monitoring /var/log/messages for new occurence of a string
Hi, The answer to this is probably in the archives already, but I didn't find it.
I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that's a day old.
Thanks! Nicole Beck
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <nskyrca at syr.edu> wrote:
Hi,****
The answer to this is probably in the archives already, but I didn’t find it.****
I’m running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I’m seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that’s a day old.****
Thanks!****
Nicole Beck****
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
I just haven't had a chance to test it much. If I recall correctly, it didn't monitor everything that we currently monitor with big brother. I'll have to investigate it further.
Thanks, Nicole
From: Larry Barber [mailto:lebarber at gmail.com] Sent: Friday, October 05, 2012 4:28 PM To: Nicole Beck Cc: xymon at xymon.com Subject: Re: [Xymon] monitoring /var/log/messages for new occurence of a string
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <nskyrca at syr.edu<mailto:nskyrca at syr.edu>> wrote: Hi, The answer to this is probably in the archives already, but I didn't find it.
I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that's a day old.
Thanks! Nicole Beck
Xymon mailing list Xymon at xymon.com<mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It definitely works better, and monitors all the same things. You may need to modify your external tests a little bit, but just because the environment variables/names have just changed a little.
I've got a big selling point for you if you need one: you cannot configure client settings centrally on the server side if you use a Big Brother client. They will be ignored.
On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven’t had a chance to test it much. If I recall correctly, it didn’t monitor everything that we currently monitor with big brother. I’ll have to investigate it further.
Thanks,
Nicole
*From:*Larry Barber [mailto:lebarber at gmail.com] *Sent:* Friday, October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com *Subject:* Re: [Xymon] monitoring /var/log/messages for new occurence of a string
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <nskyrca at syr.edu <mailto:nskyrca at syr.edu>> wrote:
Hi,
The answer to this is probably in the archives already, but I didn’t find it.
I’m running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I’m seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that’s a day old.
Thanks!
Nicole Beck
_______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBzD7UACgkQmb+gadEcsb54fgCffOb1tL0U6zbBFUiYGovSxfsi AlUAnAu73H8glQQ3YAd0Bzu8iOqw96en =ovXt -----END PGP SIGNATURE-----
I installed the xymon client on a test server, and that seems to work better for monitoring the log files. IE, it only alerts for new occurrences of the string in the log. Thanks!
Now to figure out my scripts that I called from the bb-bbexttab file on the client. I got one to work by adding it to the clientlaunch.cfg file on the client. But you mentioned doing it centrally on the server?
Thanks again, Nicole
-----Original Message----- From: Novosielski, Ryan [mailto:novosirj at umdnj.edu] Sent: Monday, October 08, 2012 1:39 PM To: Nicole Beck Cc: 'Larry Barber'; 'xymon at xymon.com' Subject: Re: [Xymon] monitoring /var/log/messages for new occurence of a string
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It definitely works better, and monitors all the same things. You may need to modify your external tests a little bit, but just because the environment variables/names have just changed a little.
I've got a big selling point for you if you need one: you cannot configure client settings centrally on the server side if you use a Big Brother client. They will be ignored.
On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven't had a chance to test it much. If I recall correctly, it didn't monitor everything that we currently monitor with big brother. I'll have to investigate it further.
Thanks,
Nicole
*From:*Larry Barber [mailto:lebarber at gmail.com] *Sent:* Friday, October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com *Subject:* Re: [Xymon] monitoring /var/log/messages for new occurence of a string
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <nskyrca at syr.edu <mailto:nskyrca at syr.edu>> wrote:
Hi,
The answer to this is probably in the archives already, but I didn't find it.
I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that's a day old.
Thanks!
Nicole Beck
_______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBzD7UACgkQmb+gadEcsb54fgCffOb1tL0U6zbBFUiYGovSxfsi AlUAnAu73H8glQQ3YAd0Bzu8iOqw96en =ovXt -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
No, you do need to set these up on the clients and you've done this in the right place. What I was referring to is configuring alerting behavior on the tests. For example, you can centrally ignore all instances of say /CDROM as not relevant in a disk space test, or do other stuff with regex's. On BB, you had to ignore FSs or set CPU limits, etc., on each individual client.
On 10/11/2012 03:08 PM, Nicole Beck wrote:
I installed the xymon client on a test server, and that seems to work better for monitoring the log files. IE, it only alerts for new occurrences of the string in the log. Thanks!
Now to figure out my scripts that I called from the bb-bbexttab file on the client. I got one to work by adding it to the clientlaunch.cfg file on the client. But you mentioned doing it centrally on the server?
Thanks again, Nicole
-----Original Message----- From: Novosielski, Ryan [mailto:novosirj at umdnj.edu] Sent: Monday, October 08, 2012 1:39 PM To: Nicole Beck Cc: 'Larry Barber'; 'xymon at xymon.com' Subject: Re: [Xymon] monitoring /var/log/messages for new occurence of a string
It definitely works better, and monitors all the same things. You may need to modify your external tests a little bit, but just because the environment variables/names have just changed a little.
I've got a big selling point for you if you need one: you cannot configure client settings centrally on the server side if you use a Big Brother client. They will be ignored.
On 10/08/2012 01:35 PM, Nicole Beck wrote:
I just haven't had a chance to test it much. If I recall correctly, it didn't monitor everything that we currently monitor with big brother. I'll have to investigate it further.
Thanks,
Nicole
*From:*Larry Barber [mailto:lebarber at gmail.com] *Sent:* Friday, October 05, 2012 4:28 PM *To:* Nicole Beck *Cc:* xymon at xymon.com *Subject:* Re: [Xymon] monitoring /var/log/messages for new occurence of a string
Is there some reason you can't use a Xymon client?
Thanks, Larry Barber
On Fri, Oct 5, 2012 at 2:00 PM, Nicole Beck <nskyrca at syr.edu <mailto:nskyrca at syr.edu>> wrote:
Hi,
The answer to this is probably in the archives already, but I didn't find it.
I'm running Xymon 4.2.3 server on RHEL, and running Big Brother on the clients. I setup the bb-msgstab file on a Linux client to alert for a specific string in /var/log/messages. What I'm seeing is that anytime /var/log/messages is updated, we get an alert for the string we are testing for, even if that string occurred hours ago. Is there a way to parse the file to only send an alert if it is a new occurrence of the string? We only rotate this file once a week, so we might get an alert on something that's a day old.
Thanks!
Nicole Beck
_______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlB3HMQACgkQmb+gadEcsb61oQCg2hRVMMY6JOnsoTI+g5t9Sff/ /zYAmwT9iHCAKvbG/VGMB3xjPutdZG6+ =nOVq -----END PGP SIGNATURE-----
participants (3)
-
lebarber@gmail.com
-
novosirj@umdnj.edu
-
nskyrca@syr.edu