PATTERN is not behaving right
list Asif Iqbal
I have a mix environment of solaris and freebsd. I want to make sure hobbit checks for /var/log/messages for freebsd servers. All these servers ".*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-*" are freebsd. However it is still looking at /var/adm/messages file for cer-apps2-*|chi-apps2-* servers. Rest of them behaving just fine. Here are the layouts. Any idea where I can look for debug? hobbit-clients.cfg ============== PAGE=apps/apps-OOR EXHOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* PROC "%/usr/local/sbin/snmpd.*snmpuser" PROC "ipmon -Ds" HOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* LOG /var/log/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%PAM|Power FILE /var/log/messages MODE=644 SIZE>0 TRACK DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK %^/cdrom/* IGNORE DISK %^/dev/lofi/* IGNORE DISK * 90 95 SWAP 50 80 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97 PROC sshd TRACK=sshd LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%SUNWsrspx|srsxfer|Explorer FILE /var/adm/messages MODE=644 SIZE>0 TRACK bb-hosts ======= page apps Apps subpage apps-OOR Apps - OOR group-compress <H3><I>OOR Apps</H3></I> 1.2.3.4 atl-apps-01.company.net # ssh 1.2.3.5 bos-apps1-01.company.net # ssh 1.2.3.6 bur-apps-01.company.net # ssh 1.2.3.7 bur-apps2-01.company.net # ssh 1.2.3.8 cer-apps1-01.company.net # ssh 1.2.3.9 cer-apps2-01.company.net # ssh 1.2.3.10 chi-apps1-01.company.net # ssh 1.2.3.11 chi-apps2-01.company.net # ssh 1.2.3.12 dal-apps1-01.company.net # ssh 1.2.3.13 dal-apps2-01.company.net # ssh 1.2.3.14 dca-apps1-01.company.net # ssh 1.2.3.15 dca-apps2-01.company.net # ssh 1.2.3.16 ewr-apps1-01.company.net # ssh 1.2.3.17 ewr-apps2-01.company.net # ssh 1.2.3.18 hgk-apps-01.company.net # ssh 1.2.3.19 hnl-apps-01.company.net # ssh 1.2.3.20 iah-apps-01.company.net # ssh 1.2.3.21 jfk-apps1-01.company.net # ssh 1.2.3.22 jfk-apps2-01.company.net # ssh 1.2.3.23 kcm-apps1-01.company.net # ssh 1.2.3.24 kcm-apps2-01.company.net # ssh 1.2.3.25 svl-apps1-01.company.net # ssh 1.2.3.26 svl-apps2-01.company.net # ssh 1.2.3.27 tko-apps-01.company.net # ssh 1.2.3.28 tpa-apps1-01.company.net # ssh 1.2.3.29 tpa-apps2-01.company.net # ssh -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
list Dominique Frise
hobbitd_client(8) is your friend for checking your rules and regexp.
--test
Starts an interactive session where you can test the
hobbit-clients.cfg configuration.
▸
Asif Iqbal wrote:I have a mix environment of solaris and freebsd. I want to make sure hobbit checks for /var/log/messages for freebsd servers. All these servers ".*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-*" are freebsd. However it is still looking at /var/adm/messages file for cer-apps2-*|chi-apps2-* servers. Rest of them behaving just fine. Here are the layouts. Any idea where I can look for debug? hobbit-clients.cfg ============== PAGE=apps/apps-OOR EXHOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* PROC "%/usr/local/sbin/snmpd.*snmpuser" PROC "ipmon -Ds" HOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* LOG /var/log/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%PAM|Power FILE /var/log/messages MODE=644 SIZE>0 TRACK DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK %^/cdrom/* IGNORE DISK %^/dev/lofi/* IGNORE DISK * 90 95 SWAP 50 80 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97 PROC sshd TRACK=sshd LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%SUNWsrspx|srsxfer|Explorer FILE /var/adm/messages MODE=644 SIZE>0 TRACK bb-hosts ======= page apps Apps subpage apps-OOR Apps - OOR group-compress <H3><I>OOR Apps</H3></I> 1.2.3.4 atl-apps-01.company.net # ssh 1.2.3.5 bos-apps1-01.company.net # ssh 1.2.3.6 bur-apps-01.company.net # ssh 1.2.3.7 bur-apps2-01.company.net # ssh 1.2.3.8 cer-apps1-01.company.net # ssh 1.2.3.9 cer-apps2-01.company.net # ssh 1.2.3.10 chi-apps1-01.company.net # ssh 1.2.3.11 chi-apps2-01.company.net # ssh 1.2.3.12 dal-apps1-01.company.net # ssh 1.2.3.13 dal-apps2-01.company.net # ssh 1.2.3.14 dca-apps1-01.company.net # ssh 1.2.3.15 dca-apps2-01.company.net # ssh 1.2.3.16 ewr-apps1-01.company.net # ssh 1.2.3.17 ewr-apps2-01.company.net # ssh 1.2.3.18 hgk-apps-01.company.net # ssh 1.2.3.19 hnl-apps-01.company.net # ssh 1.2.3.20 iah-apps-01.company.net # ssh 1.2.3.21 jfk-apps1-01.company.net # ssh 1.2.3.22 jfk-apps2-01.company.net # ssh 1.2.3.23 kcm-apps1-01.company.net # ssh 1.2.3.24 kcm-apps2-01.company.net # ssh 1.2.3.25 svl-apps1-01.company.net # ssh 1.2.3.26 svl-apps2-01.company.net # ssh 1.2.3.27 tko-apps-01.company.net # ssh 1.2.3.28 tpa-apps1-01.company.net # ssh 1.2.3.29 tpa-apps2-01.company.net # ssh
Dominique UNIL - University of Lausanne
list Asif Iqbal
▸
On 8/22/07, Dominique Frise <user-78ab6673b600@xymon.invalid> wrote:
hobbitd_client(8) is your friend for checking your rules and regexp.
--test
Starts an interactive session where you can test the
hobbit-clients.cfg configuration.There is no option to test files column. Only cpu,mem,disk,proc,log and port are the available tests unfortunately :-(
▸
Asif Iqbal wrote:I have a mix environment of solaris and freebsd. I want to make sure hobbit checks for /var/log/messages for freebsd servers. All these servers ".*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-*" are freebsd. However it is still looking at /var/adm/messages file for cer-apps2-*|chi-apps2-* servers. Rest of them behaving just fine. Here are the layouts. Any idea where I can look for debug? hobbit-clients.cfg ============== PAGE=apps/apps-OOR EXHOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* PROC "%/usr/local/sbin/snmpd.*snmpuser" PROC "ipmon -Ds" HOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* LOG /var/log/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%PAM|Power FILE /var/log/messages MODE=644 SIZE>0 TRACK DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK %^/cdrom/* IGNORE DISK %^/dev/lofi/* IGNORE DISK * 90 95 SWAP 50 80 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97 PROC sshd TRACK=sshd LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%SUNWsrspx|srsxfer|Explorer FILE /var/adm/messages MODE=644 SIZE>0 TRACK bb-hosts ======= page apps Apps subpage apps-OOR Apps - OOR group-compress <H3><I>OOR Apps</H3></I> 1.2.3.4 atl-apps-01.company.net # ssh 1.2.3.5 bos-apps1-01.company.net # ssh 1.2.3.6 bur-apps-01.company.net # ssh 1.2.3.7 bur-apps2-01.company.net # ssh 1.2.3.8 cer-apps1-01.company.net # ssh 1.2.3.9 cer-apps2-01.company.net # ssh 1.2.3.10 chi-apps1-01.company.net # ssh 1.2.3.11 chi-apps2-01.company.net # ssh 1.2.3.12 dal-apps1-01.company.net # ssh 1.2.3.13 dal-apps2-01.company.net # ssh 1.2.3.14 dca-apps1-01.company.net # ssh 1.2.3.15 dca-apps2-01.company.net # ssh 1.2.3.16 ewr-apps1-01.company.net # ssh 1.2.3.17 ewr-apps2-01.company.net # ssh 1.2.3.18 hgk-apps-01.company.net # ssh 1.2.3.19 hnl-apps-01.company.net # ssh 1.2.3.20 iah-apps-01.company.net # ssh 1.2.3.21 jfk-apps1-01.company.net # ssh 1.2.3.22 jfk-apps2-01.company.net # ssh 1.2.3.23 kcm-apps1-01.company.net # ssh 1.2.3.24 kcm-apps2-01.company.net # ssh 1.2.3.25 svl-apps1-01.company.net # ssh 1.2.3.26 svl-apps2-01.company.net # ssh 1.2.3.27 tko-apps-01.company.net # ssh 1.2.3.28 tpa-apps1-01.company.net # ssh 1.2.3.29 tpa-apps2-01.company.net # sshDominique UNIL - University of Lausanne
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
list Asif Iqbal
▸
On 8/22/07, Asif Iqbal <user-6f4b51ac2a40@xymon.invalid> wrote:
On 8/22/07, Dominique Frise <user-78ab6673b600@xymon.invalid> wrote:hobbitd_client(8) is your friend for checking your rules and regexp. --test Starts an interactive session where you can test the hobbit-clients.cfg configuration.There is no option to test files column. Only cpu,mem,disk,proc,log and port are the available tests unfortunately :-(
Well since it is not looking at /var/log/messages file I decided to test with log test (hobbit)@hobbit:~$ bbcmd hobbitd_client --test 2007-08-22 10:09:25 Using default environment file /export/home/hobbit/server/etc/hobbitserver.cfg Hostname (.=end, ?=dump, !=reload) []: cer-apps2-01.company.net Hosttype []: freebsd Test (cpu, mem, disk, proc, log, port): log log filename: /var/log/messages To read log data from a file, enter '@FILENAME' at the prompt log line: WARNING log line: Log status is red &red WARNING Hostname (.=end, ?=dump, !=reload) [cer-apps2-01.company.net]: Test (cpu, mem, disk, proc, log, port): log log filename: /var/adm/messages To read log data from a file, enter '@FILENAME' at the prompt log line: ERROR log line: Log status is red &red ERROR So from above it looks like hobbit is looking at both /var/log/messages and /var/adm/messages file for the host cer-apps2-01.company.net. So it is indeed not behaving right.
▸
Asif Iqbal wrote:I have a mix environment of solaris and freebsd. I want to make sure hobbit checks for /var/log/messages for freebsd servers. All these servers ".*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-*" are freebsd. However it is still looking at /var/adm/messages file for cer-apps2-*|chi-apps2-* servers. Rest of them behaving just fine. Here are the layouts. Any idea where I can look for debug? hobbit-clients.cfg ============== PAGE=apps/apps-OOR EXHOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* PROC "%/usr/local/sbin/snmpd.*snmpuser" PROC "ipmon -Ds" HOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* LOG /var/log/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%PAM|Power FILE /var/log/messages MODE=644 SIZE>0 TRACK DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK %^/cdrom/* IGNORE DISK %^/dev/lofi/* IGNORE DISK * 90 95 SWAP 50 80 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97 PROC sshd TRACK=sshd LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%SUNWsrspx|srsxfer|Explorer FILE /var/adm/messages MODE=644 SIZE>0 TRACK bb-hosts ======= page apps Apps subpage apps-OOR Apps - OOR group-compress <H3><I>OOR Apps</H3></I> 1.2.3.4 atl-apps-01.company.net # ssh 1.2.3.5 bos-apps1-01.company.net # ssh 1.2.3.6 bur-apps-01.company.net # ssh 1.2.3.7 bur-apps2-01.company.net # ssh 1.2.3.8 cer-apps1-01.company.net # ssh 1.2.3.9 cer-apps2-01.company.net # ssh 1.2.3.10 chi-apps1-01.company.net # ssh 1.2.3.11 chi-apps2-01.company.net # ssh 1.2.3.12 dal-apps1-01.company.net # ssh 1.2.3.13 dal-apps2-01.company.net # ssh 1.2.3.14 dca-apps1-01.company.net # ssh 1.2.3.15 dca-apps2-01.company.net # ssh 1.2.3.16 ewr-apps1-01.company.net # ssh 1.2.3.17 ewr-apps2-01.company.net # ssh 1.2.3.18 hgk-apps-01.company.net # ssh 1.2.3.19 hnl-apps-01.company.net # ssh 1.2.3.20 iah-apps-01.company.net # ssh 1.2.3.21 jfk-apps1-01.company.net # ssh 1.2.3.22 jfk-apps2-01.company.net # ssh 1.2.3.23 kcm-apps1-01.company.net # ssh 1.2.3.24 kcm-apps2-01.company.net # ssh 1.2.3.25 svl-apps1-01.company.net # ssh 1.2.3.26 svl-apps2-01.company.net # ssh 1.2.3.27 tko-apps-01.company.net # ssh 1.2.3.28 tpa-apps1-01.company.net # ssh 1.2.3.29 tpa-apps2-01.company.net # sshDominique UNIL - University of Lausanne-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
list Dominique Frise
I think this behaviour is correct. Hobbit first matches the rule for /var/log/messages according to your HOST regexp. If you specify /var/adm/messages for the log filename, it then uses the DEFAULT rule. If you have the correct definition for freebsd in client-local.cfg were only /var/log/messages should be taken into account, this should never happend. If you explicitely want to exclude hosts from the defaults, try putting an EXHOST rule under DEFAULT.
▸
Asif Iqbal wrote:On 8/22/07, Asif Iqbal <user-6f4b51ac2a40@xymon.invalid> wrote:On 8/22/07, Dominique Frise <user-78ab6673b600@xymon.invalid> wrote:hobbitd_client(8) is your friend for checking your rules and regexp. --test Starts an interactive session where you can test the hobbit-clients.cfg configuration.There is no option to test files column. Only cpu,mem,disk,proc,log and port are the available tests unfortunately :-(Well since it is not looking at /var/log/messages file I decided to test with log test (hobbit)@hobbit:~$ bbcmd hobbitd_client --test 2007-08-22 10:09:25 Using default environment file /export/home/hobbit/server/etc/hobbitserver.cfg Hostname (.=end, ?=dump, !=reload) []: cer-apps2-01.company.net Hosttype []: freebsd Test (cpu, mem, disk, proc, log, port): log log filename: /var/log/messages To read log data from a file, enter '@FILENAME' at the prompt log line: WARNING log line: Log status is red &red WARNING Hostname (.=end, ?=dump, !=reload) [cer-apps2-01.company.net]: Test (cpu, mem, disk, proc, log, port): log log filename: /var/adm/messages To read log data from a file, enter '@FILENAME' at the prompt log line: ERROR log line: Log status is red &red ERROR So from above it looks like hobbit is looking at both /var/log/messages and /var/adm/messages file for the host cer-apps2-01.company.net. So it is indeed not behaving right.Asif Iqbal wrote:I have a mix environment of solaris and freebsd. I want to make sure hobbit checks for /var/log/messages for freebsd servers. All these servers ".*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-*" are freebsd. However it is still looking at /var/adm/messages file for cer-apps2-*|chi-apps2-* servers. Rest of them behaving just fine. Here are the layouts. Any idea where I can look for debug? hobbit-clients.cfg ============== PAGE=apps/apps-OOR EXHOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* PROC "%/usr/local/sbin/snmpd.*snmpuser" PROC "ipmon -Ds" HOST=%.*-apps1-*|dca-apps2-*|jfk-apps2-*|svl-apps2-*|cer-apps2-*|chi-apps2-* LOG /var/log/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%PAM|Power FILE /var/log/messages MODE=644 SIZE>0 TRACK DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK %^/cdrom/* IGNORE DISK %^/dev/lofi/* IGNORE DISK * 90 95 SWAP 50 80 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97 PROC sshd TRACK=sshd LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR" IGNORE=%SUNWsrspx|srsxfer|Explorer FILE /var/adm/messages MODE=644 SIZE>0 TRACK bb-hosts ======= page apps Apps subpage apps-OOR Apps - OOR group-compress <H3><I>OOR Apps</H3></I> 1.2.3.4 atl-apps-01.company.net # ssh 1.2.3.5 bos-apps1-01.company.net # ssh 1.2.3.6 bur-apps-01.company.net # ssh 1.2.3.7 bur-apps2-01.company.net # ssh 1.2.3.8 cer-apps1-01.company.net # ssh 1.2.3.9 cer-apps2-01.company.net # ssh 1.2.3.10 chi-apps1-01.company.net # ssh 1.2.3.11 chi-apps2-01.company.net # ssh 1.2.3.12 dal-apps1-01.company.net # ssh 1.2.3.13 dal-apps2-01.company.net # ssh 1.2.3.14 dca-apps1-01.company.net # ssh 1.2.3.15 dca-apps2-01.company.net # ssh 1.2.3.16 ewr-apps1-01.company.net # ssh 1.2.3.17 ewr-apps2-01.company.net # ssh 1.2.3.18 hgk-apps-01.company.net # ssh 1.2.3.19 hnl-apps-01.company.net # ssh 1.2.3.20 iah-apps-01.company.net # ssh 1.2.3.21 jfk-apps1-01.company.net # ssh 1.2.3.22 jfk-apps2-01.company.net # ssh 1.2.3.23 kcm-apps1-01.company.net # ssh 1.2.3.24 kcm-apps2-01.company.net # ssh 1.2.3.25 svl-apps1-01.company.net # ssh 1.2.3.26 svl-apps2-01.company.net # ssh 1.2.3.27 tko-apps-01.company.net # ssh 1.2.3.28 tpa-apps1-01.company.net # ssh 1.2.3.29 tpa-apps2-01.company.net # sshDominique UNIL - University of Lausanne-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Dominique UNIL - University of Lausanne