[Xymon] WG: Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?

Becker Christian christian.becker at rhein-zeitung.net
Mon Dec 16 09:27:00 CET 2019 

Hi all,

i have been right with my config files. The things that I have configured are working as they should do.

The only thing I forgot was, that i get this parse error if a logfile hasn’t been updated recently. This morning I had a look on my msgs columns where i had these parse errors in the past, and now they are filled with data.

Regards
Christian


Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Becker Christian
Gesendet: Mittwoch, 11. Dezember 2019 15:53
An: xymon at xymon.com
Betreff: [Xymon] Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?

Hello everybody,


i’m writing this to the list because I’m screwed up with my thoughts, probably because I’ve done too much config tests for today…..

Hope I can describe my situation good enough.

I’ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7.
Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages – that’s working.
What I want to achieve:

  1.  For ALL of them, I want to have the “msgs” column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
  2.  In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the “msgs” column, and I want to monitor those application specific logfiles for keywords too.
  3.  In further addition to the above, I want to have EACH “files” column filled with the files that are monitored in the “msgs” column per server.

Actually I’m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules.
That makes my crazy.

My thought was to have a class configured in client-local.cfg which is:
[linux]
file:/var/log/messages
file:/var/log/ntp
log:/var/log/messages:10240
ignore MARK

For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this “over-controls” the class entry from above….):
[dvst-1]
file:/var/log/messages
file:/var/log/ntp
file:/data/monitor/checkppi.log
log:/data/monitor/checkppi.log:10240
log:/var/log/messages:10240
ignore MARK

This section is BELOW the class [linux] section, if that matters?

Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.


To make the thing complete and to have more confusion, I have these entries in analysis.cfg:
Example of a server specific entry:
HOST=dvst-1
DISK    /data 97 98
PROC    "mysqld "
PROC    "mysqld_safe"
PROC    "httpd2-prefork" 1
PROC    "smbd”
PROC    "caagentd"
LOG     /data/monitor/checkppi.log OutOfMemory COLOR=red

Finally a DEFAULT section (at the end of the file):
DEFAULT
    # These are the built-in defaults.
    DISK    * 90 95
    MEMSWAP 80 90
    MEMACT  90 97
    FILE    /var/log/ntp SIZE>0
    FILE    /var/log/messages
    LOG     /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red
    LOG     /var/log/messages %Remounting.filesystem.read-only COLOR=red
    LOG     /var/log/messages There.are.errors.in.the.filesystem COLOR=red


The problem is, that I cannot see data from the configured logfiles in the affected “msgs” columns. For some logfile entries I get parse errors and I don’t know exactly the reason behind this.
All of the configured logfiles are present on the affected servers, there they are readable and filled with data.

Does anybody have a real good description of the best way to get the “msgs” column populated with data? Of the “playing together” and the right order of entries in the config-files?


Hope anybody can follow my thoughts 😊


Regards
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20191216/3f46f891/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20191216/3f46f891/attachment.txt>

More information about the Xymon mailing list