[xymon] ignore certain things in a log file

Lennon, Padraig Padraig.Lennon at pioneerinvestments.com
Fri Aug 27 18:19:58 CEST 2010 

You should not have the percentage % before the log file name and don't
use brackets...
 
LOG %/var/adm/messages IGNORE=%(ID 107833|corrupt label|wrong magic
number)
 
should read 
 
LOG /var/adm/messages IGNORE=%ID 107833|corrupt label|wrong magic number
 
 
 
 

Padraig Lennon 
Senior Systems Integration Engineer 

Pioneer Investments Management Ltd 
5th Floor |Georges Quay Plaza | Georges Quay | Dublin 2 | Rep. of
Ireland 
Tel.  +353 (0)1 480.2081 

padraig.lennon at pioneerinvestments.com
<mailto:firstname.surname at pioneerinvestments.com>  |
www.pioneerinvestments.com <http://www.pioneerinvestments.com/>  

Please consider the environment before printing this e-mail 

 

________________________________

From: Kevin Kelly [mailto:kkelly at lifetouch.com] 
Sent: 27 August 2010 16:50
To: xymon at xymon.com
Subject: RE: [xymon] ignore certain things in a log file



Having no luck in ignoring the following messages from /var/adm/messages

 

Aug 27 10:43:35 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING:
/pci at 7c0/pci at 0/pci at 9/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723700,0 (ssd3):

Aug 27 10:43:36 testserver Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING:
/pci at 7c0/pci at 0/pci at 9/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723700,0 (ssd3):

Aug 27 10:43:36 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING:
/pci at 7c0/pci at 0/pci at 8/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723710,1 (ssd0):

Aug 27 10:43:36 testserver    Corrupt label; wrong magic number

Aug 27 10:43:36 testserver scsi: [ID 107833 kern.warning] WARNING:
/pci at 7c0/pci at 0/pci at 8/SUNW,qlc at 0/fp at 0,0/ssd at w50060e8

005723710,1 (ssd0):

 

 

Have I tried the following:

LOG     %/var/adm/messages kern "IGNORE=%(corrupt label|wrong magic
number)"

 

LOG %/var/adm/messages %kern IGNORE=%(ID 107833|corrupt label|wrong
magic number)

 

LOG %/var/adm/messages %kern IGNORE=%ID 107833|corrupt label|wrong magic
number

 

LOG %/var/adm/messages IGNORE=%(ID 107833|corrupt label|wrong magic
number)

 

Any suggestions?

 

 

From: Matthew Moldvan [mailto:mmoldvan at csc.com] 
Sent: Thursday, August 26, 2010 11:06 AM
To: xymon at xymon.com
Subject: Re: [xymon] ignore certain things in a log file

 

I think (someone correct me if I'm wrong) you might need the line to
match to first, then what you'd like to ignore afterward.  Our ignore
rules, which I believe work (notice the double quotes, the ?i is case
insensitive): 

        LOG /var/adm/messages \ 
                %(?i)ERROR \ 
                "IGNORE=%(?i)(nres_gethostbyaddr|simple bind failed -
Invalid credentials|please upgrade FCSM|WARNING|NOTICE|fctl|FCSM|SRS
Proxy|xrx8825tlh2|ImportAcsError|AcsError|File \{.*\}, error 2|No such
file or directory|ViewMgr|Bad file format|Exec call for
FormTek|cache_trif_image|UserQry|DESKTOP_EDMOSRV.STARTUP|Error Level:
Informational|sshd.*Authentication failed
for|DESKTOP_EDMOSRV.STARTUP.*local0.error|httpd.*(modsecurity|password))
" 

Spaces are okay.  For any rules you'd like to test, you can use the
pcretool command (available on my CentOS box, maybe not in your
environment).  Syntax is as follows: 

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006 

  re> /(corrupt label|wrong magic number)/ 
data> corrupt 
No match 
data> corrupt label 
 0: corrupt label 
 1: corrupt label 
data> wrong magic number 
 0: wrong magic number 
 1: wrong magic number 

Or for a case insensitive match: 

-bash-3.2$ pcretest 
PCRE version 6.6 06-Feb-2006 

  re> /(?i)(corrupt label|wrong magic number)/ 
data> Corrupt label 
 0: Corrupt label 
 1: Corrupt label 
data> corrupt label 
 0: corrupt label 
 1: corrupt label 
data> asdf 
No match 
data> WRONG MAGIC NUMBER 
 0: WRONG MAGIC NUMBER 
 1: WRONG MAGIC NUMBER 
data> wrong magic number 
 0: wrong magic number 
 1: wrong magic number 

Good luck, hope that helps, 
Matt. 

Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC
to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of
e-mail for such purpose. 



From: 

"Kevin Kelly" <kkelly at lifetouch.com> 

To: 

<xymon at xymon.com> 

Date: 

08/26/2010 10:52 AM 

Subject: 

[xymon] ignore certain things in a log file

 

________________________________




Could somebody tell me why this won't work? 
  
HOST=testserver 
        LOG     %/var/adm/messages kern "IGNORE=%(corrupt label|wrong
magic number)" 
  
Trying to ignore all lines in the messages file that contain those key
words. 
  
Thanks 
  
Kevin 
  


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_____________________________________________________________________
This is an e-mail from General Dynamics Land Systems. It is for the
intended recipient only and may contain confidential and privileged
information. No one else may read, print, store, copy, forward or act in
reliance on it or its attachments. If you are not the intended
recipient, please return this message to the sender and delete the
message and any attachments from your computer. Your cooperation is
appreciated. 


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
_____________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100827/e53ef94a/attachment.html>
-------------- next part --------------



"The information in this e-mail and in any attachments is confidential and intended solely 
for the attention and use of the named addressee(s). This information may be subject to legal, 
professional or other privilege and further distribution of it is strictly prohibited without 
our authority. If you are not the intended recipient, you are not authorised to and must not 
disclose, copy, distribute, or retain this message or any part of it, and should notify us 
immediately.

This footnote also confirms that this email has been automatically scanned for the presence 
of computer viruses, profanities and certain file types."

Pioneer Investment Management Limited.

1 George’s Quay Plaza, George’s Quay, Dublin 2, Ireland. 

Registered in Ireland no. 287793.

More information about the Xymon mailing list