[Xymon] LOG alert with GROUP?

Nick Pettefar Nick at Pettefar.com
Mon May 28 18:39:27 CEST 2012 

I am trying to use the GROUP keyword in a LOG alert to send an e-mail
when "Warning" is in a certain log file and it isn't working.  Is it
possible?

client-local.cfg
[acnsvr1-ge1]
log:/data/conductor/log/checkExtractDelivery.log:10240

analysis.cfg
HOST=acnsvr1-ge1
        LOG     /data/conductor/log/checkExtractDelivery.log Warning
COLOR=red GROUP=checkExtractDelivery

alerts.cfg
GROUP=checkExtractDelivery HOST=acnsvr1-ge1
MAIL nick at xxxx.com SERVICE=log COLOR=red


No mail is sent.  The server can send e-mails (checked using the same
address with mailx).

What does the "group not in include list" Failed message mean?

../bin/xymond_alert --debug --test acnsvr1-ge1 GROUP=checkExtractDelivery
6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/hosts.cfg
6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/alerts.cfg
6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/holidays.cfg
6485 2012-05-28 17:33:42 send_alert
acnsvr1-ge1:GROUP=checkExtractDelivery state 0
00006485 2012-05-28 17:33:42 send_alert
acnsvr1-ge1:GROUP=checkExtractDelivery state Paging
00006485 2012-05-28 17:33:42 Matching host:service:page
'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule
line 127
00006485 2012-05-28 17:33:42 Failed 'GROUP=checkExtractDelivery
HOST=acnsvr1-ge1' (group not in include list)
00006485 2012-05-28 17:33:42 Matching host:service:page
'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule
line 143
00006485 2012-05-28 17:33:42 *** Match with 'HOST=*' ***
6485 2012-05-28 17:33:42 Found a first matching rule
00006485 2012-05-28 17:33:42 Matching host:service:page
'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule
line 144
00006485 2012-05-28 17:33:42 *** Match with 'MAIL   qtnoc at xxxx.com
COLOR=red REPEAT=4h' ***
6485 2012-05-28 17:33:42   repeat
acnsvr1-ge1|GROUP=checkExtractDelivery|mail|qtnoc at xxxx.com at 0
6485 2012-05-28 17:33:42   Alert for
acnsvr1-ge1:GROUP=checkExtractDelivery to qtnoc at xxxx.com
00006485 2012-05-28 17:33:42 Mail alert with command
'/var/spool/mail/root "Xymon [12345]
acnsvr1-ge1:GROUP=checkExtractDelivery CRITICAL (RED)" qtnoc at xxxx.com'
6485 2012-05-28 17:33:42 No more secondary matching rule

Regards,

Nick Pettefar

More information about the Xymon mailing list