[Xymon] monitoring contents of a logfile with a daily changing filename

Ian Diddams didds3 at yahoo.co.uk
Thu Aug 16 16:57:08 CEST 2018


 well...


Ive really no idea what is happenbing now!

NOW the GUI page shows

No entries in /var/log/messagesNo entries in /var/log/messages-20180816.log
No entries in /var/log/maillog
No entries in /var/log/secure

Full log /var/log/messages
Full log /var/log/messages-20180816.log
<...CURRENT...>DIDDSFull log /var/log/maillog
Full log /var/log/secure

i.e. it IS showing the contents of messages-20180816.log.  So 

1) it knows about the correct log
2) it has the log files contents
but
3) it is failing to note that it contains the trigger word.

Summary:

server side client-local.cfg :   log:`find /var/log -maxdepth 1 -type f -name messages-\*.log`:10240server side analysis.cfg :       LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow
servier side must work because it worked for the sijmple test again /var/log/messages
didds


    On Thursday, 16 August 2018, 15:49:07 BST, Ian Diddams <didds3 at yahoo.co.uk> wrote:  
 
  further to the below...


form the analysis.cfg man page:


LOG logfilename pattern [COLOR=color] [IGNORE=excludepattern] [OPTIONAL]

...
"logfilename" is the name of the logfile. Only logentries from this filename will be matched against this rule. Note that "logfilename" can be a regular expression (if prefixed with a '%' character). 

as below the entry for the client in analysis.cfg on the server is
 LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow

so IS prefixed by a %
and the proof thyat this isn;t picking up the contents of the requisite log file is because the GUI page line
Full log /var/log/messages-20180816.log

does not have 
<...CURRENT...>DIDDS
below it - as my test for plain /var/log/messages does.
didds

    On Thursday, 16 August 2018, 15:40:44 BST, Ian Diddams via Xymon <xymon at xymon.com> wrote:  
 
  Ok - another angle.  I feel I am SO close.
so I have a cleint with message logs with filename format
/var/log/messages-YYYYMMDD.log
It contains a trigger word DIDDS
client-local.cfg on the xymon SERVER contains

[linux]log:/var/log/messages:10240log:`find /var/log -maxdepth 1 -type f -name messages-\*.log`:10240log:/var/log/maillog:10240
log:/var/log/secure:10240ignore MARK

The client's msgs GUI page shows

No entries in /var/log/messagesNo entries in /var/log/messages-20180816.log
No entries in /var/log/maillog
No entries in /var/log/secure


Full log /var/log/messagesFull log /var/log/messages-20180816.log
Full log /var/log/maillog
Full log /var/log/secure


ie it can find/knows about that respective messages file.

However...

in analysis.cfg, for the respective client this line
 LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow

doesn't flag anything - even if the string DIDDS is in that messages-20180816.log file ..
hence the line in the GUI
No entries in /var/log/messages-20180816.log


SO CLOSE.

what am I missing here?



Because if I merely use
LOG %/var/log/messages "DIDDS"  COLOR=yellow
with DIDDS within /var/log/messages  it goes yellow almost immediately.
???
didds




_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20180816/652ae824/attachment.html>


More information about the Xymon mailing list