<div dir="ltr"><div><div><div><div><div><div><div><div><div>Hi all<br><br></div>My DBAs at a previous client wanted their own alert.log column for their database alerts logs.<br></div>It was really simple. I no longer have access to it, but in pseudo-code, it looked something like this.<br>
<br></div><div><span style="font-family:courier new,monospace">LOGFILES=$(grep for files to check in clientlocal) <br></span></div><div><span style="font-family:courier new,monospace">#This makes it configurable at server side<br>
</span></div><div><span style="font-family:courier new,monospace">for LOGFILE in $LOGFILES<br></span></div><div><span style="font-family:courier new,monospace">do<br></span></div><div><span style="font-family:courier new,monospace"> colour=green<br>
</span></div><div><span style="font-family:courier new,monospace"> # If this must go to a specific alert column in the display<br></span></div><span style="font-family:courier new,monospace"> column_name=$(grep $LOGFILE.colname clientlocal)<br>
</span></div><div><span style="font-family:courier new,monospace"> if [ -z $column_name ] && column_name=alt_logs<br><br></span></div><div><span style="font-family:courier new,monospace"> # the next bit makes sure we only check the last bit of the file.<br>
</span></div><div><span style="font-family:courier new,monospace"> if [ exist lengthfile.$LOGFILE ] <br></span></div><span style="font-family:courier new,monospace"> then <br></span></div><span style="font-family:courier new,monospace"> lastline=$(cat lengthfile.$LOGFILE)<br>
</span></div><span style="font-family:courier new,monospace"> else <br></span></div><span style="font-family:courier new,monospace"> lastline=0<br></span></div><span style="font-family:courier new,monospace"> fi<br>
<br></span></div><div><span style="font-family:courier new,monospace"> # get the current length of the log file<br></span></div><div><span style="font-family:courier new,monospace"> file_len=$(wc $LOGFILE)<br><br> if [ $lastline -gt $file_len ] && lastline=0 # Somebody cycled the log file<br>
<br></span></div><div><div><div><div><div><div><div><span style="font-family:courier new,monospace"> echo $file_len > lengthfile.$LOGFILE # save the length for next time we run<br><br></span></div><div><span style="font-family:courier new,monospace"> grepstringred=$(grep string_that_trigger_red_alerts.$LOGFILE clientlocal)<br>
grepstringyel=$(grep string_that_trigger_yellow_alerts.$LOGFILE clientlocal)<br></span></div><div><span style="font-family:courier new,monospace"> # The above lines makes it configurable from server side<br> tail -($file_len-$lastline)>$tmpfile </span></div>
<div><span style="font-family:courier new,monospace"> grep $grepstringred $tmpfile && colour=red<br></span></div><div><span style="font-family:courier new,monospace"> if [ $colour == green ] && grep $grepstringyel $tmpfile && colour=yellow<br>
<br></span></div><div><span style="font-family:courier new,monospace">send results and $tmpfile to server<br><br></span></div><div><span style="font-family:courier new,monospace">done</span><br></div><div> <br></div><div>
This only worked if we need one log file per column. You may have to add some logic and come up with some clever html display to put more than one file per column.<br></div><div>For our DBAs it was easy, because they wanted one column per database instance, which I gave them on their own page with some clever use of the group-except and group-only.<br>
<br></div><div>Hope it helps.<br><br></div><div>Cheers<br>Vernon<br></div><div><br></div><div>P.S. Maybe I will rewrite this properly, and pop it on xymonton in the near future. I haven't contributed anything there for some time. <br>
</div><div><br></div></div></div></div></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 25 January 2014 17:56, Andy Smith <span dir="ltr"><<a href="mailto:abs@shadymint.com" target="_blank">abs@shadymint.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Neil Simmonds wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Possibly a better way would be to stick with the single msgs column but in your analysis.cfg where you specifiy the log strings you want to alert on, you can add GROUP=<br>
<br>
<br>
i.e. LOG /applogs/was/server/SystemOut.<u></u>log "java.lang.OutOfMemoryError" COLOR=red GROUP=waslogs<br>
<br>
<br>
That way when you set up the alerts you can specify the host, the service and the group<br>
<br>
<br>
HOST=server SERVICE=msgs GROUP=waslogs<br>
<br>
MAIL etc…..<br>
<br>
<br></div>
*From:* Xymon [mailto:<a href="mailto:xymon-bounces@xymon.com" target="_blank">xymon-bounces@xymon.<u></u>com</a>] *On Behalf Of *Pierre Malenfant<br>
*Sent:* 20 January 2014 13:54<br>
*To:* <a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a><br>
*Subject:* [Xymon] Breaking msgs in multiple columns for various log files monitoring<div class="im"><br>
<br>
<br>
Hello All,<br>
<br>
I searched the Xymon Archive without success about this. Found a few inquiries but no solutions.<br>
<br>
I would like to have multiple columns for log file monitoring. I need the exact same thing as msgs, but in many columns to alert differently.<br>
<br>
Ex:<br>
System logs -> Alert to sysadmins<br>
Application logs -> Alert to Analysts<br>
DB logs -> Alert to DBA.<br>
<br>
Having the columns named like msgs_sys / msgs_app / msgs_db would make sense to me.<br>
<br>
There may be good ext scripts for this. I tought it would be simpler to have a central setup with the msgs "style".<br>
<br>
For thoses of you that had the issue, what's your recommendation?<br>
<br>
Thanks in advance!<br>
<br>
Pierre Malenfant<br>
<br>
Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.<br>
<br>
Express Gifts Limited is authorised and regulated by the Financial Conduct Authority<br>
<br></div>
------------------------------<u></u>------------------------------<u></u>------------<div class="im"><br>
<br>
NOTE: This email and any information contained within or attached in a separate file is confidential and intended solely for the Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any information or data included with this e-mail remains the property of Findel PLC and the recipient will refrain from utilising the information for any purpose other than that indicated and upon request will destroy the information and remove it from their records. Any views or opinions presented are solely those of the author and do not necessarily represent those of Findel PLC. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this e-mail and any attachments. No liability is accepted for any consequences arising from it. Findel Plc reserves the right to monitor all e-mail communications through its internal and external networks. If you have received this email in error please notify our IT helpdesk on <a href="tel:%2B44%280%29%201254%20303030" value="+441254303030" target="_blank">+44(0) 1254 303030</a><br>
<br>
<br>
<br></div>
------------------------------<u></u>------------------------------<u></u>------------<br>
<br>
______________________________<u></u>_________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/<u></u>mailman/listinfo/xymon</a><br>
</blockquote>
<br>
Using GROUPS is fine if your notification mechanism was solely e-mail based. We have a 24x7 team following the critical view and we need the ability to separate faults found in different log files in exactly the same way as Pierre describes. For the moment we get round it as follows :-<br>
1) define the logs as normal in client-local.cfg on the sever.<br>
2) create a custom ext script on the server which :-<br>
a) extracts the logs from the client data :-<br>
xymon localhost "clientlog <myhost> section=msgs:/path/to/the/log"<br>
b) decides if this is good or bad.<br>
c) sends a status update to xymon for the new column :-<br>
xymon localhost "status <myhost>.msgs_apps RED|YELLOW|GREEN"<br>
<br>
2b) is messy and hides stuff that should otherwise be in analysis.cfg, so as a compromise, we use TRIGGER in client-local.cfg, which means 2b) can be almost as simple as a non-zero line count. I would much prefer support for multiple msgs columns directly in core xymon but have not yet had chance to see how difficult this would be to implement.<br>
<br>
HTH<span class="HOEnZb"><font color="#888888"><br>
-- <br>
Andy<br>
______________________________<u></u>_________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/<u></u>mailman/listinfo/xymon</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><span>"Accept the challenges so that you can feel the exhilaration of victory"</span><div><span>- General George Patton</span></div>
</div>