Xymon Mailing List Archive search

client-local.cfg: "ignore" ignored?

3 messages in this thread

list Dominique Frise · Sat, 13 May 2006 10:28:10 +0200 · 
Hi,

We have following config. in our server's client-local.cfg:

[mailc]
log:/var/log/messages:10240
ignore MailScanner

The /var/log/messages of the "mailc" client is filled up with lines like following that we would like to exclude totally:

May 13 06:26:41 mailc MailScanner[933]: HTML Img tag found in message 1Feli1-0004tG-Dt from user-9d44860b3330@xymon.invalid

The lines with "MailScanner" of "mailc" client (Debian 2.4.22) are never ignored. I.e. we get -yellow/red- alarms for lines with "MailScanner" tag in it.

--- some infos from the client ---
bb at mailc:~$ wc -l /var/log/messages
10790 /var/log/messages
bb at mailc:~$ grep MailScanner /var/log/messages | wc -l
10795
bb at mailc:/soft/pub/BB/hobbit/client/tmp$ cat logfetch.*
log:/var/log/messages:10240
ignore MailScanner

/var/log/messages:1306142:1281851:1252634:1227431:1200018:1156195:1115234
bb at mailc:/soft/pub/BB/hobbit/client/tmp$
---

What are we doing wrong? (client is running a snapshot of 25th april)


Dominique
UNIL - University of Lausanne
list Dominique Frise · Thu, 18 May 2006 09:28:19 +0200 ·
quoted from Dominique Frise
Dominique Frise wrote:
Hi,

We have following config. in our server's client-local.cfg:

[mailc]
log:/var/log/messages:10240
ignore MailScanner

The /var/log/messages of the "mailc" client is filled up with lines like following that we would like to exclude totally:

May 13 06:26:41 mailc MailScanner[933]: HTML Img tag found in message 1Feli1-0004tG-Dt from user-9d44860b3330@xymon.invalid

The lines with "MailScanner" of "mailc" client (Debian 2.4.22) are never ignored. I.e. we get -yellow/red- alarms for lines with "MailScanner" tag in it.

--- some infos from the client ---
bb at mailc:~$ wc -l /var/log/messages
10790 /var/log/messages
bb at mailc:~$ grep MailScanner /var/log/messages | wc -l
10795
bb at mailc:/soft/pub/BB/hobbit/client/tmp$ cat logfetch.*
log:/var/log/messages:10240
ignore MailScanner

/var/log/messages:1306142:1281851:1252634:1227431:1200018:1156195:1115234
bb at mailc:/soft/pub/BB/hobbit/client/tmp$
---

What are we doing wrong? (client is running a snapshot of 25th april)


Dominique
UNIL - University of Lausanne


After upgrading the server to the snapshot of 16 may it now works as expected :-). (client is still running snapshot of 25 april)


Dominique
UNIL - University of Lausanne
list Gary B. · Fri, 30 Jun 2006 10:36:17 -0400 · 
I'm having a similar issue myself, though I'm running the
4.2-beta-20060605version.
It seems only some of my "ignore" lines are working, depending on which
other ones I have added.

I'm trying to ignore the following types of messages:

Jun 30 10:23:51 www upsd[7860]: Connection from 127.0.0.1
Jun 30 10:23:51 www upsd[7860]: Client on 127.0.0.1 logged out

Jun 25 04:04:01 www crond(pam_unix)[15334]: session opened for user root by
(uid=0)
Jun 25 04:04:25 www crond(pam_unix)[15334]: session closed for user root

Jun 25 04:05:02 www crond(pam_unix)[15413]: session opened for user mailman
by (uid=0)
Jun 25 04:05:06 www crond(pam_unix)[15413]: session closed for user mailman

with the following "ignore" lines:

ignore upsd.*from|on.*127\.0\.0\.1
ignore session opened|closed for user mailman|root


If I remove the "ignore upsd..." line, the second one seems to work fine,
and v.v. if I remove the second one.  The log monitoring is being done on
the Hobbit server itself, so it's not a problem with client-vs-server Hobbit
versioning.

Any ideas?  Also, are quotes (" ") required around the expressions if they
contain spaces, or is everything after the keyword "ignore" treated as the
regular expression?
quoted from Dominique Frise


Dominique Frise wrote:
Hi,

We have following config. in our server's client-local.cfg:

[mailc]
log:/var/log/messages:10240
ignore MailScanner

The /var/log/messages of the "mailc" client is filled up with lines like
following that we would like to exclude totally:

May 13 06:26:41 mailc MailScanner[933]: HTML Img tag found in message
1Feli1-0004tG-Dt from user-9d44860b3330@xymon.invalid

The lines with "MailScanner" of "mailc" client (Debian 2.4.22) are never
ignored. I.e. we get -yellow/red- alarms for lines with "MailScanner"
tag in it.

--- some infos from the client ---
bb at mailc:~$ wc -l /var/log/messages
10790 /var/log/messages
bb at mailc:~$ grep MailScanner /var/log/messages | wc -l
10795
bb at mailc:/soft/pub/BB/hobbit/client/tmp$ cat logfetch.*
log:/var/log/messages:10240
ignore MailScanner


/var/log/messages:1306142:1281851:1252634:1227431:1200018:1156195:1115234
bb at mailc:/soft/pub/BB/hobbit/client/tmp$
---

What are we doing wrong? (client is running a snapshot of 25th april)


Dominique
UNIL - University of Lausanne


After upgrading the server to the snapshot of 16 may it now works as
expected
:-). (client is still running snapshot of 25 april)


Dominique
UNIL - University of Lausanne