[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] Limited amount of log data
- To: <hobbit (at) hswn.dk>
- Subject: RE: [hobbit] Limited amount of log data
- From: "Hubbard, Greg L" <greg.hubbard (at) eds.com>
- Date: Thu, 5 Mar 2009 16:36:22 -0600
- References: <OF418CA87C.4D9F4DDD-ON85257570.0078564D-85257570.007973AE (at) faa.gov>
- Thread-index: Acmd3w5tdRuP91XvRwKDo6NnP/AABQAAyn5A
- Thread-topic: [hobbit] Limited amount of log data
The design of the log watching system is to scan a subset of a log for
"bad" things and update the status dot. If it did not have a rolling
"time window" then the status dot would never change after something
ugly got put in the log file. And then the process of reading the log
file (and pumping it to the server) would get slower and slower as the
log file grows. This feature is not designed for log management, but
for helping you watch for things that might appear in the logs on each
host that might require your attention.
You might want to read the documentation -- you have to configure the
rules that define what "bad" means.
GLH
-----Original Message-----
From: ken.schweiker (at) faa.gov [mailto:ken.schweiker (at) faa.gov]
Sent: Thursday, March 05, 2009 4:07 PM
To: hobbit (at) hswn.dk
Subject: [hobbit] Limited amount of log data
Hi,
Trying to set up xymon to capture log data. Once I changed the
permission on the var/log/message file, I got -some- data. I am taking
the defaults with xymon 4.2.3. I might appear that I only get to see the
last 30 minutes of log data. Can this be increased?
Second, why does it say No entries in /var/log/messages.
Thanks.
System logs at Thu Mar 5 17:03:20 EST 2009
No entries in /var/log/messages
Full log /var/log/messages
Mar 5 16:56:00 tcdcpega syslog-ng[1494]: STATS: dropped 0
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk