Greetings,
I'm monitoring multiple log files on a single syslog server.
I have a syslog server that stores the apache error logs in a server named ‘syslogserver’ looking for the word ‘CurlTransfer’. When xymon finds the word ‘CurlTransfer’ it sends an alert but it alerts that it is coming from ‘syslogserver’ and the guys are complaining that ‘nongreen.html’ is reporting the servername rather than the actual name of the server where the error originated from.
Is there a way if xymon finds the word ‘CurlTransfer’ in ‘/opt/syslogs/Server09/apache2.error.log’, to get it to report in the ‘msgs’ column that it came from ‘Server09’?
Here is my current config for this.
[syslogserver] log:/opt/syslogs/Server09/apache2.error.log:4096 log:/opt/syslogs/Server10/apache2.error.log:4096 log:/opt/syslogs/Server11/apache2.error.log:4096 log:/opt/syslogs/Server12/apache2.error.log:4096 log:/opt/syslogs/Server13/apache2.error.log:4096
I have configured my analysis.cfg with:
HOST= syslogserver LOG /opt/syslogs/Server09/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server10/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server11/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server12/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server13/apache2.error.log CurlTransfer COLOR=red
Thanks in advance.
usaims