From: Jeremy Laidman [mailto:jlaidman at rebel-it.com.au] Sent: 14 March 2014 22:14 To: Neil Simmonds Cc: xymon at xymon.com Subject: Re: [Xymon] Log file monitoring

On 4 March 2014 00:17, Neil Simmonds <neilsimmonds1808 at gmail.com <mailto:neilsimmonds1808 at gmail.com> > wrote:

As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period.

Sure there is. From the client-local.cfg file comments:

"linecount:FILENAME"

Monitor the text-based logfile FILENAME, but just

count the number of times certain expressions appear.

This processes the entire file every time. It must

be followed by one or more lines with

"KEYWORD PATTERN"

KEYWORD identifies this count. You can use any string

except whitespace. PATTERN is a regular expression

that you want to search for in the file.

I use this to monitor the count of "xfer-in" and "xfer-out" messages on my DNS servers. There's already a graphs.cfg definition called [lines] that presents them nicely in a graph.

J

II've just had a chance to look at this and it still doesn't fir my original requirements. I want to count the number of lines matching a regex within a specific time period. So for example I might want to alert if I get 10 warning messages in 30 minutes.

Built in Xymon functionality does not seem to give me a way of doing this.

I'm looking into Simple Event Correlator as suggested by Henrik as a solution for this but it seems a little heavy solution for a simple requirement. I'm hopeful other requirements will occur in the future to justify the time spent on SEC,

Given the fact that once people hear of the capability they'll come up with all sorts of ways of using it, I'm guessing it will get used.

Neil.