<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div>well...<br><br><br></div><div>Ive really no idea what is happenbing now!<br><br>NOW the GUI page shows<br><br><span><div>No entries in /var/log/messages</div><div>No entries in /var/log/messages-20180816.log<br></div><div>No entries in /var/log/maillog<br></div><div>No entries in /var/log/secure<br></div><div><br></div><div>Full log /var/log/messages<br></div><div>Full log /var/log/messages-20180816.log<br></div><div><...CURRENT...></div><div>DIDDS</div><div>Full log /var/log/maillog<br></div><div>Full log /var/log/secure<br></div><div><br></div></span>i.e. it IS showing the contents of <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 10px;">messages-20180816.log. So <br><br>1) it knows about the correct log<br>2) it has the log files contents<br>but<br>3) it is failing to note that it contains the trigger word.<br><br>Summary:<br><br>server side client-local.cfg : <span></span></span></span>log:`find /var/log -maxdepth 1 -type f -name messages-\*.log`:10240</div><div>server side analysis.cfg : LOG %/var/log/messages*.log "DIDDS" COLOR=yellow<span><div><br></div></span>servier side must work because it worked for the sijmple test again /var/log/messages</div><div><br></div><div>didds<br><span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 10px;"><span><div><br></div></span></span></span></div><div><br></div>
</div><div id="ydp6334605eyahoo_quoted_5376038233" class="ydp6334605eyahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Thursday, 16 August 2018, 15:49:07 BST, Ian Diddams <didds3@yahoo.co.uk> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydp6334605eyiv2830258245"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div>further to the below...<br clear="none"><br clear="none"><br clear="none">form the analysis.cfg man page:<br clear="none"><br clear="none"><span></span><div><p>
<b>LOG logfilename pattern [COLOR=color] [IGNORE=excludepattern] [OPTIONAL]</b>
</p><p>...<br clear="none">"logfilename" is the name of the logfile. Only logentries from this filename
will be matched against this rule. <font color="#cd232c"><b>Note that "logfilename" can be a regular
expression (if prefixed with a '%' character). </b></font><br clear="none"></p>as below the entry for the client in analysis.cfg on the server is<br clear="none"><span><span> LOG %/var/log/messages*.log "DIDDS" COLOR=yellow<br clear="none"></span></span><br clear="none">so IS prefixed by a %</div><div><br clear="none"></div><div>and the proof thyat this isn;t picking up the contents of the requisite log file is because the GUI page line<br clear="none"><span><span>Full log /var/log/messages-20180816.log</span></span><br clear="none"></div><div><br clear="none">does not have <br clear="none"><span></span><div><...CURRENT...></div><div>DIDDS</div><div><br clear="none"></div>below it - as my test for plain /var/log/messages does.</div><div><br clear="none"></div><div>didds</div><br clear="none"></div><div><br clear="none"></div>
</div><div class="ydp6334605eyiv2830258245ydp43cd85b2yahoo_quoted" id="ydp6334605eyiv2830258245ydp43cd85b2yahoo_quoted_4546833816">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div class="ydp6334605eyiv2830258245yqt1568231200" id="ydp6334605eyiv2830258245yqt17096"><div>
On Thursday, 16 August 2018, 15:40:44 BST, Ian Diddams via Xymon <xymon@xymon.com> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div class="ydp6334605eyiv2830258245ydp43cd85b2ymsg0573893522" id="ydp6334605eyiv2830258245ydp43cd85b2ymsg97911"><div id="ydp6334605eyiv2830258245ydp43cd85b2yiv1656869447"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div>Ok - another angle. I feel I am SO close.</div><div><br clear="none"></div><div>so I have a cleint with message logs with filename format</div><div><br clear="none"></div><div>/var/log/messages-YYYYMMDD.log<br clear="none">It contains a trigger word DIDDS</div><div><br clear="none"></div><div>client-local.cfg on the xymon SERVER contains<br clear="none"><br clear="none"><span></span><div>[linux]</div><div>log:/var/log/messages:10240</div><div><b><font color="#cd232c">log:`find /var/log -maxdepth 1 -type f -name messages-\*.log`:10240</font></b></div><div>log:/var/log/maillog:10240<br clear="none"></div><div>log:/var/log/secure:10240</div><div>ignore MARK</div><div><br clear="none"></div><div><br clear="none"></div><div>The client's msgs GUI page shows<br clear="none"><br clear="none"><span></span><div>No entries in /var/log/messages</div><div>No entries in /var/log/messages-20180816.log<br clear="none"></div><div>No entries in /var/log/maillog<br clear="none"></div><div>No entries in /var/log/secure<br clear="none"></div><div><br clear="none"></div><div><br clear="none"></div><div>Full log /var/log/messages</div><div>Full log /var/log/messages-20180816.log<br clear="none"></div><div>Full log /var/log/maillog<br clear="none"></div><div>Full log /var/log/secure<br clear="none"></div><div><br clear="none"></div><span></span><div><span></span><div><br clear="none"></div></div><div>ie it can find/knows about that respective messages file.<br clear="none"><br clear="none">However...<br clear="none"><br clear="none">in analysis.cfg, for the respective client this line<br clear="none"><span></span><div> LOG %/var/log/messages*.log "DIDDS" COLOR=yellow<br clear="none"><br clear="none">doesn't flag anything - even if the string DIDDS is in that messages-20180816.log file ..</div><div><br clear="none"></div><div>hence the line in the GUI</div><div><br clear="none"></div><span><span style="color:rgb(0, 0, 0);">No entries in /var/log/messages-20180816.log<br clear="none"></span></span><br clear="none"><br clear="none">SO CLOSE.<br clear="none"><br clear="none">what am I missing here?<br clear="none"><br clear="none"><br clear="none"><br clear="none">Because if I merely use<br clear="none"><span></span><div>LOG %/var/log/messages "DIDDS" COLOR=yellow</div><div><br clear="none"></div>with DIDDS within /var/log/messages it goes yellow almost immediately.</div><div><br clear="none"></div><div>???</div><div><br clear="none"></div><div>didds</div><div class="ydp6334605eyiv2830258245ydp43cd85b2yiv1656869447yqt0112656601" id="ydp6334605eyiv2830258245ydp43cd85b2yiv1656869447yqtfd40828"><div><br clear="none"></div><br clear="none"></div></div><div class="ydp6334605eyiv2830258245ydp43cd85b2yiv1656869447yqt0112656601" id="ydp6334605eyiv2830258245ydp43cd85b2yiv1656869447yqtfd68516"><div><br clear="none"></div><div><br clear="none"></div><br clear="none"></div></div></div></div></div></div></div><div class="ydp6334605eyiv2830258245ydp43cd85b2yqt0112656601" id="ydp6334605eyiv2830258245ydp43cd85b2yqtfd19343">_______________________________________________<br clear="none">Xymon mailing list<br clear="none"><a shape="rect" href="mailto:Xymon@xymon.com" rel="nofollow" target="_blank">Xymon@xymon.com</a><br clear="none"><a shape="rect" href="http://lists.xymon.com/mailman/listinfo/xymon" rel="nofollow" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br clear="none"></div></div></div>
</div>
</div></div></div></div></div>
</div>
</div></div></body></html>