[Xymon] Log/file monitoring based on occurrence?

Mike Burger mburger at bubbanfriends.org
Thu Jan 10 14:19:30 CET 2013


That's what I figured, after having looked at the analysis.cfg man page
multiple times.

If I want to do this, then, I'm going to have to script something to
analyze X amount of time and do something if it sees occurrences>=Y and
then feed that to Xymon somehow.

Thanks.
-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1


> You will need tell client-local.cfg which log to gather data from.
> While you can't specify in the last Y amount of time, you can specify Y
> amount of data.  So if you know your log file writes about 1000 bytes
> per hour... and you want to look back 4 hours, you would specify in
> client-local.cfg "log:/var/log/mylogfile:4000"  This will return the
> most recent 4000 bytes worth of data to Xymon.
>
> Your next step is to configure analysis.cfg to tell xymon how to report
> on that data. If you want xymon to alert if it sees the word "ERROR",
> your analysis.cfg would have a line in it "LOG /var/log/mylogfile %ERROR"
>
> Look at the analysis.cfg and client-local.cfg man pages for information
> on the LOG check.
>
> Michael Beatty
> Sherwin-Williams
> IT Analyst/Developer
> michael.beatty at sherwin.com
> 216-515-7374
>
> On 01/09/2013 03:50 PM, Mike Burger wrote:
>> I've got a situation at work where we're being tasked with monitoring
>> failed logins. We've got logging and audit file creation in place...what
>> I'm looking for is whether or not there's a way to have Xymon monitor
>> those logs/files to look for X entries/occurrences within Y amount of
>> time.
>>
>> The requirement is to try to do as much as this programatically as
>> possible without having to resort to scripting or other measures that
>> may
>> be easily countered by a system admin.
>>
>> Thanks.
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>




More information about the Xymon mailing list