[Xymon] Feature request for log test

David Baldwin david.baldwin at ausport.gov.au
Tue May 10 01:48:00 CEST 2011


Johan,
>
> Hi.
>
> We have a syslog server which receives logs from a number of servers
> and network devices.
>
> Currently we use the log test in Xymon to check for errors in these
> logs, and it works fine. But it is a little blunt since all log test
> end up in the same msgs test. It could also be a problem if we get an
> error in one log file, and need to ack or disable the test. In this
> case we would not get any alert if there were errors in one of the
> other logs.
>
> It would have been nice if you could add a client definition to a
> logfile test in analysis.conf, and report each log file as the device
> which is originates from. Or maybe as a separate syslog test to
> distinguish it from the msgs test.
>
> This way we could also set up individual alerts for the different
> logged devices.
>
> I could, of course, write a client- or serverside script for this, but
> I always find it difficult to do good log monitoring scripts and it
> would be nice to be able to use the logic already in Xymon
>
>  
>
> What do you think? Would anyone else be interested in this feature? I
> also have no idea how much work it would be.
>
>  
>
I have also been looking at this same problem just recently.

My log structure is keyed by IP address with daily files - e.g.
/var/log/rsyslog/IP/messages-YYYMMDD - how the files are set up would
need to be accommodated.

I've thought of 2 approaches:
* writing a utility from scratch to examine the log files - however this
then requires all the message rules to be reimplemented rather than
using analysis.cfg
* writing a utility that uses 'logfetch' (xymon client utility) to grab
relevant section of logfile and then send a client message (still need
to work out what class and other details to include in the header) on
behalf of the device which contains [msgs:/var/log/messages] section for
the log file. With this approach, if the client has no other client
message reporting we're OK, but if not, I'm not sure if it will cause
problems also. Mostly I'd be looking at this for switches/firewalls/etc
so no direct client report in place.

David.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au          Leverrier Street Bruce ACT 2617


-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20110510/2fd0ae77/attachment.html>


More information about the Xymon mailing list