[Xymon] xymonpsclient (application) logfile monitoring
Andy Smith
a.b.smith at shadymint.com
Thu Aug 20 20:14:18 CEST 2020
Hi,
Just to set expectations, even when you get the REGEX sorted, the lines
appearing in the msgs column will only ever be from the last portion of
the logfile, on a volatile log this will be a maximum of the last 30
minutes but may be even shorter. Hence the duration of any alerts in
the msgs column may be as little as 5 minutes and I have lost count of
the number of times support complained that they got called out by
operations but when they checked Xymon it was all green. I have in the
past needed to create a customised extension to collect (and present)
the data that people wanted to be able to see (in the Xymon page without
visiting each client individually). Fortunately, managing such
extensions centrally is easy with winpsclient.
--
Andy
On 20/08/2020 12:39, Becker Christian wrote:
>
> Hi,
>
> oh yes – that’s a thing that i‘ve totally disregarded.
>
> However, i cannot get any content of the logfile into the msgs column,
> even if i surround the filename with quotes.
>
> Regards
>
> Christian
>
> *Von:* Jeremy Laidman <jeremy at laidman.org>
> *Gesendet:* Mittwoch, 19. August 2020 14:50
> *An:* Becker Christian <christian.becker at rhein-zeitung.net>
> *Cc:* xymon at xymon.com
> *Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring
>
> Christian
>
> I don't think it matters that the pattern is not at the start of the line.
>
> However, I don't think you can have spaces in the filename. Instead
> you should wrap it on double quotes. Perhaps try this:
>
> LOG "C:\Program Files\PATH-TO-LOGFILE\filename.log" "Unable to cancel
> connection to" COLOR=RED
>
> The fact that you're getting the correct filename in the status page
> suggests that the clientlocal.cfg configuration is correct. So is just
> a matter of tweaking the analysis.cfg entry.
>
> I have to admit that I don't use the psclient so I don't have much
> experience to offer.
>
> Cheers
>
> Jeremy
>
> On Wed, 19 Aug 2020, 17:27 Becker Christian,
> <christian.becker at rhein-zeitung.net
> <mailto:christian.becker at rhein-zeitung.net>> wrote:
>
> Jeremy,
>
> Sorry for writing it a bit weird.
>
> As soon as i configure the logfile in client-local.cfg and
> analysis.cfg, it shows up a couple of minutes later in the msgs
> column showing the name oft he logfile only, not it’s content.
>
> The upper line says No entries in C:\Program
> Files\PATH-TO-LOGFILE\filename.log, the second line says Full log
> C:\Program Files\PATH-TO-LOGFILE\filename.log and that’s it.
>
> Now i have configured as described by you by enclosing the pattern
> in quotes:
>
> LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
> cancel connection to" COLOR=RED
>
> After very long time, every now and then (and not on a regular
> basis…) the appropriate line shows up below the line Full log
> C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays
> green, but the pattern is present more than 50 times and it is
> actually written into the logfile.
>
> * Does it matter, that the pattern is *NOT* at the beginning of
> the line of the logfile?? (There are time stamps before the
> pattern and return codes after it….).
>
> Regards and thanks
>
> Christian
>
> *Von:* Jeremy Laidman <jeremy at laidman.org
> <mailto:jeremy at laidman.org>>
> *Gesendet:* Donnerstag, 13. August 2020 01:43
> *An:* Becker Christian <christian.becker at rhein-zeitung.net
> <mailto:christian.becker at rhein-zeitung.net>>
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Betreff:* Re: [Xymon] xymonpsclient (application) logfile monitoring
>
> Hi Christian
>
> Sorry, I'm not sure I understand what you mean. "It seems to me
> that ..." - does that mean: "From reading the docs, it seems to me
> that expected behaviour is..." or: "After the configuration
> changes, it seems to me that actual behaviour is...". It's my
> understanding that adding a LOG entry in analysis.cfg is for
> determining which log lines trigger an alert condition (eg red or
> yellow), but the rest of the log status page is the same - that
> is, it contains all of the log lines from the logfile since the
> last client status message (typically in the last 5 minutes).
>
> The "pattern" is either a string or a regular expression. Your use
> of dots in the pattern suggest that you're expecting it to be a
> regular expression. However, you haven't prefixed it with "%" to
> tell Xymon this is the case. You perhaps want:
>
> LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
> %Unable.to.cancel.connection.to
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309873011&sdata=GPlm7p8nvbI1ahA%2B8cBrndU1Z3HSsAzJS3JYyxp42J0%3D&reserved=0>
> COLOR=RED
>
> If the reason for the regexp is only to match spaces, because you
> don't want the words in the pattern to be treated as different LOG
> keywords, then you might find it easier to just enclose the
> pattern in quotes:
>
> LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to
> cancel connection to" COLOR=RED
>
> Cheers
>
> Jeremy
>
> On Wed, 12 Aug 2020 at 20:46, Becker Christian
> <christian.becker at rhein-zeitung.net
> <mailto:christian.becker at rhein-zeitung.net>> wrote:
>
> Hello to the list,
>
> i need help in setting up logfile monitoring with xymonpsclient.
>
> My setup is a Windows 10 client pc, running xymonpsclient
> v2.42, reporting to a xymon server running xymon 4.3.30.
>
> In the client-local.cfg i have configured the logfile that i
> want to monitor, and an amount of time later, the logfile
> shows up in the msgs column.
>
> After that i configured analysis.cfg to look for a specific
> pattern in this logfile, it seems to me that only the
> appearance of this pattern is displayed in the msgs column,
> but nothing else from this logfile.
>
> In addition tot hat, the msgs column didn’t change to red state.
>
> Here’s the part of my client-local.cfg:
>
> [win10client1]
>
> log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
>
> And here the part of my analysis.cfg:
>
> HOST=win10client1
>
> LOG C:\Program Files\PATH-TO-LOGFILE\filename.log
> Unable.to.cancel.connection.to
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>
> COLOR=RED
>
> With this setup it seems to me that only lines containing this
> pattern Unable.to.cancel.connection.to
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309883003&sdata=mHPxEdUrwEJMVwM4qmF4Fhy5jJBT0UCZ1i1orjy34MY%3D&reserved=0>
> are displayed in the msgs column of win10client1.
>
> Any idea what i’m doing wrong? Or do i understand any basics
> the wrong way?
>
> Regards
>
> Christian
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com <mailto:Xymon at xymon.com>
> http://lists.xymon.com/mailman/listinfo/xymon
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C81abc116f61c4513155e08d8443e7384%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637334382309893002&sdata=idH7gPh5oRQRr3%2BEFt%2B4dfDEel5MxHYPZRPQrEcCES4%3D&reserved=0>
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200820/8bc2ea55/attachment.htm>
More information about the Xymon
mailing list