Help with ignoring certain syslog messages. 🔗 link

I'm trying to turn the messages test red when "NOTICE" is in a syslog message, but not when "Charged or "Backup initiated" is also present in the message.  The config I'm using does ignore the "Backup initiated" messages, but not the "Charged" ones.  Can someone give me some hints on how to can handle this situation?
Here is the message I'm trying to ignore: "Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010) {Unique ID#: 09ecee}"
In hobbit-clients.cfg I have this:  LOG %.* NOTICE COLOR=red "IGNORE=%(Charged|Backup initiated)"
When I run "hobbitd_client --test" to test the config, it shows that message would report as green.
# hobbitd_client --testHostname (.=end, ?=dump, !=reload) []: sycamore.example.comHosttype []: SunOSTest (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010)     log line: Log status is green
Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 10 22:36:17 sycamore vmtape: [ID 428768 kern.notice] Backup initiated: Compression(none)Encryption(none)log line: Log status is green
Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: NOTICE: testing noticelog line: Log status is red
&red NOTICE: testing notice

Thanks,
Jason
 
<img src="http://www.bigstring.com/refer.php?img=68"; width="1" height="1">Start making money with PeopleString!

Hi

I want to filter some messages from a specific server's message log. So I built a special rule in hobbit-clients.cfg to filter that message, but it is ignored. It seems Hobbit preferres the DEFAULT section. If I uncomment the DEFAULT LOG rule my special rule is used and the message is filtered.

So how can I have a default rule including some IGNORE clauses which is used for all my servers and an additional set of rule specific to one or more servers.

Here is my hobbit-client.cfg. The rule I currently playing with is marked with (***), it's the host s068c326. If I comment out the last two lines it works, if not the message "ntpd error" is detected as error.

HOST=s068310i
        DISK    %^/platform.*  IGNORE

HOST=s068310b
        DISK    %^/platform.*  IGNORE

HOST=s068a300
        LOG     %.* %(fatal|error)   COLOR=red IGNORE=%(smb_proc_readdir_long|peer)
        LOG     %.* warning          COLOR=yellow
#        DISK    * 10 15

HOST=s068c327
        DISK    /mnt           IGNORE

#HOST=%s068c32.*
HOST=s068c326
#HOST=s068c320,s068c321,s068c322,s068c323,s068c324,s068c325,s068c326,s068c327
        LOG     %.* %(fatal|error)   IGNORE=%ntpd  COLOR=red     #(***)

HOST=s068c320,s068c321,s068c322
        PROC    "lmgrd -c" 1 1
        PROC    "pam_lmd" 1 1

DEFAULT
        # These are the built-in defaults.
        UP      1h
        LOAD    5.0 10.0
        DISK    * 90 95
        DISK    /media/cdrom 101 101
        MEMPHYS 100 101
        MEMSWAP 50 80
        MEMACT  90 97

        LOG     %.* %(fatal|error)   COLOR=red IGNORE=%(read_socket_data|peer)
        LOG     %.* warning          COLOR=yellow IGNORE=40960


Thank you for help

Thorsten Erdmann


If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.