xymonpsclient (application) logfile monitoring
list Becker Christian
Hello to the list, i need help in setting up logfile monitoring with xymonpsclient. My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30. In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column. After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile. In addition tot hat, the msgs column didn't change to red state. Here's the part of my client-local.cfg: [win10client1] log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600 And here the part of my analysis.cfg: HOST=win10client1 LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to are displayed in the msgs column of win10client1. Any idea what i'm doing wrong? Or do i understand any basics the wrong way? Regards Christian
list Jeremy Laidman
Hi Christian Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes). The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want: LOG C:\Program Files\PATH-TO-LOGFILE\filename.log % Unable.to.cancel.connection.to COLOR=RED If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes: LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED Cheers Jeremy On Wed, 12 Aug 2020 at 20:46, Becker Christian <
▸
user-e4a19bfb94c0@xymon.invalid> wrote:
Hello to the list, i need help in setting up logfile monitoring with xymonpsclient. My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30. In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column. After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile. In addition tot hat, the msgs column didn?t change to red state. Here?s the part of my client-local.cfg: [win10client1] log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600 And here the part of my analysis.cfg: HOST=win10client1 LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to are displayed in the msgs column of win10client1. Any idea what i?m doing wrong? Or do i understand any basics the wrong way? Regards Christian
list Becker Christian
Jeremy, Sorry for writing it a bit weird. As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content. The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it. Now i have configured as described by you by enclosing the pattern in quotes: LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile. * Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.). Regards and thanks Christian
▸
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid>
Cc: xymon at xymon.com
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0>; COLOR=RED
▸
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0>; COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826283696&sdata=C%2FrRN9NdzIR1Vk9UNKVWmD6AySz8TX5gzTDYiIM706c%3D&reserved=0>; are displayed in the msgs column of win10client1.
▸
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
list Zak Beck
Hi I?m a bit concerned about the space in your log file name ? if you look at the analysis.cfg man page<https://xymon.com/help/manpages/man5/analysis.cfg.5.html>;, the space is a separator between filename and pattern. Could you try surrounding your filename with quotes too? Thanks Zak From: Xymon <xymon-bounces at xymon.com> On Behalf Of Becker Christian Sent: 19 August 2020 08:27 To: Jeremy Laidman <user-0608abae5e7c@xymon.invalid> Cc: xymon at xymon.com Subject: [External] Re: [Xymon] xymonpsclient (application) logfile monitoring This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
▸
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.).
Regards and thanks
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid<mailto:user-0608abae5e7c@xymon.invalid>>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://urldefense.proofpoint.com/v2/url?u=https-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826273741-26sdata-3DH1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE-253D-26reserved-3D0&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw&s=9kFUYjAlXmCCYlxnax7dfxZxUaQdEOQhLJtWl8yZ1ro&e=>; COLOR=RED
▸
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://urldefense.proofpoint.com/v2/url?u=https-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826273741-26sdata-3DH1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE-253D-26reserved-3D0&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw&s=9kFUYjAlXmCCYlxnax7dfxZxUaQdEOQhLJtWl8yZ1ro&e=>; COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://urldefense.proofpoint.com/v2/url?u=https-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826283696-26sdata-3DC-252FrRN9NdzIR1Vk9UNKVWmD6AySz8TX5gzTDYiIM706c-253D-26reserved-3D0&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw&s=CLN-OR5es5VqC29-Bc3z4lyNr_unUePYbij3mxRom2U&e=>; are displayed in the msgs column of win10client1.
▸
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
Xymon at xymon.com<https://urldefense.proofpoint.com/v2/url?u=https-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Flists.xymon.com-252Fmailman-252Flistinfo-252Fxymon-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826283696-26sdata-3DJdJoBZV2MI5-252B7Bm8YC0a8k4zxfCKpBlF-252FldnZOyZTKE-253D-26reserved-3D0&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw&s=4hek2pxRQAnXbkWCOcqmauWzpuv9vhHm9Rm7jFQWdys&e=>; This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Jeremy Laidman
Christian I don't think it matters that the pattern is not at the start of the line. However, I don't think you can have spaces in the filename. Instead you should wrap it on double quotes. Perhaps try this: LOG "C:\Program Files\PATH-TO-LOGFILE\filename.log" "Unable to cancel connection to" COLOR=RED The fact that you're getting the correct filename in the status page suggests that the clientlocal.cfg configuration is correct. So is just a matter of tweaking the analysis.cfg entry. I have to admit that I don't use the psclient so I don't have much experience to offer. Cheers Jeremy On Wed, 19 Aug 2020, 17:27 Becker Christian, <
▸
user-e4a19bfb94c0@xymon.invalid> wrote:
Jeremy, Sorry for writing it a bit weird. As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content. The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it. Now i have configured as described by you by enclosing the pattern in quotes: LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile. - Does it matter, that the pattern is *NOT* at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.). Regards and thanks Christian *Von:* Jeremy Laidman <user-0608abae5e7c@xymon.invalid> *Gesendet:* Donnerstag, 13. August 2020 01:43 *An:* Becker Christian <user-e4a19bfb94c0@xymon.invalid> *Cc:* xymon at xymon.com *Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring Hi Christian Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes). The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want: LOG C:\Program Files\PATH-TO-LOGFILE\filename.log % Unable.to.cancel.connection.to
<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0>;
▸
COLOR=RED
If the reason for the regexp is only to match spaces, because you don't
want the words in the pattern to be treated as different LOG keywords, then
you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel
connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <
user-e4a19bfb94c0@xymon.invalid> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting
to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to
monitor, and an amount of time later, the logfile shows up in the msgs
column.
After that i configured analysis.cfg to look for a specific pattern in
this logfile, it seems to me that only the appearance of this pattern is
displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0>;
▸
COLOR=RED
With this setup it seems to me that only lines containing this pattern
Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826283696&sdata=C%2FrRN9NdzIR1Vk9UNKVWmD6AySz8TX5gzTDYiIM706c%3D&reserved=0>;
▸
are displayed in the msgs column of win10client1.
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=user-b9c78497733f@xymon.invalid%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826283696&sdata=JdJoBZV2MI5%2B7Bm8YC0a8k4zxfCKpBlF%2FldnZOyZTKE%3D&reserved=0>;
list Becker Christian
Hi, oh yes ? that?s a thing that i?ve totally disregarded. However, i cannot get any content of the logfile into the msgs column, even if i surround the filename with quotes. Regards
▸
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid>
Gesendet: Mittwoch, 19. August 2020 14:50
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid>
Cc: xymon at xymon.com
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Christian
I don't think it matters that the pattern is not at the start of the line.
However, I don't think you can have spaces in the filename. Instead you should wrap it on double quotes. Perhaps try this:
LOG "C:\Program Files\PATH-TO-LOGFILE\filename.log" "Unable to cancel connection to" COLOR=RED
The fact that you're getting the correct filename in the status page suggests that the clientlocal.cfg configuration is correct. So is just a matter of tweaking the analysis.cfg entry.
I have to admit that I don't use the psclient so I don't have much experience to offer.
Cheers
Jeremy
On Wed, 19 Aug 2020, 17:27 Becker Christian, <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.).
Regards and thanks
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid<mailto:user-0608abae5e7c@xymon.invalid>>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309873011&sdata=GPlm7p8nvbI1ahA%2B8cBrndU1Z3HSsAzJS3JYyxp42J0%3D&reserved=0>; COLOR=RED
▸
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>; COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>; are displayed in the msgs column of win10client1.
▸
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
list Becker Christian
▸
Hi, oh yes ? that?s a thing that i?ve totally disregarded. However, i cannot get any content of the logfile into the msgs column, even if i surround the filename with quotes. Regards Christian
▸
Von: Beck, Zak <user-aada0fa38bf8@xymon.invalid>
Gesendet: Mittwoch, 19. August 2020 14:49
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid>; Jeremy Laidman <user-0608abae5e7c@xymon.invalid>
Cc: xymon at xymon.com
Betreff: RE: [Xymon] xymonpsclient (application) logfile monitoring
Hi
I?m a bit concerned about the space in your log file name ? if you look at the analysis.cfg man page<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxymon.com%2Fhelp%2Fmanpages%2Fman5%2Fanalysis.cfg.5.html&data=user-b9c78497733f@xymon.invalid%7C7d3a890d567d4080c43408d8443e3249%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334381209431700&sdata=CGl5QymBE%2BmlqijxBM%2FCLpmWYY1pziV1l5cB7qM9xS4%3D&reserved=0>;, the space is a separator between filename and pattern.
▸
Could you try surrounding your filename with quotes too?
Thanks
Zak
From: Xymon <xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> On Behalf Of Becker Christian
Sent: 19 August 2020 08:27
To: Jeremy Laidman <user-0608abae5e7c@xymon.invalid<mailto:user-0608abae5e7c@xymon.invalid>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: [External] Re: [Xymon] xymonpsclient (application) logfile monitoring
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.).
Regards and thanks
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid<mailto:user-0608abae5e7c@xymon.invalid>>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826273741-26sdata-3DH1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU%26r%3DS-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI%26m%3D_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw%26s%3D9kFUYjAlXmCCYlxnax7dfxZxUaQdEOQhLJtWl8yZ1ro%26e%3D&data=user-b9c78497733f@xymon.invalid%7C7d3a890d567d4080c43408d8443e3249%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334381209431700&sdata=JlR0PNU1sVHhZA9emtKV1EPbuSCzN56X3zwi0fYJnsk%3D&reserved=0>; COLOR=RED
▸
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826273741-26sdata-3DH1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU%26r%3DS-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI%26m%3D_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw%26s%3D9kFUYjAlXmCCYlxnax7dfxZxUaQdEOQhLJtWl8yZ1ro%26e%3D&data=user-b9c78497733f@xymon.invalid%7C7d3a890d567d4080c43408d8443e3249%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334381209441694&sdata=DIgIWrx2fVnwliF7xj6h%2BD6geKI%2BlEIzYE54xqJHldI%3D&reserved=0>; COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Funable.to.cancel.connection.to-252F-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826283696-26sdata-3DC-252FrRN9NdzIR1Vk9UNKVWmD6AySz8TX5gzTDYiIM706c-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU%26r%3DS-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI%26m%3D_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw%26s%3DCLN-OR5es5VqC29-Bc3z4lyNr_unUePYbij3mxRom2U%26e%3D&data=user-b9c78497733f@xymon.invalid%7C7d3a890d567d4080c43408d8443e3249%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334381209441694&sdata=t6NTYshjvtI1SIHqLG3bzggbsb9ziWL3JS2A8yQSWn4%3D&reserved=0>; are displayed in the msgs column of win10client1.
▸
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
Xymon at xymon.com<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__eur03.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Flists.xymon.com-252Fmailman-252Flistinfo-252Fxymon-26data-3D02-257C01-257Cchristian.becker-2540rhein-2Dzeitung.net-257C40afbdde9df94afee73708d83f1971c1-257C4fed923898bc4f3b96450b99f4d1b669-257C0-257C0-257C637328725826283696-26sdata-3DJdJoBZV2MI5-252B7Bm8YC0a8k4zxfCKpBlF-252FldnZOyZTKE-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DeIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU%26r%3DS-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI%26m%3D_c36kEJR6dLnD3UjF0N6O5RhkmIJ_fOPzbiONKHFpNw%26s%3D4hek2pxRQAnXbkWCOcqmauWzpuv9vhHm9Rm7jFQWdys%26e%3D&data=user-b9c78497733f@xymon.invalid%7C7d3a890d567d4080c43408d8443e3249%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334381209451693&sdata=5CToVuGVhP6zUBJVG4GBp1zHQZLUwnco4RiE4hZUIRw%3D&reserved=0>; This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com<http://www.accenture.com>;
list Andy Smith
Hi, Just to set expectations, even when you get the REGEX sorted, the lines appearing in the msgs column will only ever be from the last portion of the logfile, on a volatile log this will be a maximum of the last 30 minutes but may be even shorter.? Hence the duration of any alerts in the msgs column may be as little as 5 minutes and I have lost count of the number of times support complained that they got called out by operations but when they checked Xymon it was all green.? I have in the past needed to create a customised extension to collect (and present) the data that people wanted to be able to see (in the Xymon page without visiting each client individually).? Fortunately, managing such extensions centrally is easy with winpsclient. -- Andy
▸
On 20/08/2020 12:39, Becker Christian wrote:Hi, oh yes ? that?s a thing that i?ve totally disregarded. However, i cannot get any content of the logfile into the msgs column, even if i surround the filename with quotes. Regards Christian *Von:* Jeremy Laidman <user-0608abae5e7c@xymon.invalid> *Gesendet:* Mittwoch, 19. August 2020 14:50 *An:* Becker Christian <user-e4a19bfb94c0@xymon.invalid> *Cc:* xymon at xymon.com *Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring Christian I don't think it matters that the pattern is not at the start of the line. However, I don't think you can have spaces in the filename. Instead you should wrap it on double quotes. Perhaps try this:
LOG?"C:\Program Files\PATH-TO-LOGFILE\filename.log"?"Unable to cancel
▸
connection to" COLOR=RED
The fact that you're getting the correct filename in the status page
suggests that the clientlocal.cfg configuration is correct. So is just
a matter of tweaking the analysis.cfg entry.
I have to admit that I don't use the psclient so I don't have much
experience to offer.
Cheers
Jeremy
On Wed, 19 Aug 2020, 17:27 Becker Christian,
<user-e4a19bfb94c0@xymon.invalid
<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and
analysis.cfg, it shows up a couple of minutes later in the msgs
column showing the name oft he logfile only, not it?s content.
The upper line says No entries in C:\Program
Files\PATH-TO-LOGFILE\filename.log, the second line says Full log
C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.
Now i have configured as described by you by enclosing the pattern
in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular
basis?) the appropriate line shows up below the line Full log
C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays
green, but the pattern is present more than 50 times and it is
actually written into the logfile.
* Does it matter, that the pattern is *NOT* at the beginning of
the line of the logfile?? (There are time stamps before the
pattern and return codes after it?.).
Regards and thanks
Christian
*Von:* Jeremy Laidman <user-0608abae5e7c@xymon.invalid
*Gesendet:* Donnerstag, 13. August 2020 01:43
*An:* Becker Christian <user-e4a19bfb94c0@xymon.invalid
*Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
*Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what?you mean. "It seems to me
▸
that ..." - does that mean: "From reading the docs, it seems to me
that expected behaviour is..." or: "After the configuration
changes, it seems to me that actual behaviour is...". It's my
understanding that adding a LOG entry in analysis.cfg is for
determining which log lines trigger an alert condition (eg red or
yellow), but the rest of the log status page is the same - that
is, it contains all of the log lines from the logfile since the
last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use
of dots in the pattern suggest that you're expecting it to be a
regular expression. However, you haven't prefixed it with "%" to
tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
%Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309873011&sdata=GPlm7p8nvbI1ahA%2B8cBrndU1Z3HSsAzJS3JYyxp42J0%3D&reserved=0>;
▸
COLOR=RED
If the reason for the regexp is only to match spaces, because you
don't want the words in the pattern to be treated as different LOG
keywords, then you might find it easier to just enclose the
pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian
<user-e4a19bfb94c0@xymon.invalid
<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient
v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i
want to monitor, and an amount of time later, the logfile
shows up in the msgs column.
After that i configured analysis.cfg to look for a specific
pattern in this logfile, it seems to me that only the
appearance of this pattern is displayed in the msgs column,
but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>;
▸
COLOR=RED
With this setup it seems to me that only lines containing this
pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>;
▸
are displayed in the msgs column of win10client1.
Any idea what i?m doing wrong? Or do i understand any basics
the wrong way?
Regards
Christian
<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=user-b9c78497733f@xymon.invalid%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309893002&sdata=idH7gPh5oRQRr3%2BEFt%2B4dfDEel5MxHYPZRPQrEcCES4%3D&reserved=0>;
list Becker Christian
Guys, a lot of time has passed where i have been busy with other things, but today i came back and spent some time with this issue. I got it managed to get the contents of a logfile displayed in the msgs column AND i got it managed to detect keywords in the column. The thing is that the name of the logfile must be surrounded with quotes in analysis.cfg (if the path / and / or the filename contains white spaces - not MY findings - thank you Jeremy and Zak!). Further, the keywords that should be detected must be surrounded by quotes as well. In client-local.cfg i didn?t use quotes. Probably that was the clue: in client-local.cfg i didn?t need to use quotes but in analysis.cfg. After playing around with the logfile and waiting minutes over minutes i got the result. Thanks to the list and stay healthy! Regards Christian
▸
Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Andy Smith
Gesendet: Donnerstag, 20. August 2020 20:14
An: xymon at xymon.com
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi,
Just to set expectations, even when you get the REGEX sorted, the lines appearing in the msgs column will only ever be from the last portion of the logfile, on a volatile log this will be a maximum of the last 30 minutes but may be even shorter. Hence the duration of any alerts in the msgs column may be as little as 5 minutes and I have lost count of the number of times support complained that they got called out by operations but when they checked Xymon it was all green. I have in the past needed to create a customised extension to collect (and present) the data that people wanted to be able to see (in the Xymon page without visiting each client individually). Fortunately, managing such extensions centrally is easy with winpsclient.
--
Andy
On 20/08/2020 12:39, Becker Christian wrote:
Hi,
oh yes ? that?s a thing that i?ve totally disregarded.
However, i cannot get any content of the logfile into the msgs column, even if i surround the filename with quotes.
Regards
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid><mailto:user-0608abae5e7c@xymon.invalid>
Gesendet: Mittwoch, 19. August 2020 14:50
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid><mailto:user-e4a19bfb94c0@xymon.invalid>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Christian
I don't think it matters that the pattern is not at the start of the line.
However, I don't think you can have spaces in the filename. Instead you should wrap it on double quotes. Perhaps try this:
LOG "C:\Program Files\PATH-TO-LOGFILE\filename.log" "Unable to cancel connection to" COLOR=RED
The fact that you're getting the correct filename in the status page suggests that the clientlocal.cfg configuration is correct. So is just a matter of tweaking the analysis.cfg entry.
I have to admit that I don't use the psclient so I don't have much experience to offer.
Cheers
Jeremy
On Wed, 19 Aug 2020, 17:27 Becker Christian, <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it?s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that?s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis?) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it?.).
Regards and thanks
Christian
Von: Jeremy Laidman <user-0608abae5e7c@xymon.invalid<mailto:user-0608abae5e7c@xymon.invalid>>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751151059&sdata=TxXQRUqpK8MEfo%2BebrmCvX3ZbQygGoiuma7e6lMthNo%3D&reserved=0>; COLOR=RED
▸
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <user-e4a19bfb94c0@xymon.invalid<mailto:user-e4a19bfb94c0@xymon.invalid>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn?t change to red state.
Here?s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751151059&sdata=TxXQRUqpK8MEfo%2BebrmCvX3ZbQygGoiuma7e6lMthNo%3D&reserved=0>; COLOR=RED With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=user-b9c78497733f@xymon.invalid%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751161022&sdata=3lXJInPQjf%2F5J9b%2FVMiY2%2Fn5Nkt39c54qvHR5S6XO0E%3D&reserved=0>; are displayed in the msgs column of win10client1.
▸
Any idea what i?m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
Xymon at xymon.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=user-b9c78497733f@xymon.invalid%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751161022&sdata=hwv7dVeNw4U0PhpK8NT8J%2BQLpfgpzzpe8TLrfMFCRtE%3D&reserved=0>;