alert IGNORE
list Sidiney M. Crescencio Junior
Hello, I need to ignore a message on xymon Critical entries in /var/log/secure red -> error='' On server log: Jun 25 09:21:14 mailserver saslauthd[28318]: zmpost: url=' https://mailserver.domain.com.br:7071/service/admin/soap/'; returned buffer->data='<soap:Envelope xmlns:soap=" http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="30213"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_b4e7e2ade952b00a8028cf4e80d489c2b0138b8e_69643d33363a36666134643163352d626664302d343239352d626234302d3837306532346138336662353b6578703d31333a313430333837313637343034363b76763d313a303b747970653d363a7a696d6272613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error='' Sentinela configuration: /usr/lib/xymon/server/etc/client-local.cfg log:/var/log/secure:10240 ignore saslauthd.*\[.*\]:.* ignore .*hti.*error.* ignore .*hti.* ignore ti->error.* But even so the messages are still appearing, there is something more that should be done?
list Sidiney M. Crescencio Junior
Anyone? 2014-06-25 13:38 GMT-03:00 Sidiney M. Crescencio Junior < user-4ef59b6b779f@xymon.invalid>:
▸
Hello, I need to ignore a message on xymon Critical entries in /var/log/secure red -> error='' On server log: Jun 25 09:21:14 mailserver saslauthd[28318]: zmpost: url=' https://mailserver.domain.com.br:7071/service/admin/soap/'; returned buffer->data='<soap:Envelope xmlns:soap=" http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="30213"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_b4e7e2ade952b00a8028cf4e80d489c2b0138b8e_69643d33363a36666134643163352d626664302d343239352d626234302d3837306532346138336662353b6578703d31333a313430333837313637343034363b76763d313a303b747970653d363a7a696d6272613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error='' Sentinela configuration: /usr/lib/xymon/server/etc/client-local.cfg log:/var/log/secure:10240 ignore saslauthd.*\[.*\]:.* ignore .*hti.*error.* ignore .*hti.* ignore ti->error.* But even so the messages are still appearing, there is something more that should be done?
list Jeremy Laidman
On 26 June 2014 02:38, Sidiney M. Crescencio Junior <user-4ef59b6b779f@xymon.invalid> wrote:
I need to ignore a message on xymon
OK
Critical entries in /var/log/secure red -> error=''
Sorry, I don't know what this means.
▸
On server log: Jun 25 09:21:14 mailserver saslauthd[28318]: zmpost: url=' https://mailserver.domain.com.br:7071/service/admin/soap/'; returned buffer->data='<soap:Envelope xmlns:soap=" http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="30213"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_b4e7e2ade952b00a8028cf4e80d489c2b0138b8e_69643d33363a36666134643163352d626664302d343239352d626234302d3837306532346138336662353b6578703d31333a313430333837313637343034363b76763d313a303b747970653d363a7a696d6272613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
So you want to ignore lines like the above?
▸
Sentinela configuration: /usr/lib/xymon/server/etc/client-local.cfg log:/var/log/secure:10240 ignore saslauthd.*\[.*\]:.* ignore .*hti.*error.* ignore .*hti.* ignore ti->error.*
Any of these should work. So perhaps it's not using this configuration at all. Have a look on your client in ~xymon/tmp/ for the file logfetch.<servername>.cfg. See if it looks like the above. If not, it's probably matching another host type/name configuration section in your client-local.cfg. J