[hobbit] log file monitoring issues
Morris, Chris (Shared Services)
CHRIS.MORRIS at RWEnpower.com
Mon Aug 14 17:40:54 CEST 2006
Try putting the :SIZE parameter on your
log:/var/log/samba/client.nmbd.log entry.
Chris
> -----Original Message-----
> From: Gary B. [SMTP:gmbfly98 at gmail.com]
> Sent: Saturday, August 12, 2006 1:08 AM
> To: hobbit at hswn.dk
> Subject: Re: [hobbit] log file monitoring issues
>
> On 8/11/06, Henrik Stoerner <henrik at hswn.dk> wrote:
> > On Fri, Aug 11, 2006 at 01:37:28PM -0400, Gary B. wrote:
> > > Hmm. Any ideas why the following wouldn't work?
> > >
> > > log:/var/log/messages:10240
> > > ignore upsd* Client|Connection 127.0.0.1
> > > ignore session opened|closed for user mailman|root
> >
> > Two errors:
> >
> > The first line has a wrong regex - it's a classic mistake to use
> > "*" by itself to mean "anything", but that's not what it does.
> > Your expression should be
> > ignore upsd.* Client|Connection 127.0.0.1
>
> Ah. I actually had that originally, but since it wasn't working, I
> wasn't sure if it used "real" regexes, or "DOS command-line" regexes.
>
> > Second, you can only have one "ignore" line. I admit that it would
> > probably be useful to have multiple ignore lines, but that is
> > not possible right now.
> >
> > > The "full log" output is still showing those lines. Could it be the
> > > same reason I wasn't seeing any data at all on the other servers; that
> > > is, the log file just hasn't been updated, and it's still showing
> > > those from previous lines?
> >
> > No, Hobbit processes all of the logfile data through the ignore- and
> > trigger patterns each time it sends a message to the server.
>
> Ah ha! That explains it. I removed the second ignore, and it's
> working perfectly now.
>
> > > If so, is there a way I could tell Hobbit to clear the existing data?
> >
> > Yes: Delete the ~hobbit/client/tmp/logfetch.HOSTNAME.status file.
>
> Ah, that's simple. Note to self: if there's something you want to do
> with Hobbit, it's probably done fairly simply ;-)
>
>
> Just ONE remaining issue now. There are still additional log files I
> want to check for that aren't showing up. I have this specific
> hosts's client-local.cfg entry defined as:
>
> [master.homeoffice.none]
> log:/var/log/samba/client.nmbd.log
> log:/var/log/messages:10240
> log:/var/log/maillog:10240
> ignore relay=localhost\.localdomain
> trigger denied
>
> The "messages" and "maillog" entries are showing up just fine, but the
> "client.nmbd.log" file is not showing up; not even with an empty "full
> log" section. Any ideas?
>
> Also, do I need the escape character "\" to ignore the line that says
> "relay=localhost.localdomain"? I guess since "." means "any
> character", it will work anyway without the "\"...
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
****************************************************************************
The information contained in this email is intended only for the use of the intended recipient at the email address to which it has been addressed. If the reader of this message is not an intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination or copying of the message or associated attachments is strictly prohibited.
If you have received this email in error, please contact the sender by return email or call 01793 877777 and ask for the sender and then delete it immediately from your system.Please note that neither RWE npower nor the sender accepts any responsibility for viruses and it is your responsibility to scan attachments (if any).
*****************************************************************************
More information about the Xymon
mailing list