RHEL 6.9 and RHEL 7.4 Xymon v4.3.28

This may be documented somewhere and I'm just not able to find it. But is there a way to force logfetch to only scan complete lines and discard any partials it might retrieve based on the MAXCHECK setting?

I've been getting quite a few alerts on highly active systems where the offending line would normally be excluded due to the first part of a search that is missing.

A simple example, I want to ignore the alert triggers for /var/log/messages where the system name is test-system and :\sheader\ssubject: is also in the line. Since test-system comes right after the date/time stamp, that causes the ignore check to not work if test-system is not retrieved by logfetch.

analysis.cfg

Red alert on CRITICAL or ERROR or SERIOUS (with exceptions)

LOG %.* %(?-i)CRITICAL|ERROR|SERIOUS COLOR=red IGNORE=%(?-i)test-system.*:\sheader\ssubject:

I've tried adjusting the MAXCHECK setting but it didn't make a difference one way or the other.

client-local.cfg

log:/var/log/messages:10240 # 10KB default log:/var/log/messages:1024000 # 1MB

Thanks.

Larry D. Bonham

Financial Network Inc. 10401-F Baur Olivette, MO 63132

(314) 400-9412 voice (314) 997-5647 fax

CONFIDENTIALITY NOTICE: This electronic mail message is intended exclusively for recipient to which it is addressed. The contents of this message and any attachments may contain confidential and privileged information. Any unauthorized review, use, print, storage, copy, disclosure or distribution is strictly prohibited. If you have received this message in error, please advise the sender immediately by replying to the message's sender and delete all copies of this message and its attachments without disclosing the contents to anyone, or using the contents for any purpose.