[hobbit] log file monitoring issues
Gary B.
gmbfly98 at gmail.com
Sat Aug 12 02:07:34 CEST 2006
On 8/11/06, Henrik Stoerner <henrik at hswn.dk> wrote:
> On Fri, Aug 11, 2006 at 01:37:28PM -0400, Gary B. wrote:
> > Hmm. Any ideas why the following wouldn't work?
> >
> > log:/var/log/messages:10240
> > ignore upsd* Client|Connection 127.0.0.1
> > ignore session opened|closed for user mailman|root
>
> Two errors:
>
> The first line has a wrong regex - it's a classic mistake to use
> "*" by itself to mean "anything", but that's not what it does.
> Your expression should be
> ignore upsd.* Client|Connection 127.0.0.1
Ah. I actually had that originally, but since it wasn't working, I
wasn't sure if it used "real" regexes, or "DOS command-line" regexes.
> Second, you can only have one "ignore" line. I admit that it would
> probably be useful to have multiple ignore lines, but that is
> not possible right now.
>
> > The "full log" output is still showing those lines. Could it be the
> > same reason I wasn't seeing any data at all on the other servers; that
> > is, the log file just hasn't been updated, and it's still showing
> > those from previous lines?
>
> No, Hobbit processes all of the logfile data through the ignore- and
> trigger patterns each time it sends a message to the server.
Ah ha! That explains it. I removed the second ignore, and it's
working perfectly now.
> > If so, is there a way I could tell Hobbit to clear the existing data?
>
> Yes: Delete the ~hobbit/client/tmp/logfetch.HOSTNAME.status file.
Ah, that's simple. Note to self: if there's something you want to do
with Hobbit, it's probably done fairly simply ;-)
Just ONE remaining issue now. There are still additional log files I
want to check for that aren't showing up. I have this specific
hosts's client-local.cfg entry defined as:
[master.homeoffice.none]
log:/var/log/samba/client.nmbd.log
log:/var/log/messages:10240
log:/var/log/maillog:10240
ignore relay=localhost\.localdomain
trigger denied
The "messages" and "maillog" entries are showing up just fine, but the
"client.nmbd.log" file is not showing up; not even with an empty "full
log" section. Any ideas?
Also, do I need the escape character "\" to ignore the line that says
"relay=localhost.localdomain"? I guess since "." means "any
character", it will work anyway without the "\"...
More information about the Xymon
mailing list