[Xymon] Force logfetch to only process complete lines?

Galen Johnson solitaryr at gmail.com
Fri May 11 02:59:12 CEST 2018


Have you looked at client-local.cfg on the xymon server?  Or the man page
for client-local.cfg?  It's a bit finicky but may be able to do what you're
asking without modifying any code.

=G=

On Thu, May 10, 2018 at 5:32 PM, Larry Bonham <larry at fni-stl.com> wrote:

> Third request.  I just can’t believe that I’m the only one having this
> problem.  It is a fairly frequent occurrence for me.  Mainly with higher
> volume log files.
>
>
>
> I simply want to drop any partial lines before they are compared with LOG
> alert definitions.
>
>
>
> Based on the comments in logfetch.c (v4.3.28), the section between 509 and
> 562 would appear to handle this.  But for whatever reason it is not
> consistently working for me.  Maybe I’m overloading the MAXCHECK value and
> it is just truncating the output?  Or I’m misunderstanding what the section
> is actually doing?
>
>
>
> Once again, any help would be appreciated.
>
>
>
> Larry B.
>
>
>
> *From:* Larry Bonham
> *Sent:* Monday, March 5, 2018 10:05 AM
> *To:* xymon at xymon.com
> *Subject:* RE: Force logfetch to only process complete lines?
>
>
>
> Second request.  No one else having this particular problem?  Any help
> would be appreciated.  Modifying logfetch.c is pretty much beyond my
> limited C skills.
>
>
>
> Thanks.
>
>
>
> Larry B.
>
>
>
> *From:* Xymon [mailto:xymon-bounces at xymon.com <xymon-bounces at xymon.com>] *On
> Behalf Of *Larry Bonham
> *Sent:* Monday, February 26, 2018 5:28 PM
> *To:* xymon at xymon.com
> *Subject:* [Xymon] Force logfetch to only process complete lines?
>
>
>
> RHEL 6.9 and RHEL 7.4
>
> Xymon v4.3.28
>
>
>
> This may be documented somewhere and I’m just not able to find it.  But is
> there a way to force logfetch to only scan complete lines and discard any
> partials it might retrieve based on the MAXCHECK setting?
>
>
>
> I’ve been getting quite a few alerts on highly active systems where the
> offending line would normally be excluded due to the first part of a search
> that is missing.
>
>
>
> A simple example, I want to ignore the alert triggers for
> /var/log/messages where the system name is test-system and
> :\sheader\ssubject: is also in the line.  Since test-system comes right
> after the date/time stamp, that causes the ignore check to not work if
> test-system is not retrieved by logfetch.
>
>
>
> analysis.cfg
>
>
>
> # Red alert on CRITICAL or ERROR or SERIOUS (with exceptions)
>
> LOG %.*  %(?-i)CRITICAL|ERROR|SERIOUS COLOR=red
> IGNORE=%(?-i)test-system.*:\sheader\ssubject:
>
>
>
> I’ve tried adjusting the MAXCHECK setting but it didn’t make a difference
> one way or the other.
>
>
>
> client-local.cfg
>
>
>
> log:/var/log/messages:10240             # 10KB default
>
> log:/var/log/messages:1024000         # 1MB
>
>
>
> Thanks.
>
> =========================================================
>
> Larry D. Bonham
>
> Financial Network Inc.
> 10401-F Baur
> Olivette, MO 63132
>
> (314) 400-9412 voice
> (314) 997-5647 fax
> =========================================================
>
>
>
>
>
> ------------------------------
>
> CONFIDENTIALITY NOTICE:
> This electronic mail message is intended exclusively for
> recipient to which it is addressed. The contents of this message
> and any attachments may contain confidential and privileged
> information. Any unauthorized review, use, print, storage, copy,
> disclosure or distribution is strictly prohibited. If you have
> received this message in error, please advise the sender
> immediately by replying to the message's sender and delete all
> copies of this message and its attachments without disclosing
> the contents to anyone, or using the contents for any purpose.
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20180510/06573201/attachment.html>


More information about the Xymon mailing list