Ignore and trigger in client-local.cfg 🔗 link

Hi!

I'm trying to get ignores and triggers to work in client-local.cfg, but can't get it to work. The background is that we have an important log which is extremely active and we are currently missing entries due to this. Rather than setting a huge value for the amount of bytes to send to Xymon (log:filename:size), I want to apply a ignore/trigger combo instead to filter out the noise before sending the log to Xymon.

The man page is not very descriptive of the possibilities, it just states:

#   "ignore EXPRESSION"
#       Must follow a "log:..." entry. Lines matching the
#       regular EXPRESSION are not sent to the Xymon server.
#   "trigger EXPRESSION"
#       Must follow a "log:..." entry. Lines matching the
#       regular EXPRESSION are always sent to the Xymon server.
#       Use this for extremely critical errors that must be
#       reported.

First, is it at all possible to specify a trigger on things we want to pick up, and discard everything else with a "catch all" ignore expression?

The logic is like this (but I need help with the syntax):

[host1]
log:/var/log/host1.log:102400
trigger this|that|stuff
ignore everything

Regards,

Johan Karlsson

Den 29-01-2014 13:36, Johan Karlsson skrev:

I thought so, but looking at the code I can see that the 'ignore' lines are processed first. So you have to setup your ignore-lines so they won't discard the important data.

But if you list the trigger patterns, then those should always be included in the log data - unless they are also matched by 'ignore'. So you could get away without any 'ignore' patterns, and just the 'trigger' patterns to make sure you do get those important lines.


Regards,
Henrik

Thanks for the clarification! Then I'll simply only use triggers :)

Regards,

Johan