[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Help with ignoring certain syslog messages.
- To: hobbit (at) hswn.dk
- Subject: Help with ignoring certain syslog messages.
- From: jasoneh (at) bigstring.com
- Date: Wed, 17 Mar 2010 12:37:32 -0400
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=bigstring.com; h=date:to :from:subject:message-id:mime-version:content-type; s=bs1; bh=S9 KAFCHjcdBaFuNkXUuiAKXaS0U=; b=l5431uJgKumC3whfAwpxiAuwnREopvsYvP 5dxDkf4iphiGMQdbXi8WoMart3NOUlR3ToncVTmaRc/Q39a30uso0sq82VVPt5z6 uH07mdoItdD/vzdK5Jii4Vki+mrCNTzTLMmDSDhu4W/mYmw/BZjJ0xIlw9tx3NMR I09UFfIZ8=
- Domainkey-signature: a=rsa-sha1; c=simple; d=bigstring.com; h=date:to :from:subject:message-id:mime-version:content-type; q=dns; s=bs1; b= bY93RSOz5YMn/BaqKX8uSA289aG90am+AXecPM6B9qnA9cypXVzVj0AS0jxSD+sp peJjDlfIFPSQO01f4nJTre4/s4dJa/BSHc6OOq6pLKlHBbeNKG57CT7jVGy2KNu7 w43q4hmUGnFSLasxvxf9I82qm1ZAXKUTzbwLCLx2yQA=
I'm trying to turn the messages test red when "NOTICE" is in a syslog message, but not when "Charged or "Backup initiated" is also present in the message. The config I'm using does ignore the "Backup initiated" messages, but not the "Charged" ones. Can someone give me some hints on how to can handle this situation?
Here is the message I'm trying to ignore: "Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010) {Unique ID#: 09ecee}"
In hobbit-clients.cfg I have this: LOG %.* NOTICE COLOR=red "IGNORE=%(Charged|Backup initiated)"
When I run "hobbitd_client --test" to test the config, it shows that message would report as green.
# hobbitd_client --testHostname (.=end, ?=dump, !=reload) []: sycamore.example.comHosttype []: SunOSTest (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010) log line: Log status is green
Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 10 22:36:17 sycamore vmtape: [ID 428768 kern.notice] Backup initiated: Compression(none)Encryption(none)log line: Log status is green
Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: NOTICE: testing noticelog line: Log status is red
&red NOTICE: testing notice
Thanks,
Jason
<img src="http://www.bigstring.com/refer.php?img=68"; width="1" height="1">Start making money with PeopleString!