[xymon] Re: Ignoring strings in event logs
Henrik Størner
henrik at hswn.dk
Tue Oct 5 08:00:56 CEST 2010
Hi Colin,
On Tue, 05 Oct 2010 11:33:04 +0800 Colin Coe wrote:
> On Tue, Oct 5, 2010 at 11:00 AM, Josh Luthman
> <josh at imaginenetworksllc.com> wrote:
>> Are you sure your Windows clients are set for centralized
>> configuration? They may be sending green/red instead of the data for
>> the server to decide.
>
> After setting BBWin to be in central mode on a few test machines,
> hobbitd_client crashes and does not restart.
as Josh pointed out, the Windows client (BBWin) must be running in
centralized configuration if you want to be able to do the configuration
on the Xymon server. So an alternative solution could be to configure
this on the client side, in BBWin.cfg, if you continue to run the BBWin
client in local mode.
I haven't tried playing with the centralized version of BBWin, so
I had a look at the client to see how it works. It seems that the
eventlog-configuration on the server uses "eventlog_LOGNAME" as
the 'filename' in LOG configurations. So your config with
LOG eventlog:Security %failure.* COLOR=yellow
LOG eventlog:Application %warning.* COLOR=yellow
LOG eventlog:System %error.* COLOR=yellow
should be
LOG eventlog_Security %failure COLOR=yellow
LOG eventlog_Application %warning COLOR=yellow
LOG eventlog_System %error COLOR=yellow
(a '.*' at the end of a pattern is superfluous).
However, this entry looks suspicious, and might be the one that causes
hobbitd_client to crash:
LOG %.* %error -.* COLOR=yellow
That "-.*" looks out of place. Is there a space in front of it that
shouldn't be there ?
Try these changes for a start to see if the log entries get matched
and trigger a yellow status for "msgs". Then you can add the IGNORE
setting afterwards and see what needs to be done for that to work.
Regards,
Henrik
More information about the Xymon
mailing list