Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?
Hello everybody,
i?m writing this to the list because I?m screwed up with my thoughts, probably because I?ve done too much config tests for today?..
Hope I can describe my situation good enough.
I?ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7. Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages ? that?s working.
What I want to achieve:
- For ALL of them, I want to have the ?msgs? column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
- In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the ?msgs? column, and I want to monitor those application specific logfiles for keywords too.
- In further addition to the above, I want to have EACH ?files? column filled with the files that are monitored in the ?msgs? column per server.
Actually I?m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules. That makes my crazy.
My thought was to have a class configured in client-local.cfg which is: [linux] file:/var/log/messages file:/var/log/ntp log:/var/log/messages:10240 ignore MARK
For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this ?over-controls? the class entry from above?.): [dvst-1] file:/var/log/messages file:/var/log/ntp file:/data/monitor/checkppi.log log:/data/monitor/checkppi.log:10240 log:/var/log/messages:10240 ignore MARK
This section is BELOW the class [linux] section, if that matters?
Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.
To make the thing complete and to have more confusion, I have these entries in analysis.cfg: Example of a server specific entry: HOST=dvst-1 DISK /data 97 98 PROC "mysqld " PROC "mysqld_safe" PROC "httpd2-prefork" 1 PROC "smbd? PROC "caagentd" LOG /data/monitor/checkppi.log OutOfMemory COLOR=red
Finally a DEFAULT section (at the end of the file): DEFAULT # These are the built-in defaults. DISK * 90 95 MEMSWAP 80 90 MEMACT 90 97 FILE /var/log/ntp SIZE>0 FILE /var/log/messages LOG /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red LOG /var/log/messages %Remounting.filesystem.read-only COLOR=red LOG /var/log/messages There.are.errors.in.the.filesystem COLOR=red
The problem is, that I cannot see data from the configured logfiles in the affected ?msgs? columns. For some logfile entries I get parse errors and I don?t know exactly the reason behind this. All of the configured logfiles are present on the affected servers, there they are readable and filled with data.
Does anybody have a real good description of the best way to get the ?msgs? column populated with data? Of the ?playing together? and the right order of entries in the config-files?
Hope anybody can follow my thoughts ?
Regards Christian
Hi all,
i have been right with my config files. The things that I have configured are working as they should do.
The only thing I forgot was, that i get this parse error if a logfile hasn?t been updated recently. This morning I had a look on my msgs columns where i had these parse errors in the past, and now they are filled with data.
Regards Christian
Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Becker Christian Gesendet: Mittwoch, 11. Dezember 2019 15:53 An: xymon at xymon.com Betreff: [Xymon] Config for msgs column - how to play with client-local.cfg and analysis.cfg? How to play with default and specific entries?
Hello everybody,
i?m writing this to the list because I?m screwed up with my thoughts, probably because I?ve done too much config tests for today?..
Hope I can describe my situation good enough.
I?ve configured nearly 120 linux machines (servers) in our Xymon environment, most of them running Ubuntu 14.04/16.04/18.04 LTS or CentOS 6/7. Xymon server is on 4.3.29, clients are on different releases starting at 4.3.17. All of them are configured to write their system logs to /var/log/messages ? that?s working. What I want to achieve:
- For ALL of them, I want to have the ?msgs? column filled with the data coming from /var/log/messages, so that I can configure alerting, if some keywords occur in /var/log/messages.
- In addition to that, for SOME of these servers, I want to have application specific logfiles monitored in the ?msgs? column, and I want to monitor those application specific logfiles for keywords too.
- In further addition to the above, I want to have EACH ?files? column filled with the files that are monitored in the ?msgs? column per server.
Actually I?m struggling with config files on my Xymon server, client-local.cfg and analysis.cfg, and there with class-entries, default section and server specific rules. That makes my crazy.
My thought was to have a class configured in client-local.cfg which is: [linux] file:/var/log/messages file:/var/log/ntp log:/var/log/messages:10240 ignore MARK
For those servers where I want to have additional, application specific logfiles, I have server based entries like this in client-local.cfg (hoping that this ?over-controls? the class entry from above?.): [dvst-1] file:/var/log/messages file:/var/log/ntp file:/data/monitor/checkppi.log log:/data/monitor/checkppi.log:10240 log:/var/log/messages:10240 ignore MARK
This section is BELOW the class [linux] section, if that matters?
Everytime I did a config change on client-local.cfg I did a restart of Xymon on my xymon server and I had to wait minutes over minutes to see the result.
To make the thing complete and to have more confusion, I have these entries in analysis.cfg: Example of a server specific entry: HOST=dvst-1 DISK /data 97 98 PROC "mysqld " PROC "mysqld_safe" PROC "httpd2-prefork" 1 PROC "smbd? PROC "caagentd" LOG /data/monitor/checkppi.log OutOfMemory COLOR=red
Finally a DEFAULT section (at the end of the file): DEFAULT # These are the built-in defaults. DISK * 90 95 MEMSWAP 80 90 MEMACT 90 97 FILE /var/log/ntp SIZE>0 FILE /var/log/messages LOG /var/log/messages %(I/O|read).error IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt) COLOR=red LOG /var/log/messages %Remounting.filesystem.read-only COLOR=red LOG /var/log/messages There.are.errors.in.the.filesystem COLOR=red
The problem is, that I cannot see data from the configured logfiles in the affected ?msgs? columns. For some logfile entries I get parse errors and I don?t know exactly the reason behind this. All of the configured logfiles are present on the affected servers, there they are readable and filled with data.
Does anybody have a real good description of the best way to get the ?msgs? column populated with data? Of the ?playing together? and the right order of entries in the config-files?
Hope anybody can follow my thoughts ?
Regards Christian
participants (1)
-
christian.becker@rhein-zeitung.net