[Xymon] Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?
Becker Christian
christian.becker at rhein-zeitung.net
Wed Dec 11 15:53:28 CET 2019
Hello everybody,
i’m writing this to the list because I’m screwed up with my thoughts, probably because I’ve done too much config tests for today…..
Hope I can describe my situation good enough.
I’ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7.
Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages – that’s working.
What I want to achieve:
1. For ALL of them, I want to have the “msgs” column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
2. In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the “msgs” column, and I want to monitor those application specific logfiles for keywords too.
3. In further addition to the above, I want to have EACH “files” column filled with the files that are monitored in the “msgs” column per server.
Actually I’m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules.
That makes my crazy.
My thought was to have a class configured in client-local.cfg which is:
[linux]
file:/var/log/messages
file:/var/log/ntp
log:/var/log/messages:10240
ignore MARK
For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this “over-controls” the class entry from above….):
[dvst-1]
file:/var/log/messages
file:/var/log/ntp
file:/data/monitor/checkppi.log
log:/data/monitor/checkppi.log:10240
log:/var/log/messages:10240
ignore MARK
This section is BELOW the class [linux] section, if that matters?
Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.
To make the thing complete and to have more confusion, I have these entries in analysis.cfg:
Example of a server specific entry:
HOST=dvst-1
DISK /data 97 98
PROC "mysqld "
PROC "mysqld_safe"
PROC "httpd2-prefork" 1
PROC "smbd”
PROC "caagentd"
LOG /data/monitor/checkppi.log OutOfMemory COLOR=red
Finally a DEFAULT section (at the end of the file):
DEFAULT
# These are the built-in defaults.
DISK * 90 95
MEMSWAP 80 90
MEMACT 90 97
FILE /var/log/ntp SIZE>0
FILE /var/log/messages
LOG /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red
LOG /var/log/messages %Remounting.filesystem.read-only COLOR=red
LOG /var/log/messages There.are.errors.in.the.filesystem COLOR=red
The problem is, that I cannot see data from the configured logfiles in the affected “msgs” columns. For some logfile entries I get parse errors and I don’t know exactly the reason behind this.
All of the configured logfiles are present on the affected servers, there they are readable and filled with data.
Does anybody have a real good description of the best way to get the “msgs” column populated with data? Of the “playing together” and the right order of entries in the config-files?
Hope anybody can follow my thoughts 😊
Regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20191211/11c8191a/attachment.htm>
More information about the Xymon
mailing list