[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Messages file not reporting
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Messages file not reporting
- From: Ralph Mitchell <ralphmitchell (at) gmail.com>
- Date: Fri, 3 Feb 2006 10:21:04 -0600
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=U74SQ4spB5KVCG/XoHSqp3yS/iVCN9O+viTk7C/4vRW3YSddWx5HsatP7B+SYXg9cd7LOcP9rlgPn7jJC0wFLBn/C57U5zURvLvPfhiHYPgI8NVqkGT5dvWySNwaYUmbKUZQpxhHrx0lOIwGpZZrbGJGLrrIkAXMaAvN24gFqdg=
- References: <OF264DE60D.2AE1DA56-ON8525710A.004A3996-8525710A.004B4386@dana.com> <1138982136.24698.11.camel@aine.hq.openratings.com>
One thing to watch out for would be multi-line log messages. I don't know
about Linux, but Solaris certainly reports some device messages with WARNING
or ERROR on the first line, and the actual device on the next line with more
information. Where I work, the jokers that set up CA Unicenter made it
detect WARNING & ERROR and had the agent send "Disk error" messages to the
console, and never mind that the device was /dev/st0 (scsi *tape*) and it
just wanted cleaning, or a fresh tape...
I seem to recall that the second and subsequent lines were indented a couple
of spaces. Kinda like Linux seems to do, such as in the lines right after:
BIOS-provided physical RAM map:
and several other places in the boot messages.
Ralph Mitchell
On 2/3/06, Edward Croft <ecroft (at) openratings.com> wrote:
>
> Yes, Linux based. I will have to look into what you are doing. I am
> wondering if maybe a grep on the log file with the expression "WARNING"
> would return only those warnings. Then bump up against the timestamp to see
> if it is old. Beyond an hour, ignore it. This would give me the alert and
> then I could shut it off and it would go past the time stamp. Big Brother
> gave you a file to show for each machine what you were looking to alert on.
> Thanks for giving me a direction to go.
>
> On Fri, 2006-02-03 at 08:41 -0500, Allan.Marillier (at) dana.com wrote:
>
>
> Hi Edward - I understand your frustration - I've been through the same
> things myself, and also initially not found the FAQ indicating that syslog
> monitoring is not yet supported. I believe that Henrik is making it a
> priority since so many of us are asking for it but there is no news yet or
> commitment from him on when it will be available.
>
> I searched deadcat.net and didn't find anything that looked worth using to
> me, but I may have missed it. One thing I have been working on, but I've had
> a few problems, is writing a custom extension. The extension itself is very
> easy to do - e.g. I have written two for my Linux servers, one to run some
> sql code to attach to an Oracle instance and report green if it is up or red
> if it is down, and another to check LAN adapter settings and turn yellow if
> it is not set to 100Mb full duplex. I have been working on a syslog monitor
> which looks at /var/log/messages, checks the inode to be sure logrotate has
> not run, and then uses tail to parse the last n lines. I determine n by
> checking how many lines are in the file with wc and recording that to a file
> on disk, then later come back and do the same again. If the inode is the
> same, and wc -l returned 1000 but now returns 1057, then I do tail -n 57
> /var/log/messages | grep -i error and look for any problems.
>
> The problem I've encountered is that sometimes the inode changes. Yes, it
> really does and I'm not crazy, give it a try on Linux. Copy
> /var/log/messages, then ls -al -i the copy. Edit it with vi, even if all you
> do is open, then write and quit with no actual changes, and more often than
> not, the inode will change. I don't understand it. If I can get this working
> I'd be happy to share my custom extension with you - or maybe you will have
> some ideas on a different and more robust approach.
>
> I'm assuming of course that you're Unix/Linux based, which is not always a
> good assumption!
>
>
>
>
> *Edward Croft <ecroft (at) openratings.com>*
>
> 02/02/2006 05:16 PM
> Please respond to
>
> hobbit (at) hswn.dk
>
>
>
>
> To
> hobbit (at) hswn.dk cc
>
> Subject
> Re: [hobbit] Messages file not reporting
>
>
>
>
>
>
>
> On Thu, 2006-02-02 at 22:31 +0100, Etienne Roulland wrote:
>
> Edward Croft wrote:
> > Why thank you. I did find the one line:
> > It does not currently provide any data for the system-log "msgs" column.
> >
> > That is all it says. Does not currently. Sooooo when can it be
> > expected, if ever?
> > This one thing prevents me from using it as the programs that monitor
> > our systems
> > write warnings into the log file which currently gets picked up by big
> > brother and an
> > alert sent.
>
>
> You can use external script from *http://www.deadcat.net/*to monitor your
> logfiles.
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> *hobbit-unsubscribe (at) hswn.dk*
>
>
>
>
> *Thank you. I appreciate your response.*
>
> --
> Edward M. Croft
> Sr. Systems Engineer
> Open Ratings, Inc.
> 200 West Street
> Waltham, MA 02451-1121
>
>
>
>
>
> **********************************************************************************
> *This e-mail, and any attachments, is intended solely for use by the *
> *addressee(s) named above. It may contain the confidential or *
> *proprietary information of Dana Corporation, its subsidiaries, *
> *affiliates or business partners. If you are not the intended recipient *
> *of this e-mail or are an unauthorized recipient of the information, you *
> *are hereby notified that any dissemination, distribution or copying *
> *of this e-mail or any attachments, is strictly prohibited. If you have *
> *received this e-mail in error, please immediately notify the sender *
> *by reply e-mail and permanently delete the original and any copies *
> *or printouts.*
>
> *Computer viruses can be transmitted via email. The *
> *recipient should check this e-mail and any attachments for the *
> *presence of viruses. Dana Corporation accepts no liability for any *
> *damage caused by any virus transmitted by this e-mail. *
>
> *English, Francais, Espanol, Deutsch, Italiano, Portugues:*
> *http://www.dana.com/overview/EmailDisclaimer.shtm*
>
> **********************************************************************************
>
> *-- *
>
> *This message has been scanned for viruses and*
>
> *dangerous content by*
> *MailScanner <http://www.mailscanner.info/>**, and is*
>
> *believed to be clean.*
>
> --
> Edward M. Croft
> Sr. Systems Engineer
> Open Ratings, Inc.
> 200 West Street
> Waltham, MA 02451-1121
>
>