precedence of rules in analysis.cfg
Please can someone help me regarding the precedence of rules in analysis.cfg?
analysis.cfg example to illustrate my questions:
#-----------------------------------------------------------
HOST=Win32Server DISK C 85 90
DEFAULT DISK * 90 95
CLASS=win32 DISK C 80 90 LOG %.* %error COLOR=yellow LOG eventlog:Application %warning COLOR=yellow IGNORE="%warning .* Symantec AntiVirus .* Could not scan .* files inside .* due to extraction errors encountered by the Decomposer Engines\.Application has encountered an error"
#-----------------------------------------------------------
Assumption: Host 'Win32Server' is a CLASS=win32 server running in central mode
DISK questions:
Does Win32Server's C disk go yellow at 85, 90 or 95% ?
Is this because of the ORDER of the applying rules (first HOST, then DEFAULT, then CLASS) or is it because HOST is more specific then CLASS and CLASS is more specific then DEFAULT?
Does Xymon at all try to find further possibly matching DISK rules after the first matching rule - underneath HOST in this example - has been encountered?
LOG questions:
If an eventlog message happens to match the 1st of the above listed LOG rules (because it contains 'error'), will the second rule be evaluated at all?
And if the 2nd rule should get evaluated, which of the 2 rules would take precedence? (Assuming both rules logically match, but have conflicting effects because of the IGNORE
- i.e. a line that matches the IGNORE and hence has also the word 'error' in it. Will it be ignored, because the 2nd rule applies? Or will it show yellow, because the 1st rule applies? And why is this so?
The answers to the 2 prior questions will probably already have answered this one: Should specific LOG rules appear before or after the more general ones to give to give the first match precedence?
Many thanks Jürgen
Juergen,
The file is read from top to down. The process stops to read the file when it finds the first feature that matches.
In your exemple, if a disk data comes with the hostname Win32Server on the disk C, first thresholds are used (C 85 90). Any server of class win32 on data disk on the C drive will use the third thresholds (80 90) In any other cases for disk data, the default thresholds will be used (90 95)
Cordialement, Regards,Mit freundlichen Grüßen,
Gautier BEGIN
From: Juergen Fischer/DEU/CSC at CSC To: xymon at xymon.com Date: 08/13/2014 09:44 AM Subject: [Xymon] precedence of rules in analysis.cfg Sent by: "Xymon" <xymon-bounces at xymon.com>
Please can someone help me regarding the precedence of rules in analysis.cfg?
analysis.cfg example to illustrate my questions:
#-----------------------------------------------------------
HOST=Win32Server DISK C 85 90
DEFAULT DISK * 90 95
CLASS=win32
DISK C 80 90
LOG %.* %error
COLOR=yellow
LOG eventlog:Application %warning COLOR=yellow
IGNORE="%warning .* Symantec AntiVirus .* Could not scan .* files inside
.* due to extraction errors encountered by the Decomposer
Engines\.Application has encountered an error"
#-----------------------------------------------------------
Assumption: Host 'Win32Server' is a CLASS=win32 server running in central mode
DISK questions:
Does Win32Server's C disk go yellow at 85, 90 or 95% ?
Is this because of the ORDER of the applying rules (first HOST, then DEFAULT, then CLASS) or is it because HOST is more specific then CLASS and CLASS is more specific then DEFAULT?
Does Xymon at all try to find further possibly matching DISK rules after the first matching rule - underneath HOST in this example - has been encountered?
LOG questions:
If an eventlog message happens to match the 1st of the above listed LOG rules (because it contains 'error'), will the second rule be evaluated at all?
And if the 2nd rule should get evaluated, which of the 2 rules would take precedence? (Assuming both rules logically match, but have conflicting effects because of the IGNORE
- i.e. a line that matches the IGNORE and hence has also the word 'error' in it. Will it be ignored, because the 2nd rule applies? Or will it show yellow, because the 1st rule applies? And why is this so?
The answers to the 2 prior questions will probably already have answered this one: Should specific LOG rules appear before or after the more general ones to give to give the first match precedence?
Many thanks Jürgen_______________________________________________ Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (2)
-
gbegin@csc.com
-
jfische2@csc.com