[hobbit] LOG monitoring from serverside

Dominique Frise Dominique.Frise at unil.ch
Fri Jun 9 07:46:48 CEST 2006 

ZanDAhaR wrote:
> Dominique Frise wrote:
> 
>> ZanDAhaR wrote:
>>
>>> Hi All
>>>
>>> I have been playing with the latest release of the client and sever 
>>> over the past few days and have managed to get everything working 
>>> (and some cool new bits) apart from the log file monitoring. I can 
>>> get it so it shows the log file on the hobbit display/web but I 
>>> cannot get it to search for anything and cause a status change
>>>
>>> I have this in client-local.cfg
>>> [db184.corporatesystems.com.au]
>>> file:/usr/bin/make
>>> file:/usr/bin/gcc
>>> log:/var/log/messages:10240
>>>
>>> And then this in the hobbit-clients.cfg
>>>
>>> HOST=db184.corporatesystems.com.au
>>>    PORT "LOCAL=%([.:]10042)" state=LISTEN TEXT=WEBMIN
>>>    PORT "LOCAL=%([.:]22)" state=LISTEN TEXT=SSH
>>>    PORT "LOCAL=%([.:]50000)" state=LISTEN TEXT=DB2
>>>    PROC cron 1 -1 yellow
>>>    FILE /usr/bin/make MODE=644
>>>    FILE /usr/bin/gcc MODE=644
>>>    LOG /var/log/messages verify COLOR=yellow
>>>
>>> This is a few lines from the log
>>>
>>> [root at db184 root]# cat /var/log/messages |grep Verify
>>> Jun  5 03:00:04 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify 
>>> started: Unit #0.
>>> Jun  5 05:41:17 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify 
>>> complete: Unit #0.
>>> Jun  8 15:30:27 db184 kernel: 3w-xxxx: scsi2: AEN: INFO: Verify 
>>> started: Unit #0.
>>> Jun  8 15:30:29 db184 3w-xxxx[29749]: INFORMATION: Verify started on 
>>> unit 0 on controller ID:2. (0x29)
>>>
>>> I have tried regex entries and all sorts and still cant get anything 
>>> out of it and I'm going crazy. 'verify' is part of a string that 
>>> comes out when you start a verify on the 3ware raid controller in 
>>> that server. The man page says the matching string is case 
>>> insensitive but I have tried it with proper case also.
>>>
>>> Can someone please help point out the stupid thing I'm doing as I'm 
>>> sure the log file monitoring does actually work :)
>>>
>>> Cheers
>>>
>>> Allan
>>>
>>> To unsubscribe from the hobbit list, send an e-mail to
>>> hobbit-unsubscribe at hswn.dk
>>>
>>>
>> Extract of hobbit-clients.cfg man page:
>>
>>      Note that Hobbit defaults to  case-
>>      insensitive  pattern matching; if that is not what you want,
>>      put "(?-i)" between the "%" and the  regular  expression  to
>>      turn  this off.
>>
>>
>> Try this:
>>
>> LOG /var/log/messages %(?-i)verify COLOR=yellow
>>
>>
>>
>> Dominique
>> UNIL - University of Lausanne
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe at hswn.dk
>>
> I had already tried that as per the man page and I also tried against a 
> lower case string such as 'session' which gets written everytime you 
> open an ssh connection and even that didnt do anything.
> 
> Also something that I havent found clear is how do you define multiple 
> strings ? On the same line with spaces or one LOG line per string ?
> 

You can enclose them in double quotes or -we use this- use \s

Example:

LOG /var/log/vmkernel MATCH=%(?-i)WARNING|spindown\sfailed|Link\sis\sdown 
COLOR=yellow HOST=frodo


Dominique
UNIL - University of Lausanne

More information about the Xymon mailing list