<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div>further to the below...<br><br><br>form the analysis.cfg man page:<br><br><span><div><p>
<b>LOG logfilename pattern [COLOR=color] [IGNORE=excludepattern] [OPTIONAL]</b>
</p><p>...<br>"logfilename" is the name of the logfile. Only logentries from this filename
will be matched against this rule. <font color="#cd232c"><b>Note that "logfilename" can be a regular
expression (if prefixed with a '%' character). </b></font><br></p>as below the entry for the client in analysis.cfg on the server is<br><span><span style="font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 10px;"> LOG %/var/log/messages*.log "DIDDS" COLOR=yellow<br></span></span><br>so IS prefixed by a %</div><div><br></div><div>and the proof thyat this isn;t picking up the contents of the requisite log file is because the GUI page line<br><span><span style="font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 10px;">Full log /var/log/messages-20180816.log</span></span><br></div><div><br>does not have <br><span><div><...CURRENT...></div><div>DIDDS</div><div><br></div></span>below it - as my test for plain /var/log/messages does.</div><div><br></div><div>didds</div></span><br></div><div><br></div>
</div><div id="ydp43cd85b2yahoo_quoted_4546833816" class="ydp43cd85b2yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Thursday, 16 August 2018, 15:40:44 BST, Ian Diddams via Xymon <xymon@xymon.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydp43cd85b2ymsg97911" class="ydp43cd85b2ymsg0573893522"><div id="ydp43cd85b2yiv1656869447"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div>Ok - another angle. I feel I am SO close.</div><div><br clear="none"></div><div>so I have a cleint with message logs with filename format</div><div><br clear="none"></div><div>/var/log/messages-YYYYMMDD.log<br clear="none">It contains a trigger word DIDDS</div><div><br clear="none"></div><div>client-local.cfg on the xymon SERVER contains<br clear="none"><br clear="none"><span></span><div>[linux]</div><div>log:/var/log/messages:10240</div><div><b><font color="#cd232c">log:`find /var/log -maxdepth 1 -type f -name messages-\*.log`:10240</font></b></div><div>log:/var/log/maillog:10240<br clear="none"></div><div>log:/var/log/secure:10240</div><div>ignore MARK</div><div><br clear="none"></div><div><br clear="none"></div><div>The client's msgs GUI page shows<br clear="none"><br clear="none"><span></span><div>No entries in /var/log/messages</div><div>No entries in /var/log/messages-20180816.log<br clear="none"></div><div>No entries in /var/log/maillog<br clear="none"></div><div>No entries in /var/log/secure<br clear="none"></div><div><br clear="none"></div><div><br clear="none"></div><div>Full log /var/log/messages</div><div>Full log /var/log/messages-20180816.log<br clear="none"></div><div>Full log /var/log/maillog<br clear="none"></div><div>Full log /var/log/secure<br clear="none"></div><div><br clear="none"></div><span></span><div><span></span><div><br clear="none"></div></div><div>ie it can find/knows about that respective messages file.<br clear="none"><br clear="none">However...<br clear="none"><br clear="none">in analysis.cfg, for the respective client this line<br clear="none"><span></span><div> LOG %/var/log/messages*.log "DIDDS" COLOR=yellow<br clear="none"><br clear="none">doesn't flag anything - even if the string DIDDS is in that messages-20180816.log file ..</div><div><br clear="none"></div><div>hence the line in the GUI</div><div><br clear="none"></div><span><span style="color:rgb(0, 0, 0);">No entries in /var/log/messages-20180816.log<br clear="none"></span></span><br clear="none"><br clear="none">SO CLOSE.<br clear="none"><br clear="none">what am I missing here?<br clear="none"><br clear="none"><br clear="none"><br clear="none">Because if I merely use<br clear="none"><span></span><div>LOG %/var/log/messages "DIDDS" COLOR=yellow</div><div><br clear="none"></div>with DIDDS within /var/log/messages it goes yellow almost immediately.</div><div><br clear="none"></div><div>???</div><div><br clear="none"></div><div>didds</div><div class="ydp43cd85b2yiv1656869447yqt0112656601" id="ydp43cd85b2yiv1656869447yqtfd40828"><div><br clear="none"></div><br clear="none"></div></div><div class="ydp43cd85b2yiv1656869447yqt0112656601" id="ydp43cd85b2yiv1656869447yqtfd68516"><div><br clear="none"></div><div><br clear="none"></div><br clear="none"></div></div></div></div></div></div></div><div class="ydp43cd85b2yqt0112656601" id="ydp43cd85b2yqtfd19343">_______________________________________________<br clear="none">Xymon mailing list<br clear="none"><a shape="rect" href="mailto:Xymon@xymon.com" rel="nofollow" target="_blank">Xymon@xymon.com</a><br clear="none"><a shape="rect" href="http://lists.xymon.com/mailman/listinfo/xymon" rel="nofollow" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br clear="none"></div></div>
</div>
</div></div></body></html>