I am trying to use the GROUP keyword in a LOG alert to send an e-mail when "Warning" is in a certain log file and it isn't working. Is it possible?
client-local.cfg [acnsvr1-ge1] log:/data/conductor/log/checkExtractDelivery.log:10240
analysis.cfg HOST=acnsvr1-ge1 LOG /data/conductor/log/checkExtractDelivery.log Warning COLOR=red GROUP=checkExtractDelivery
alerts.cfg GROUP=checkExtractDelivery HOST=acnsvr1-ge1 MAIL nick at xxxx.com SERVICE=log COLOR=red
No mail is sent. The server can send e-mails (checked using the same address with mailx).
What does the "group not in include list" Failed message mean?
../bin/xymond_alert --debug --test acnsvr1-ge1 GROUP=checkExtractDelivery 6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/hosts.cfg 6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/alerts.cfg 6485 2012-05-28 17:33:42 Opening file /home/xymon/server/etc/holidays.cfg 6485 2012-05-28 17:33:42 send_alert acnsvr1-ge1:GROUP=checkExtractDelivery state 0 00006485 2012-05-28 17:33:42 send_alert acnsvr1-ge1:GROUP=checkExtractDelivery state Paging 00006485 2012-05-28 17:33:42 Matching host:service:page 'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule line 127 00006485 2012-05-28 17:33:42 Failed 'GROUP=checkExtractDelivery HOST=acnsvr1-ge1' (group not in include list) 00006485 2012-05-28 17:33:42 Matching host:service:page 'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule line 143 00006485 2012-05-28 17:33:42 *** Match with 'HOST=*' *** 6485 2012-05-28 17:33:42 Found a first matching rule 00006485 2012-05-28 17:33:42 Matching host:service:page 'acnsvr1-ge1:GROUP=checkExtractDelivery:QuartetPrCore' against rule line 144 00006485 2012-05-28 17:33:42 *** Match with 'MAIL qtnoc at xxxx.com COLOR=red REPEAT=4h' *** 6485 2012-05-28 17:33:42 repeat acnsvr1-ge1|GROUP=checkExtractDelivery|mail|qtnoc at xxxx.com at 0 6485 2012-05-28 17:33:42 Alert for acnsvr1-ge1:GROUP=checkExtractDelivery to qtnoc at xxxx.com 00006485 2012-05-28 17:33:42 Mail alert with command '/var/spool/mail/root "Xymon [12345] acnsvr1-ge1:GROUP=checkExtractDelivery CRITICAL (RED)" qtnoc at xxxx.com' 6485 2012-05-28 17:33:42 No more secondary matching rule
Regards,
Nick Pettefar