Hello all,

this seems like a big text, but it might be a short reading and understanding.....

I'm wondering if the following is either a bug, a config error or my missunderstanding.

We are running Xymon 4.3.11. We have a couple of Linux servers running several distributions of Linux OS, but all containing Xymon 4.3.11 and above; installed as client. On our Xymon server, we have the following DEFAULT section in analysis.cfg:

DEFAULT

These are the built-in defaults.

    UP      3
    CLOCK   60
    LOAD    5.0 10.0
    DISK    * 90 95
    MEMPHYS 100 101
    MEMSWAP 80 90
    MEMACT  90 97
    FILE    /var/log/ntp SIZE>0
    FILE    %/var/(adm|log)/messages
    LOG     %/var/(adm|log)/messages WARNING IGNORE=%(smbd|STORVSC:*.WARNING\!|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport) COLOR=yellow
    LOG     %/var/(adm|log)/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red
    LOG     %/var/(adm|log)/messages ERROR IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport) COLOR=red
    LOG     %/var/(adm|log)/messages FAIL IGNORE=%(smbd|Connection.reset.by.peer|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport|NT_STATUS_LOGON_FAILURE|LOGIN) COLOR=red
    LOG     %/var/(adm|log)/messages CRITICAL IGNORE=%(smbd|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport) COLOR=red

(I don't want to dicuss about the sense or the absurdity of the configured IGNORE statements here; let's simply say they are OK for us.... Shouldn't matter for my question here.....)

As one can read in the man page of analysis.cfg (which is available at https://www.xymon.com/help/manpages/man5/analysis.cfg.5.html ) i've read the following: Note that Xymon defaults to case-insensitive pattern matching; if that is not what you want, put "(?-i)" between the "%" and the regular expression to turn this off. E.g. "%(?-i)WARNING" will match the word WARNING only when it is upper-case.

We don't have (?-i) in front of our keywords; that should match our keywords regardless of their upper and lower case. So far, so good.

That was my meaning.....

A colleague called me saying that one of our servers had a problem with a openvpn connection. I logged in to the server and inspected /var/log/messages, and I found these lines (I've changed IP's and ports to #): Dec 1 12:06:18 open-vpn ovpn-server[39555]: ##.##.##.##:##### TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Dec 1 12:06:18 open-vpn ovpn-server[39555]: ##.##.##.##:##### TLS Error: TLS handshake failed Dec 1 12:06:18 open-vpn ovpn-server[39555]: ##.##.##.##:##### Fatal TLS error (check_tls_errors_co), restarting Dec 1 12:06:18 open-vpn ovpn-server[39555]: ##.##.##.##:##### SIGUSR1[soft,tls-error] received, client-instance restarting Dec 1 12:06:23 open-vpn ovpn-server[39555]: TCP connection established with [AF_INET]##.##.##.##:##### Dec 1 12:06:24 open-vpn ovpn-server[39555]: ##.##.##.##:##### TLS: Initial packet from [AF_INET]##.##.##.##:#####, sid=######## ######## Dec 1 12:07:06 open-vpn ovpn-server[39555]: ##.##.##.##:##### TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Dec 1 12:07:06 open-vpn ovpn-server[39555]: ##.##.##.##:##### TLS Error: TLS handshake failed Dec 1 12:07:06 open-vpn ovpn-server[39555]: ##.##.##.##:##### Fatal TLS error (check_tls_errors_co), restarting Dec 1 12:07:06 open-vpn ovpn-server[39555]: ##.##.##.##:##### SIGUSR1[soft,tls-error] received, client-instance restarting

As you can see, there are the keywords "Error", "error" and "failed" in these lines. At this time the msgs test of that server was at state green. This made me think that the statement of the man page of analysis.cfg regarding case-insensitive might be wrong.

I've tested this and inserted this line in the DEFAULT section of analysis.cfg: LOG %/var/(adm|log)/messages Error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport) COLOR=red

After a couple of minutes, the msgs test for that server changed to red.

Did i understand something wrong or miss something? Or is this really a bug? Do i need to configure my keywords in a different way?

Best regards Christian

Christian Becker IT-Services

Christian.Becker at rhein-zeitung.net<mailto:Christian.Becker at rhein-zeitung.net>

Mittelrhein-Verlag GmbH August-Horch-Straße 28 D-56070 Koblenz Verleger und Geschäftsführer: Walterpeter Twer Reg.-Gericht Koblenz HRB 121 Finanzamt Koblenz Str.Nr. 22 65 10 285 2 www.rhein-zeitung.de<http://www.rhein-zeitung.de/>