<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Emoji";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:991106227;
mso-list-template-ids:-1160365880;}
@list l1
{mso-list-id:1846899795;
mso-list-type:hybrid;
mso-list-template-ids:-388711418 67567633 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">i have been right with my config files. The things that I have configured are working as they should do.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The only thing I forgot was, that i get this parse error if a logfile hasn’t been updated recently. This morning I had a look on my msgs columns where i had these parse errors in the past, and now they are filled with
data.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Christian<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="mso-fareast-language:DE">Von:</span></b><span style="mso-fareast-language:DE"> Xymon <xymon-bounces@xymon.com>
<b>Im Auftrag von </b>Becker Christian<br>
<b>Gesendet:</b> Mittwoch, 11. Dezember 2019 15:53<br>
<b>An:</b> xymon@xymon.com<br>
<b>Betreff:</b> [Xymon] Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello everybody,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">i’m writing this to the list because I’m screwed up with my thoughts, probably because I’ve done too much config tests for today…..<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hope I can describe my situation good enough.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I’ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US">Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages – that’s working.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What I want to achieve:<o:p></o:p></span></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-US">For ALL of them, I want to have the “msgs” column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in
/var/log/messages.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-US">In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the “msgs” column, and I want to monitor those application
specific logfiles for keywords too.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-US">In further addition to the above, I want to have EACH “files” column filled with the files that are monitored in the “msgs” column per server.<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Actually I’m struggling with config files on my Xymon server,
</span><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">client-local.cfg</span><span lang="EN-US"> and
</span><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">analysis.cfg</span><span lang="EN-US">, and there with class-entries, default section and server specific rules.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">That makes my crazy.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My thought was to have a class configured in
</span><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">client-local.cfg</span><span lang="EN-US"> which is:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">[linux]<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">file:/var/log/messages<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">file:/var/log/ntp<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">log:/var/log/messages:10240<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">ignore MARK<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For those servers where I want to have additional, application specific logfiles, I have server based entries like this in
</span><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">client-local.cfg</span><span lang="EN-US"> (<i>hoping that this “over-controls” the class entry from above….</i>):<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">[dvst-1]<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">file:/var/log/messages<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">file:/var/log/ntp<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">file:/data/monitor/checkppi.log<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">log:/data/monitor/checkppi.log:10240<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">log:/var/log/messages:10240<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#C55A11">ignore MARK</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This section is <u>BELOW</u> the class </span>
<span lang="EN-US" style="font-family:"Courier New";color:#C55A11">[linux]</span><span lang="EN-US"> section, if that matters?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Everytime I did a config change on </span>
<span lang="EN-US" style="font-family:"Courier New";color:#C55A11">client-local.cfg</span><span lang="EN-US"> I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">To make the thing complete and to have more confusion, I have these entries in
</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6">analysis.cfg</span><span lang="EN-US">:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Example of a server specific entry:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6">H</span><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">OST=dvst-1<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">DISK /data 97 98</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">PROC "mysqld "</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">PROC "mysqld_safe"</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">PROC "httpd2-prefork" 1</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">PROC "smbd</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6">”<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">PROC "caagentd"</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">LOG /data/monitor/checkppi.log OutOfMemory COLOR=red<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Finally a DEFAULT section (<i>at the end of the file</i>):<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">DEFAULT<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> # These are the built-in defaults.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> DISK * 90 95<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> MEMSWAP 80 90<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> MEMACT 90 97<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> FILE /var/log/ntp SIZE>0<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">
</span><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6">F</span><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5">ILE /var/log/messages<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> LOG /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> LOG /var/log/messages %Remounting.filesystem.read-only COLOR=red
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#5B9BD5"> LOG /var/log/messages There.are.errors.in.the.filesystem COLOR=red
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:"Courier New";color:#2E75B6"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The problem is, that I cannot see data from the configured logfiles in the affected “msgs” columns. For some logfile entries I get parse errors and I don’t know exactly the reason behind this.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">All of the configured logfiles are present on the affected servers, there they are readable and filled with data.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Does anybody have a real good description of the best way to get the “msgs” column populated with data? Of the “playing together” and the right order of entries in the config-files?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hope anybody can follow my thoughts </span>
<span lang="EN-US" style="font-family:"Segoe UI Emoji",sans-serif">😊</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Christian<o:p></o:p></span></p>
</div>
</body>
</html>