Hello everybody,
i?m writing this to the list because I?m screwed up with my thoughts, probably because I?ve done too much config tests for today?..
Hope I can describe my situation good enough.
I?ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7. Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages ? that?s working.
What I want to achieve:
- For ALL of them, I want to have the ?msgs? column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
- In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the ?msgs? column, and I want to monitor those application specific logfiles for keywords too.
- In further addition to the above, I want to have EACH ?files? column filled with the files that are monitored in the ?msgs? column per server.
Actually I?m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules. That makes my crazy.
My thought was to have a class configured in client-local.cfg which is: [linux] file:/var/log/messages file:/var/log/ntp log:/var/log/messages:10240 ignore MARK
For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this ?over-controls? the class entry from above?.): [dvst-1] file:/var/log/messages file:/var/log/ntp file:/data/monitor/checkppi.log log:/data/monitor/checkppi.log:10240 log:/var/log/messages:10240 ignore MARK
This section is BELOW the class [linux] section, if that matters?
Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.
To make the thing complete and to have more confusion, I have these entries in analysis.cfg: Example of a server specific entry: HOST=dvst-1 DISK /data 97 98 PROC "mysqld " PROC "mysqld_safe" PROC "httpd2-prefork" 1 PROC "smbd? PROC "caagentd" LOG /data/monitor/checkppi.log OutOfMemory COLOR=red
Finally a DEFAULT section (at the end of the file): DEFAULT # These are the built-in defaults. DISK * 90 95 MEMSWAP 80 90 MEMACT 90 97 FILE /var/log/ntp SIZE>0 FILE /var/log/messages LOG /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red LOG /var/log/messages %Remounting.filesystem.read-only COLOR=red LOG /var/log/messages There.are.errors.in.the.filesystem COLOR=red
The problem is, that I cannot see data from the configured logfiles in the affected ?msgs? columns. For some logfile entries I get parse errors and I don?t know exactly the reason behind this. All of the configured logfiles are present on the affected servers, there they are readable and filled with data.
Does anybody have a real good description of the best way to get the ?msgs? column populated with data? Of the ?playing together? and the right order of entries in the config-files?
Hope anybody can follow my thoughts ?
Regards Christian