[Xymon] xymonpsclient (application) logfile monitoring
Becker Christian
christian.becker at rhein-zeitung.net
Wed Aug 19 09:27:21 CEST 2020
Jeremy,
Sorry for writing it a bit weird.
As soon as i configure the logfile in client-local.cfg and analysis.cfg, it shows up a couple of minutes later in the msgs column showing the name oft he logfile only, not it’s content.
The upper line says No entries in C:\Program Files\PATH-TO-LOGFILE\filename.log, the second line says Full log C:\Program Files\PATH-TO-LOGFILE\filename.log and that’s it.
Now i have configured as described by you by enclosing the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
After very long time, every now and then (and not on a regular basis…) the appropriate line shows up below the line Full log C:\Program Files\PATH-TO-LOGFILE\filename.log but the test stays green, but the pattern is present more than 50 times and it is actually written into the logfile.
* Does it matter, that the pattern is NOT at the beginning of the line of the logfile?? (There are time stamps before the pattern and return codes after it….).
Regards and thanks
Christian
Von: Jeremy Laidman <jeremy at laidman.org>
Gesendet: Donnerstag, 13. August 2020 01:43
An: Becker Christian <christian.becker at rhein-zeitung.net>
Cc: xymon at xymon.com
Betreff: Re: [Xymon] xymonpsclient (application) logfile monitoring
Hi Christian
Sorry, I'm not sure I understand what you mean. "It seems to me that ..." - does that mean: "From reading the docs, it seems to me that expected behaviour is..." or: "After the configuration changes, it seems to me that actual behaviour is...". It's my understanding that adding a LOG entry in analysis.cfg is for determining which log lines trigger an alert condition (eg red or yellow), but the rest of the log status page is the same - that is, it contains all of the log lines from the logfile since the last client status message (typically in the last 5 minutes).
The "pattern" is either a string or a regular expression. Your use of dots in the pattern suggest that you're expecting it to be a regular expression. However, you haven't prefixed it with "%" to tell Xymon this is the case. You perhaps want:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log %Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0> COLOR=RED
If the reason for the regexp is only to match spaces, because you don't want the words in the pattern to be treated as different LOG keywords, then you might find it easier to just enclose the pattern in quotes:
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log "Unable to cancel connection to" COLOR=RED
Cheers
Jeremy
On Wed, 12 Aug 2020 at 20:46, Becker Christian <christian.becker at rhein-zeitung.net<mailto:christian.becker at rhein-zeitung.net>> wrote:
Hello to the list,
i need help in setting up logfile monitoring with xymonpsclient.
My setup is a Windows 10 client pc, running xymonpsclient v2.42, reporting to a xymon server running xymon 4.3.30.
In the client-local.cfg i have configured the logfile that i want to monitor, and an amount of time later, the logfile shows up in the msgs column.
After that i configured analysis.cfg to look for a specific pattern in this logfile, it seems to me that only the appearance of this pattern is displayed in the msgs column, but nothing else from this logfile.
In addition tot hat, the msgs column didn’t change to red state.
Here’s the part of my client-local.cfg:
[win10client1]
log:C:\Program Files\PATH-TO-LOGFILE\filename.log:153600
And here the part of my analysis.cfg:
HOST=win10client1
LOG C:\Program Files\PATH-TO-LOGFILE\filename.log Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826273741&sdata=H1Bn0g3yozkqDOrWyIMEdTMlOiIyGV0L37eXQjLmyWE%3D&reserved=0> COLOR=RED
With this setup it seems to me that only lines containing this pattern Unable.to.cancel.connection.to<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Funable.to.cancel.connection.to%2F&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826283696&sdata=C%2FrRN9NdzIR1Vk9UNKVWmD6AySz8TX5gzTDYiIM706c%3D&reserved=0> are displayed in the msgs column of win10client1.
Any idea what i’m doing wrong? Or do i understand any basics the wrong way?
Regards
Christian
_______________________________________________
Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>
http://lists.xymon.com/mailman/listinfo/xymon<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.xymon.com%2Fmailman%2Flistinfo%2Fxymon&data=02%7C01%7Cchristian.becker%40rhein-zeitung.net%7C40afbdde9df94afee73708d83f1971c1%7C4fed923898bc4f3b96450b99f4d1b669%7C0%7C0%7C637328725826283696&sdata=JdJoBZV2MI5%2B7Bm8YC0a8k4zxfCKpBlF%2FldnZOyZTKE%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200819/c6f1d2f1/attachment.htm>
More information about the Xymon
mailing list