[Xymon] Serial alarm feeds

Jeremy Laidman jlaidman at rebel-it.com.au
Tue Aug 27 23:23:06 CEST 2013


On 28 August 2013 06:51, KING, KEVIN <KK1051 at att.com> wrote:

>  I did get log fetch to work with your script, sorta. I added the file in
> the script to collect and it collects it and posts it to the message column
>

Good.


>  but of course it is not processed for alerts, Just collected.
>

So it just needs an entry in analysis.cfg?

****
>
> I added this to the xymonclient-linux.sh that I use for the hosts I use
> your script for. Hmmm If I get this other log fetch working I might be able
> to smash your script with this and make that work.  Ok better stick to one
> thing at a time.
>

Always.


> echo "[msgs:/var/log/messages]"
>
> tail -c 10240 /var/log/messages | egrep -v MARK****
>
> echo "[msgs:/var/TKLC/log/syscheck/fail_log]"****
>
> tail -c 10240 /var/TKLC/log/syscheck/fail_log
>

Well this works, in as much as you'll get message lines in your client
data, but you'll end up with repeated and skipped messages.  So if you
alert on the text "WARNING" and it appears in the log, sure you'll get an
alert. But if the log gets less than 10k of data appended throughout the
day, Xymon will repeat the alert all day.  Or if, between one sample and
the next, the "WARNING" message and then 10k of log data is added, the
second sample won't see the matching message because it always gets the
last 10k.

These issues are dealt with by the logfetch utility.  It keeps state so
that it (generally) gives out each log message line exactly once - none is
missed and none is repeated.

You can handle this yourself, by keeping state of the size of the log file
you're watching, and always tailing what's after that size.  You also have
to detect and handle log rotation.  Doable, but lots of trouble.  If you
can get logfetch to work, then why not use it.  Especially as it can give
you your (its) config file from client-local.cfg to boot.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130828/e1942a65/attachment.html>


More information about the Xymon mailing list