[Xymon] Monitoring logfiles with changing names on a linux client

Tue Jun 14 15:04:15 CEST 2016

Hey Jeremy,

brilliant!

I decided to go with a mix of option 1 and option2.

This is what I’ve put in client-local.cfg:
log:`ls /path/to/log/Log.File_ABC*.log| grep $(date +%Y%m%d)`:10240

Now i’m getting 6 logfiles in the msgs column -> great!

This is what I’ve put in analysis.cfg for the specific linux client:
LOG     %/path/to/log/Log.File_ABC*.log ERROR COLOR=red

However, this does NOT let the msgs column go red, although the files do contain the keyword ERROR, exactly matching the case. And I can see those keywords on the msgs page as well.
What is going wrong here now?

P.S.: I didn’t read the hint in localclient.cfg saying that this file isn’t needed by default…..

Regards
Christian

Christian Becker
IT-Services

Christian.Becker at rhein-zeitung.net<mailto:Christian.Becker at rhein-zeitung.net>
_________________________________
Mittelrhein-Verlag GmbH
August-Horch-Straße 28
D-56070 Koblenz
Verleger und Geschäftsführer: Walterpeter Twer
Reg.-Gericht Koblenz HRB 121
Finanzamt Koblenz Str.Nr. 22 65 10 285 2
www.rhein-zeitung.de<http://www.rhein-zeitung.de/>

Von: Jeremy Laidman [mailto:jlaidman at rebel-it.com.au]
Gesendet: Dienstag, 14. Juni 2016 13:36
An: Becker Christian <christian.becker at rhein-zeitung.net>
Cc: xymon at xymon.com
Betreff: Re: [Xymon] Monitoring logfiles with changing names on a linux client

On 14 June 2016 at 20:48, Becker Christian <christian.becker at rhein-zeitung.net<mailto:christian.becker at rhein-zeitung.net>> wrote:

What I have:
I have a linux client with xymon agents up and running, reporting his data to the Xymon server -> this is working fine.
This linux client serves an application that creates 6 new different logfiles every day -> that’s my problem.
The names of the lofgiles are like this: Log.File_ABC#_YYYYMMDD_######.log
The first # in the name could be numbers fom 1 to 6.
YYYYMMDD is the actual day date, like 20160414.
The ###### block is another numeric identifier, like 050601 or similar, which also changes every day, but not following any rule.

I believe this is exactly the sort of thing the backticks were designed for.

What I want:
My goal is to check those logiles for the keyword ERROR and let Xymon go red if this keyword occurs.
What I’m looking for is the necessary config on both the client (in localclient.cfg) and the xymon server (in client-local.cfg and analysis.cfg) using regexp.

Nothing is required on the client.  localclient.cfg is not used if you're using centralised configuration.  Specifically, the comment at the top of localclient.cfg says "By default ... In that case, THIS FILE IS NOT USED and you should IGNORE it."  It's not 100% clear, but essentially, if you use centralised configuration, you don't use localclient.cfg on the client, and instead use client-local.cfg/analysis.cfg on the server.

I’m thinking about something like this to have in the linux client’s localclient.cfg:
LOG `ls -1 Log.File_ABC*_`date +%Y%m%d\`_*.log`
But I’m not sure about the syntax here.

That won't work due to the nested backticks.  You can have only one pair of backticks.

Also, you need a colon between LOG and the rest.  The very first example at the top of client-local.cfg shows:

log:FILENAME:MAXDATA

I don't think the MAXDATA is optional.

There are several ways to do what you want, by avoiding the backticks.

Option 1: Use a bash-ism, such as $(cmd) in place of `cmd`, like so:

log:`ls -1 /path/to/Log.File_ABC*_$(date +%Y%m%d)_*.log`:10240

Option 2: Use a more inclusive wildcard match, and list the newest 6 files that match:

log:`ls -1t /path/to/Log.File_ABC*_*.log | head -6`:10240

Option 3: Use a script on the client to show the files:

log:`/usr/local/bin/show-the-files`:10240

Then in show-the-files, do whatever fancing file matching, testing, excluding, etc.  You can use this to show the last 6 files by date, but exclude files that are empty.  You can also construct the file matching string using the date, without it interfering with the backticks in the "log:" line.

#!/bin/sh
DATE=`date +%Y%m%d`
MATCH="Log.File_ABC[1-6]_$DATE_??????.log"
LOGDIR=/path/to/log

COUNT=0
for FILE in `ls -1t $LOGDIR/$MATCH`; do
    [ -s $FILE ] || continue # skip empty files
    echo $FILE
    let COUNT=$COUNT+1
    [ $COUNT -eq 6 ] && break
done

J

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160614/764501d4/attachment.html>