[Xymon] alert IGNORE

Jeremy Laidman jlaidman at rebel-it.com.au
Thu Jul 10 05:57:37 CEST 2014


On 26 June 2014 02:38, Sidiney M. Crescencio Junior <sidiney at redix.com.br>
wrote:

> I need to ignore a message on xymon
>

OK


> Critical entries in /var/log/secure
> red -> error=''
>

Sorry, I don't know what this means.


> On server log:
> Jun 25 09:21:14 mailserver saslauthd[28318]: zmpost: url='
> https://mailserver.domain.com.br:7071/service/admin/soap/' returned
> buffer->data='<soap:Envelope xmlns:soap="
> http://www.w3.org/2003/05/soap-envelope"><soap:Header><context
> xmlns="urn:zimbra"><change
> token="30213"/></context></soap:Header><soap:Body><AuthResponse
> xmlns="urn:zimbraAccount"><authToken>0_b4e7e2ade952b00a8028cf4e80d489c2b0138b8e_69643d33363a36666134643163352d626664302d343239352d626234302d3837306532346138336662353b6578703d31333a313430333837313637343034363b76763d313a303b747970653d363a7a696d6272613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse></soap:Body></soap:Envelope>',
> hti->error=''
>

So you want to ignore lines like the above?


> Sentinela configuration:
>
> /usr/lib/xymon/server/etc/client-local.cfg
>
> log:/var/log/secure:10240
> ignore saslauthd.*\[.*\]:.*
> ignore .*hti.*error.*
> ignore .*hti.*
> ignore ti->error.*
>

Any of these should work.  So perhaps it's not using this configuration at
all.

Have a look on your client in ~xymon/tmp/ for the file
logfetch.<servername>.cfg.  See if it looks like the above.  If not, it's
probably matching another host type/name configuration section in your
client-local.cfg.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140710/2957e795/attachment.html>


More information about the Xymon mailing list