[xymon] ignore certain things in a log file

Kevin Kelly kkelly at lifetouch.com
Fri Aug 27 17:50:28 CEST 2010


Having no luck in ignoring the following messages from /var/adm/messages

 

Aug 27 10:43:35 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 9/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723700,0 (ssd3):

Aug 27 10:43:36 testserver Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 9/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723700,0 (ssd3):

Aug 27 10:43:36 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 8/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723710,1 (ssd0):

Aug 27 10:43:36 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 8/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723710,1 (ssd0):

 

 

Have I tried the following:

LOG     %/var/adm/messages kern "IGNORE=%(corrupt label|wrong magic number)”

 

LOG %/var/adm/messages %kern IGNORE=%(ID 107833|corrupt label|wrong magic number)

 

LOG %/var/adm/messages %kern IGNORE=%ID 107833|corrupt label|wrong magic number

 

LOG %/var/adm/messages IGNORE=%(ID 107833|corrupt label|wrong magic number)

 

Any suggestions?

 

 

From: Matthew Moldvan [mailto:mmoldvan at csc.com] 
Sent: Thursday, August 26, 2010 11:06 AM
To: xymon at xymon.com
Subject: Re: [xymon] ignore certain things in a log file

 

I think (someone correct me if I'm wrong) you might need the line to match to first, then what you'd like to ignore afterward.  Our ignore rules, which I believe work (notice the double quotes, the ?i is case insensitive): 

        LOG /var/adm/messages \ 
                %(?i)ERROR \ 
                "IGNORE=%(?i)(nres_gethostbyaddr|simple bind failed - Invalid credentials|please upgrade FCSM|WARNING|NOTICE|fctl|FCSM|SRS Proxy|xrx8825tlh2|ImportAcsError|AcsError|File \{.*\}, error 2|No such file or directory|ViewMgr|Bad file format|Exec call for FormTek|cache_trif_image|UserQry|DESKTOP_EDMOSRV.STARTUP|Error Level: Informational|sshd.*Authentication failed for|DESKTOP_EDMOSRV.STARTUP.*local0.error|httpd.*(modsecurity|password))" 

Spaces are okay.  For any rules you'd like to test, you can use the pcretool command (available on my CentOS box, maybe not in your environment).  Syntax is as follows: 

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006 

  re> /(corrupt label|wrong magic number)/ 
data> corrupt 
No match 
data> corrupt label 
 0: corrupt label 
 1: corrupt label 
data> wrong magic number 
 0: wrong magic number 
 1: wrong magic number 

Or for a case insensitive match: 

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006 

  re> /(?i)(corrupt label|wrong magic number)/ 
data> Corrupt label 
 0: Corrupt label 
 1: Corrupt label 
data> corrupt label 
 0: corrupt label 
 1: corrupt label 
data> asdf 
No match 
data> WRONG MAGIC NUMBER 
 0: WRONG MAGIC NUMBER 
 1: WRONG MAGIC NUMBER 
data> wrong magic number 
 0: wrong magic number 
 1: wrong magic number 

Good luck, hope that helps, 
Matt. 

Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems

This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. 



From: 

"Kevin Kelly" <kkelly at lifetouch.com> 

To: 

<xymon at xymon.com> 

Date: 

08/26/2010 10:52 AM 

Subject: 

[xymon] ignore certain things in a log file

 

________________________________




Could somebody tell me why this won’t work? 
  
HOST=testserver 
        LOG     %/var/adm/messages kern "IGNORE=%(corrupt label|wrong magic number)" 
  
Trying to ignore all lines in the messages file that contain those key words. 
  
Thanks 
  
Kevin 
  


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_____________________________________________________________________
This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. 


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_____________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100827/5d4251d7/attachment.html>


More information about the Xymon mailing list