[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] client-local.cfg? feature request?

Henrik Stoerner wrote:
On Fri, May 12, 2006 at 02:21:27AM +0000, David Gore wrote:
Are there plans to support regular expressions in the client-local.cfg for hostname, log, file, ignore, and trigger?

"hostname" is not used in client-local.cfg

I should have been more specific, I am talking about the hostname in the brackets in client-local.cfg:

[myhost]

Just like you may monitor the same log or files for an OS, you may do the same for tens of hosts, so you may want something like this in client-local.cfg?

HOST=%someHosts[0-9]+ 
"log" and "file" : No, use the script-method to get those filenames
(more below).

"ignore" and "trigger": The strings you put into the client-local.cfg
are regular expressions.

Ok, we have spent quite a bit of testing. Perhaps if there were more complex examples in the documents we could reduce our test time. Sometimes we are not sure where, or if we should use double quotes around a regular expression, or if the order of the parameters is important. For example will this work:

FILE "mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.*" mtime>300 yellow

or

FILE "mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.*" yellow mtime>300

or both (I think only the one with the color immediately after the file works)?


We thought putting double quotes around "TEXT=The Server Process" was odd. We would have expected TEXT="The Server Process". Should there be more consistency between the config files? Perhaps something like this:

client-local.cfg:

HOST=%[AB]host[1-4]
FILE "mci-nornxdb05.SNMP_COMMUNITY.public.nxg21:SIG_SNMP.`date +%Y%b%d`" # entry is incorrect
LOG /export/home/netx/Log/LOG.database:10240

hobbit-clients.cfg:

HOST=%site[AB]host[1-4]
PROC "%/usr/sbin/syslogd" "TEXT=syslogd" 1 1
PROC hobbitlaunch "TEXT=Hobbit Client <a href=http://our.site/help.html>help</a>" 1 2 yellow
LOG /some/path/Log/LOG.database "%(?-i)ORA-" yellow
DISK / 93 97
LOAD 6.0 12.0
FILE "mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.*" mtime>300 yellow

It is not clear what support there is for regular expressions, perhaps it is already there for ignore, and trigger, but not log, file or the hostname?

Exactly.

I am not sure I can do this:

file:"mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.`date +%Y%b%d`"

No, you cannot combine it like that. Use a command to generate the full
filename.

But let's assume I can or even that the whole file name has to be a command in back ticks. Do you then put the exact same back ticked string in hobbit-clients.cfg?

FILE "mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.`date +%Y%b%d`" mtime>900 yellow

No.

The way it works is that the client decides what the actual filenames
are (the Hobbit server cannot do that, because it depends on client-side
data - e.g. what's the output from a command you run on the client).
So the client sends some real filenames back to the server, and those
filenames are then matched against the expressions in hobbit-clients.cfg.

So in your case, client-local.cfg would be 

   file:`/usr/local/bin/list_snmp_logs`

and hobbit-clients.cfg could be

   LOG %mci-nornxdb0[1-6].SNMP_COMMUNITY.public.nxg21:SIG_SNMP.*


Ok, fantastic, thank you! 
Regards,
Henrik


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk