitely works better, and monitors all the same things. You
may need to modify your external tests a little bit, but just
because the environment variables/names have just changed a
little.

I've got a big selling point for you if you need one: you cannot
configure client settings centrally on the server side if you use a
Big Brother client. They will be ignored.

On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven't had a chance to test it much.  If I recall
correctly, it didn't monitor everything that we currently monitor
with big brother. I'll have to investigate it further.
Thanks,
Nicole
*From:*Larry Barber [mailto:user-6ef9c2864140@xymon.invalid] *Sent:* Friday, October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com *Subject:* Re: [Xymon] monitoring /var/log/messages for new
occurence of a string
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <user-80034b0579c6@xymon.invalid <mailto:user-80034b0579c6@xymon.invalid>> wrote:
Hi,
The answer to this is probably in the archives already, but I
didn't find it.
I'm running Xymon 4.2.3 server on RHEL, and running Big Brother
on the clients.  I setup the bb-msgstab file on a Linux client to
alert for a specific string in /var/log/messages.  What I'm
seeing is that anytime /var/log/messages is updated, we get an
alert for the string we are testing for, even if  that string
occurred hours ago.    Is there a way to parse the file to only
send an alert if it is a new occurrence of the string?  We only
rotate this file once a week, so we might get an alert on
something that's a day old.
Thanks!
Nicole Beck
_______________________________________________ Xymon mailing
list Xymon at xymon.com
quoted from Nicole Beck
- -- - ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


iEYEARECAAYFAlB3HMQACgkQmb+gadEcsb61oQCg2hRVMMY6JOnsoTI+g5t9Sff/
/zYAmwT9iHCAKvbG/VGMB3xjPutdZG6+
=nOVq
-----END PGP SIGNATURE-----