[Xymon] xymonpsclient (application) logfile monitoring
Becker Christian
christian.becker at rhein-zeitung.net
Wed Oct 21 09:51:14 CEST 2020
Guys,
a lot of time has passed where i have been busy with other things, but today i came back and spent some time with this issue.
I got it managed to get the contents of a logfile displayed in the msgs column AND i got it managed to detect keywords in the column.
The thing is that the name of the logfile must be surrounded with quotes in analysis.cfg (if the path / and / or the filename contains white spaces - not MY findings - thank you Jeremy and Zak!).
Further, the keywords that should be detected must be surrounded by quotes as well.
In client-local.cfg i didn’t use quotes. Probably that was the clue: in client-local.cfg i didn’t need to use quotes but in analysis.cfg.
After playing around with the logfile and waiting minutes over minutes i got the result.
Thanks to the list and stay healthy!
Regards
Christian
Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Andy Smith
Gesendet: Donnerstag, 20. August 2020 20:14
An: xymon at xymon.com
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi,
Just to set expectations, even when you get the REGEX sorted, the lines appearing in the msgs column will only ever be from the last portion of the logfile, on a volatile log this will be a maximum of the last 30 minutes but may be even shorter. Hence the duration of any alerts in the msgs column may be as little as 5 minutes and I have lost count of the number of times support complained that they got called out by operations but when they checked Xymon it was all green. I have in the past needed to create a customised extension to collect (and present) the data that people wanted to be able to see (in the Xymon page without visiting each client individually). Fortunately, managing such extensions centrally is easy with winpsclient.
--
Andy
On 20/08/2020 12:39, Becker Christian wrote:
Hi,
oh yes – that’s a thing that i‘ve totally disregarded.
However, i cannot get any content of the logfile into the msgs column, even if i surround the filename with quotes.
Regards
Christian
Von: Jeremy Laidman <jeremy at laidman.org><mailto:jeremy at laidman.org>
Gesendet: Mittwoch, 19. August 2020 14:50
An: Becker Christian <christian.becker at rhein-zeitung.net><mailto:christian.becker at rhein-zeitung.net>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Christian
I don't think it matters that the pattern is not at the start of the line.
However, I don't think you can have spaces in the filename. Instead you should wrap it on double quotes. Perhaps try this:
LOG "C:\Program Files\PATH-TO-LOGFILE\filename.log" "Unable to cancel connection to" COLOR=RED
The fact that you're getting the correct filename in the status page suggests that the clientlocal.cfg configuration is correct. So is just a matter of tweaking the analysis.cfg entry.
I have to admit that I don't use the psclient so I don't have much experience to offer.
Cheers
Jeremy
On Wed, 19 Aug 2020, 17:27 Becker Christian, <christian.becker at rhein-zeitung.net<mailto:christian.becker at rhein-zeitung.net>> wrote:
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it’s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that’s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis…) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it….).
Regards and thanks
Christian
Von: Jeremy Laidman <jeremy at laidman.org<mailto:jeremy at laidman.org>>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <christian.becker at rhein-zeitung.net<mailto:christian.becker at rhein-zeitung.net>>
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751151059&sdata=TxXQRUqpK8MEfo%2BebrmCvX3ZbQygGoiuma7e6lMthNo%3D&reserved=0> COLOR=RED
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <christian.becker at rhein-zeitung.net<mailto:christian.becker at rhein-zeitung.net>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn’t change to red state.
Here’s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751151059&sdata=TxXQRUqpK8MEfo%2BebrmCvX3ZbQygGoiuma7e6lMthNo%3D&reserved=0> COLOR=RED
With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751161022&sdata=3lXJInPQjf%2F5J9b%2FVMiY2%2Fn5Nkt39c54qvHR5S6XO0E%3D&reserved=0> are displayed in the msgs column of win10client1.
Any idea what i’m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
_______________________________________________
Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>
http://lists.xymon.com/mailman/listinfo/xymon<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751161022&sdata=hwv7dVeNw4U0PhpK8NT8J%2BQLpfgpzzpe8TLrfMFCRtE%3D&reserved=0>
_______________________________________________
Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>
http://lists.xymon.com/mailman/listinfo/xymon<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7Cc0c4389d5c5c41bd317c08d84534e3d5%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C1%7C637335440751170977&sdata=xi6vToFODAmoyMzxYYrDS7n%2B73vlMR4uQCYUqGfyNcQ%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20201021/76c9f8d8/attachment.htm>
More information about the Xymon
mailing list