[Xymon] [Possible Spam] Alternate log monitor?
Andy Smith
abs at shadymint.com
Wed Jun 3 20:48:20 CEST 2015
Larry Bonham wrote:
> Has anyone successfully integrated a different log monitor into xymon?
> The internal msgs monitor works fine for /var/log/messages or any other
> system log where a similar notification is used for each system (in our
> case the systems group).
>
>
>
> But I have a need to monitor multiple Apache logs on various systems
> where a different user group would be notified if any yellow or red
> alerts were created. I don't see a way to do that and have
> /var/log/messages alerts going somewhere else for the same system.
>
>
>
> Running 4.3.18 on RHEL 6.6
>
>
>
> swatch maybe? Everything I'm finding is either too simplistic or way
> overkill for what I need. The lighter the footprint the better.
>
>
>
> Thanks.
>
> =========================================================
>
> Larry D. Bonham
Hi, like you, we found the internal msgs tool is perfectly adequate in
terms of functionality, but does not lend itself well to notifying
different groups unless you are relying on email notification, in which
case you can define a GROUP rule in alert.cfg/analysis.cfg. In our
place, we do not use email, instead, we have a 24x7 operations team
viewing the critical page, managing the incidents in real time, so we
needed different column names to be able to identify the requirements in
critical.cfg. I wrote this simple script to direct a given log analysis
to a given column name, it may work for you :-
https://wiki.xymonton.org/doku.php/monitors:msgs
When we have need for more sophisticated log monitoring and we use SEC
(http://simple-evcorr.sourceforge.net/) which is extremely powerful, we
employ just a fraction of its potential. We have a perl module that
goes with SEC so that SEC delivers status messages to Xymon in exactly
the same way as the internal msgs tool.
--
Andy
More information about the Xymon
mailing list