[Xymon] Alert on Log Entry

Michael Beatty Michael.Beatty at sherwin.com
Thu Feb 7 14:04:54 CET 2013


The configuring xymon to monitor a log file is a 2 step process.  First, 
you need to tell the client which log file it needs to gather data from 
to send to the server.  Then you need to tell the server how to read the 
data.

In your case, you will put an entry in client-local.cfg to be:

[linux]  #or whatever operating system or host name this is for
    log:/home/user/log/Fail.log:10240

The above entry tell the client to gather the most recent 10240 bytes 
from Fail.log and send it to the xymon server.  You will want to read 
the client-local.cfg man page to learn more about the option "trigger" 
and "ignore" tags as these can help you optimize the message with only 
relevant data from that log file.

Xymon then receives a big chuck of the log file.  You now need to 
configure the server to read that data and analyze it.  This is done in 
analysis.cfg.  The LOG entry tells xymon how to do this.

In your case, you will put an entry in analysis.cfg to be:

LOG /home/user/log/Fail.log "Big Failure"

The above entry tells xymon to look through the client message it 
received that has data from the /home/user/log/Fail.log file then look 
to see if the string "Big Failure" in it.  If it finds it, it will send 
a red alert to the "msgs" column.

You will also want to read the analysis.cfg man page as the LOG tag has 
more options.


Michael Beatty
Sherwin-Williams
IT Analyst/Developer
michael.beatty at sherwin.com
216-515-7374

On 02/06/2013 06:06 PM, Nick Pettefar wrote:
> Hi Paul,
>
> Could you explain the last part: "Then you use msgs test not the log
> test." please?  Do you mean do something with "msgs" in the alerts.cfg
> file?  if so, what - could you give an example please?
>
> Regards,
>
> Nick Pettefar - Xymon Rookie
>
>
> On 6 February 2013 20:35, Root, Paul <Paul.Root at centurylink.com> wrote:
>> Yes,
>>          You set the log files to look at in client-local.cfg (on the server) in the proper machine type area.
>>
>>          Then you edit the analysis.cfg file with the LOG command.
>>
>>          Then you use msgs test not the log test.
>>
>> -----Original Message-----
>> From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Nick Pettefar
>> Sent: Wednesday, February 06, 2013 11:56 AM
>> To: xymon
>> Subject: [Xymon] Alert on Log Entry
>>
>> Hi, is it possible to configure the alerts.cfg file to send an e-mail if a server's particular log has a certain entry?
>>
>> I have
>>
>> HOST=server-abc-ge1
>>     MAIL NOC at blah.com SERVICE=log COLOR=red
>>
>> Can I put something like SERVICE=log:Fail.log="Big-Failure"
>>
>> Regards,
>>
>> Nick Pettefar - Xymon Rookie
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon





More information about the Xymon mailing list