That's what I figured, after having looked at the analysis.cfg man page multiple times.
If I want to do this, then, I'm going to have to script something to analyze X amount of time and do something if it sees occurrences>=Y and then feed that to Xymon somehow.
Thanks.
Mike Burger http://www.bubbanfriends.org
"It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
You will need tell client-local.cfg which log to gather data from. While you can't specify in the last Y amount of time, you can specify Y amount of data. So if you know your log file writes about 1000 bytes per hour... and you want to look back 4 hours, you would specify in client-local.cfg "log:/var/log/mylogfile:4000" This will return the most recent 4000 bytes worth of data to Xymon.
Your next step is to configure analysis.cfg to tell xymon how to report on that data. If you want xymon to alert if it sees the word "ERROR", your analysis.cfg would have a line in it "LOG /var/log/mylogfile %ERROR"
Look at the analysis.cfg and client-local.cfg man pages for information on the LOG check.
Michael Beatty Sherwin-Williams IT Analyst/Developer michael.beatty at sherwin.com 216-515-7374
On 01/09/2013 03:50 PM, Mike Burger wrote:
I've got a situation at work where we're being tasked with monitoring failed logins. We've got logging and audit file creation in place...what I'm looking for is whether or not there's a way to have Xymon monitor those logs/files to look for X entries/occurrences within Y amount of time.
The requirement is to try to do as much as this programatically as possible without having to resort to scripting or other measures that may be easily countered by a system admin.
Thanks.
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon