[Xymon] Monitoring logfiles with changing names on a linux client

Jeremy Laidman jlaidman at rebel-it.com.au
Tue Jun 14 13:35:33 CEST 2016


On 14 June 2016 at 20:48, Becker Christian <
christian.becker at rhein-zeitung.net> wrote:

>
>
> What I have:
>
> I have a linux client with xymon agents up and running, reporting his
> data to the Xymon server -> this is working fine.
>
> This linux client serves an application that creates 6 new different
> logfiles every day -> that’s my problem.
>
> The names of the lofgiles are like this: Log.File_ABC#_YYYYMMDD_######.log
>
> The first # in the name could be numbers fom 1 to 6.
>
> YYYYMMDD is the actual day date, like 20160414.
>
> The ###### block is another numeric identifier, like 050601 or similar,
> which also changes every day, but not following any rule.
>

I believe this is exactly the sort of thing the backticks were designed for.

What I want:
>
> My goal is to check those logiles for the keyword ERROR and let Xymon go
> red if this keyword occurs.
>
> What I’m looking for is the necessary config on both the client (in
> localclient.cfg) and the xymon server (in client-local.cfg and
> analysis.cfg) using regexp.
>

Nothing is required on the client.  localclient.cfg is not used if you're
using centralised configuration.  Specifically, the comment at the top of
localclient.cfg says "By default ... In that case, THIS FILE IS NOT USED
and you should IGNORE it."  It's not 100% clear, but essentially, if you
use centralised configuration, you don't use localclient.cfg on the client,
and instead use client-local.cfg/analysis.cfg on the server.


> I’m thinking about something like this to have in the linux client’s
> localclient.cfg:
>
> LOG `ls -1 Log.File_ABC*_`date +%Y%m%d\`_*.log`
>
> But I’m not sure about the syntax here.
>

That won't work due to the nested backticks.  You can have only one pair of
backticks.

Also, you need a colon between LOG and the rest.  The very first example at
the top of client-local.cfg shows:

log:FILENAME:MAXDATA

I don't think the MAXDATA is optional.

There are several ways to do what you want, by avoiding the backticks.

Option 1: Use a bash-ism, such as $(cmd) in place of `cmd`, like so:

log:`ls -1 /path/to/Log.File_ABC*_$(date +%Y%m%d)_*.log`:10240

Option 2: Use a more inclusive wildcard match, and list the newest 6 files
that match:

log:`ls -1t /path/to/Log.File_ABC*_*.log | head -6`:10240

Option 3: Use a script on the client to show the files:

log:`/usr/local/bin/show-the-files`:10240

Then in show-the-files, do whatever fancing file matching, testing,
excluding, etc.  You can use this to show the last 6 files by date, but
exclude files that are empty.  You can also construct the file matching
string using the date, without it interfering with the backticks in the
"log:" line.

#!/bin/sh
DATE=`date +%Y%m%d`
MATCH="Log.File_ABC[1-6]_$DATE_??????.log"
LOGDIR=/path/to/log

COUNT=0
for FILE in `ls -1t $LOGDIR/$MATCH`; do
    [ -s $FILE ] || continue # skip empty files
    echo $FILE
    let COUNT=$COUNT+1
    [ $COUNT -eq 6 ] && break
done

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160614/3a6a642c/attachment.html>


More information about the Xymon mailing list