<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2">
</HEAD>
<BODY>
Yes, Linux based. I will have to look into what you are doing. I am wondering if maybe a grep on the log file with the expression "WARNING" would return only those warnings. Then bump up against the timestamp to see if it is old. Beyond an hour, ignore it. This would give me the alert and then I could shut it off and it would go past the time stamp. Big Brother gave you a file to show for each machine what you were looking to alert on. <BR>
Thanks for giving me a direction to go. <BR>
<BR>
On Fri, 2006-02-03 at 08:41 -0500, Allan.Marillier@dana.com wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
<BR>
<FONT SIZE="2"><FONT COLOR="#000000">Hi Edward - I understand your frustration - I've been through the same things myself, and also initially not found the FAQ indicating that syslog monitoring is not yet supported. I believe that Henrik is making it a priority since so many of us are asking for it but there is no news yet or commitment from him on when it will be available.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>
<BR>
<FONT SIZE="2"><FONT COLOR="#000000">I searched deadcat.net and didn't find anything that looked worth using to me, but I may have missed it. One thing I have been working on, but I've had a few problems, is writing a custom extension. The extension itself is very easy to do - e.g. I have written two for my Linux servers, one to run some sql code to attach to an Oracle instance and report green if it is up or red if it is down, and another to check LAN adapter settings and turn yellow if it is not set to 100Mb full duplex. I have been working on a syslog monitor which looks at /var/log/messages, checks the inode to be sure logrotate has not run, and then uses tail to parse the last n lines. I determine n by checking how many lines are in the file with wc and recording that to a file on disk, then later come back and do the same again. If the inode is the same, and wc -l returned 1000 but now returns 1057, then I do tail -n 57 /var/log/messages | grep -i error and look for any problems.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>
<BR>
<FONT SIZE="2"><FONT COLOR="#000000">The problem I've encountered is that sometimes the inode changes. Yes, it really does and I'm not crazy, give it a try on Linux. Copy /var/log/messages, then ls -al -i the copy. Edit it with vi, even if all you do is open, then write and quit with no actual changes, and more often than not, the inode will change. I don't understand it. If I can get this working I'd be happy to share my custom extension with you - or maybe you will have some ideas on a different and more robust approach.</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>
<BR>
<FONT SIZE="2"><FONT COLOR="#000000">I'm assuming of course that you're Unix/Linux based, which is not always a good assumption!</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>
<BR>
<BR>
<BR>
<BR>
<TABLE WIDTH="100%">
<TR>
<TD WIDTH="40%">
<B><FONT SIZE="1">Edward Croft <ecroft@openratings.com></FONT></B> <BR>
<BR>
<FONT SIZE="1">02/02/2006 05:16 PM</FONT> <BR>
<TABLE>
<TR>
<TD BGCOLOR="#ffffff">
<DIV ALIGN=center><FONT SIZE="1">Please respond to</FONT></DIV><BR>
<DIV ALIGN=center><FONT SIZE="1">hobbit@hswn.dk</FONT></DIV>
</TD>
</TR>
</TABLE>
<BR>
<BR>
<BR>
<BR>
</TD>
<TD WIDTH="59%">
<TABLE WIDTH="100%">
<TR>
<TD>
<DIV ALIGN=right><FONT SIZE="1">To</FONT></DIV>
</TD>
<TD>
<FONT SIZE="1">hobbit@hswn.dk</FONT>
</TD>
</TR>
<TR>
<TD>
<DIV ALIGN=right><FONT SIZE="1">cc</FONT></DIV>
</TD>
<TD>
<BR>
</TD>
</TR>
<TR>
<TD>
<DIV ALIGN=right><FONT SIZE="1">Subject</FONT></DIV>
</TD>
<TD>
<FONT SIZE="1">Re: [hobbit] Messages file not reporting</FONT>
</TD>
</TR>
</TABLE>
<BR>
<TABLE>
<TR>
<TD>
<BR>
</TD>
<TD>
<BR>
</TD>
</TR>
</TABLE>
<BR>
<BR>
</TD>
</TR>
</TABLE>
<BR>
<BR>
<BR>
<FONT COLOR="#000000">On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote: </FONT><BR>
<BR>
<TT><FONT COLOR="#000000">Edward Croft wrote:</FONT></TT><BR>
<TT><FONT COLOR="#000000">> Why thank you. I did find the one line:</FONT></TT><BR>
<TT><FONT COLOR="#000000">> It does not currently provide any data for the system-log "msgs" column.</FONT></TT><BR>
<TT><FONT COLOR="#000000">></FONT></TT><BR>
<TT><FONT COLOR="#000000">> That is all it says. Does not currently. Sooooo when can it be </FONT></TT><BR>
<TT><FONT COLOR="#000000">> expected, if ever?</FONT></TT><BR>
<TT><FONT COLOR="#000000">> This one thing prevents me from using it as the programs that monitor </FONT></TT><BR>
<TT><FONT COLOR="#000000">> our systems</FONT></TT><BR>
<TT><FONT COLOR="#000000">> write warnings into the log file which currently gets picked up by big </FONT></TT><BR>
<TT><FONT COLOR="#000000">> brother and an</FONT></TT><BR>
<TT><FONT COLOR="#000000">> alert sent.</FONT></TT><BR>
<BR>
<BR>
<TT><FONT COLOR="#000000">You can use external script from </FONT></TT><TT><U><FONT COLOR="#0000ff"><A HREF="http://www.deadcat.net/">http://www.deadcat.net/</A></FONT></U></TT><TT><FONT COLOR="#000000">to monitor your </FONT></TT><BR>
<TT><FONT COLOR="#000000">logfiles.</FONT></TT><BR>
<BR>
<BR>
<TT><FONT COLOR="#000000">To unsubscribe from the hobbit list, send an e-mail to</FONT></TT><BR>
<U><TT><FONT COLOR="#0000ff"><A HREF="mailto:hobbit-unsubscribe@hswn.dk">hobbit-unsubscribe@hswn.dk</A></FONT></TT></U><BR>
<BR>
<BR>
<BR>
<BR>
<U><TT><FONT COLOR="#0000ff">Thank you. I appreciate your response.</FONT></TT></U><BR>
<TABLE WIDTH="100%">
<TR>
<TD WIDTH="100%">
<BR>
<TT>-- </TT><BR>
<TT>Edward M. Croft</TT><BR>
<TT>Sr. Systems Engineer</TT><BR>
<TT>Open Ratings, Inc.</TT><BR>
<TT>200 West Street</TT><BR>
<TT>Waltham, MA 02451-1121</TT><BR>
<BR>
<BR>
</TD>
</TR>
</TABLE>
<BR>
<BR>
<PRE>
<U><TT><FONT COLOR="#0000ff">********************************************************************************</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">This e-mail, and any attachments, is intended solely for use by the </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">addressee(s) named above. It may contain the confidential or </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">proprietary information of Dana Corporation, its subsidiaries, </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">affiliates or business partners. If you are not the intended recipient </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">of this e-mail or are an unauthorized recipient of the information, you </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">are hereby notified that any dissemination, distribution or copying </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">of this e-mail or any attachments, is strictly prohibited. If you have </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">received this e-mail in error, please immediately notify the sender </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">by reply e-mail and permanently delete the original and any copies </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">or printouts.</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">Computer viruses can be transmitted via email. The </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">recipient should check this e-mail and any attachments for the </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">presence of viruses. Dana Corporation accepts no liability for any </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">damage caused by any virus transmitted by this e-mail. </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">English, Francais, Espanol, Deutsch, Italiano, Portugues:</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">http://www.dana.com/overview/EmailDisclaimer.shtm</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">********************************************************************************</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">-- </FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">This message has been scanned for viruses and</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">dangerous content by</FONT></TT></U>
<B><U><TT><FONT COLOR="#0000ff"><A HREF="http://www.mailscanner.info/">MailScanner</A></FONT></TT></U></B><U><TT><FONT COLOR="#0000ff">, and is</FONT></TT></U>
<U><TT><FONT COLOR="#0000ff">believed to be clean.</FONT></TT></U>
</PRE>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
--
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
</PRE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>