[hobbit] Problems with MSG filter

Matthew Moldvan mmoldvan at csc.com
Thu Jan 7 22:44:41 CET 2010


A quick thought: the disk regular expressions start with "%^", whereas 
your HOST and LOG portions are missing the caret (^).  That might be a 
first step...

Hope that helps,
Matt.

Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems
38500 Mound Rd.
Sterling Heights, MI.  48310
Desk: (586) 825-8294
Oracle IM: moldvanm

This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to 
any order or other contract unless pursuant to explicit written agreement 
or government initiative expressly permitting the use of e-mail for such 
purpose.





[hobbit] Problems with MSG filter

thorsten.erdmann 
to:
hobbit
01/07/2010 02:26 AM

Please respond to hobbit







Hi

I have some problems filtering entries from the msg test. I have several 
hosts, running SuSE which often produce the following messages in 
/var/log/messages:

Jan  7 08:09:22 s068c320 ntpd[4944]: kernel time sync error 0001

The hosts are named s068c320, s068c321, s068c322, ...

So I made the following entries in the hobbit-clients.cfg on the 
Hobbitserver, to filter out these messages:

HOST=%s068c32*
        LOG     %.* %(fatal|error)   COLOR=red   IGNORE=ntpd

It does not work. The messages come up as an error anyway.
Here is my whole hobbit-clients.cfg



HOST=s068310i
        DISK    %^/platform.*  IGNORE

HOST=s068310b
        DISK    %^/platform.*  IGNORE

HOST=s068a300
        LOG     %.* %(fatal|error)   COLOR=red 
IGNORE=%(smb_proc_readdir_long|peer)
        LOG     %.* warning          COLOR=yellow
#        DISK    * 10 15

HOST=s068c327
        DISK    /mnt           IGNORE

HOST=%s068c32*
        LOG     %.* %(fatal|error)   COLOR=red   IGNORE=ntpd

HOST=s068c320,s068c321,s068c322
        PROC    "lmgrd -c" 1 1
        PROC    "pam_lmd" 1 1

DEFAULT
        # These are the built-in defaults.
        UP      1h
        LOAD    5.0 10.0
        DISK    * 90 95
        DISK    /media/cdrom 101 101
        MEMPHYS 100 101
        MEMSWAP 50 80
        MEMACT  90 97

        LOG     %.* %(fatal|error)   COLOR=red 
IGNORE=%(read_socket_data|peer)
        LOG     %.* warning          COLOR=yellow

What's wrong there?
BTW: the smb_proc_readdir_log filter also does not work.

Thank you
Thorsten Erdmann

If you are not the intended addressee, please inform us immediately that 
you have received this e-mail in error, and delete it. We thank you for 
your cooperation. 
This is an e-mail from General Dynamics Land Systems. It is for the 
intended recipient only and may contain confidential and privileged 
information. No one else may read, print, store, copy, forward or act in 
reliance on it or its attachments. If you are not the intended recipient, 
please return this message to the sender and delete the message and any 
attachments from your computer. Your cooperation is appreciated. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100107/1dec3363/attachment.html>


More information about the Xymon mailing list