[Xymon] Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?

Becker Christian christian.becker at rhein-zeitung.net
Wed Dec 11 15:53:28 CET 2019 

Hello everybody,


i’m writing this to the list because I’m screwed up with my thoughts, probably because I’ve done too much config tests for today…..

Hope I can describe my situation good enough.

I’ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7.
Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages – that’s working.

What I want to achieve:

  1.  For ALL of them, I want to have the “msgs” column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
  2.  In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the “msgs” column, and I want to monitor those application specific logfiles for keywords too.
  3.  In further addition to the above, I want to have EACH “files” column filled with the files that are monitored in the “msgs” column per server.

Actually I’m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules.
That makes my crazy.

My thought was to have a class configured in client-local.cfg which is:
[linux]
file:/var/log/messages
file:/var/log/ntp
log:/var/log/messages:10240
ignore MARK

For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this “over-controls” the class entry from above….):
[dvst-1]
file:/var/log/messages
file:/var/log/ntp
file:/data/monitor/checkppi.log
log:/data/monitor/checkppi.log:10240
log:/var/log/messages:10240
ignore MARK

This section is BELOW the class [linux] section, if that matters?

Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.


To make the thing complete and to have more confusion, I have these entries in analysis.cfg:
Example of a server specific entry:
HOST=dvst-1
DISK    /data 97 98
PROC    "mysqld "
PROC    "mysqld_safe"
PROC    "httpd2-prefork" 1
PROC    "smbd”
PROC    "caagentd"
LOG     /data/monitor/checkppi.log OutOfMemory COLOR=red

Finally a DEFAULT section (at the end of the file):
DEFAULT
    # These are the built-in defaults.
    DISK    * 90 95
    MEMSWAP 80 90
    MEMACT  90 97
    FILE    /var/log/ntp SIZE>0
    FILE    /var/log/messages
    LOG     /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red
    LOG     /var/log/messages %Remounting.filesystem.read-only COLOR=red
    LOG     /var/log/messages There.are.errors.in.the.filesystem COLOR=red


The problem is, that I cannot see data from the configured logfiles in the affected “msgs” columns. For some logfile entries I get parse errors and I don’t know exactly the reason behind this.
All of the configured logfiles are present on the affected servers, there they are readable and filled with data.

Does anybody have a real good description of the best way to get the “msgs” column populated with data? Of the “playing together” and the right order of entries in the config-files?


Hope anybody can follow my thoughts 😊


Regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20191211/11c8191a/attachment.htm>

More information about the Xymon mailing list