[xymon] ignore certain things in a log file

Matthew Moldvan mmoldvan at csc.com
Thu Aug 26 18:05:49 CEST 2010


I think (someone correct me if I'm wrong) you might need the line to match 
to first, then what you'd like to ignore afterward.  Our ignore rules, 
which I believe work (notice the double quotes, the ?i is case 
insensitive):

        LOG /var/adm/messages \
                %(?i)ERROR \
                "IGNORE=%(?i)(nres_gethostbyaddr|simple bind failed - 
Invalid credentials|please upgrade FCSM|WARNING|NOTICE|fctl|FCSM|SRS 
Proxy|xrx8825tlh2|ImportAcsError|AcsError|File \{.*\}, error 2|No such 
file or directory|ViewMgr|Bad file format|Exec call for 
FormTek|cache_trif_image|UserQry|DESKTOP_EDMOSRV.STARTUP|Error Level: 
Informational|sshd.*Authentication failed 
for|DESKTOP_EDMOSRV.STARTUP.*local0.error|httpd.*(modsecurity|password))"

Spaces are okay.  For any rules you'd like to test, you can use the 
pcretool command (available on my CentOS box, maybe not in your 
environment).  Syntax is as follows:

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006

  re> /(corrupt label|wrong magic number)/
data> corrupt
No match
data> corrupt label
 0: corrupt label
 1: corrupt label
data> wrong magic number
 0: wrong magic number
 1: wrong magic number

Or for a case insensitive match:

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006

  re> /(?i)(corrupt label|wrong magic number)/
data> Corrupt label
 0: Corrupt label
 1: Corrupt label
data> corrupt label
 0: corrupt label
 1: corrupt label
data> asdf
No match
data> WRONG MAGIC NUMBER
 0: WRONG MAGIC NUMBER
 1: WRONG MAGIC NUMBER
data> wrong magic number
 0: wrong magic number
 1: wrong magic number

Good luck, hope that helps,
Matt.

Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems

This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to 
any order or other contract unless pursuant to explicit written agreement 
or government initiative expressly permitting the use of e-mail for such 
purpose.



From:
"Kevin Kelly" <kkelly at lifetouch.com>
To:
<xymon at xymon.com>
Date:
08/26/2010 10:52 AM
Subject:
[xymon] ignore certain things in a log file



Could somebody tell me why this won’t work?
 
HOST=testserver
        LOG     %/var/adm/messages kern "IGNORE=%(corrupt label|wrong 
magic number)"
 
Trying to ignore all lines in the messages file that contain those key 
words.
 
Thanks
 
Kevin 
 

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_____________________________________________________________________
This is an e-mail from General Dynamics Land Systems. It is for the 
intended recipient only and may contain confidential and privileged 
information. No one else may read, print, store, copy, forward or act in 
reliance on it or its attachments. If you are not the intended recipient, 
please return this message to the sender and delete the message and any 
attachments from your computer. Your cooperation is appreciated. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100826/10924b0c/attachment.html>


More information about the Xymon mailing list