well...

Ive really no idea what is happenbing now!

NOW the GUI page shows

No entries in /var/log/messagesNo entries in /var/log/messages-20180816.log No entries in /var/log/maillog No entries in /var/log/secure

Full log /var/log/messages Full log /var/log/messages-20180816.log <...CURRENT...>DIDDSFull log /var/log/maillog Full log /var/log/secure

i.e. it IS showing the contents of messages-20180816.log.  So 

1. it knows about the correct log
2. it has the log files contents but
3. it is failing to note that it contains the trigger word.

Summary:

server side client-local.cfg :   log:find /var/log -maxdepth 1 -type f -name messages-\*.log:10240server side analysis.cfg :       LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow servier side must work because it worked for the sijmple test again /var/log/messages didds

On Thursday, 16 August 2018, 15:49:07 BST, Ian Diddams <didds3 at yahoo.co.uk> wrote:  

further to the below...

form the analysis.cfg man page:

LOG logfilename pattern [COLOR=color] [IGNORE=excludepattern] [OPTIONAL]

... "logfilename" is the name of the logfile. Only logentries from this filename will be matched against this rule. Note that "logfilename" can be a regular expression (if prefixed with a '%' character). 

as below the entry for the client in analysis.cfg on the server is LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow

so IS prefixed by a % and the proof thyat this isn;t picking up the contents of the requisite log file is because the GUI page line Full log /var/log/messages-20180816.log

does not have  <...CURRENT...>DIDDS below it - as my test for plain /var/log/messages does. didds

On Thursday, 16 August 2018, 15:40:44 BST, Ian Diddams via Xymon <xymon at xymon.com> wrote:  

Ok - another angle.  I feel I am SO close. so I have a cleint with message logs with filename format /var/log/messages-YYYYMMDD.log It contains a trigger word DIDDS client-local.cfg on the xymon SERVER contains

[linux]log:/var/log/messages:10240log:find /var/log -maxdepth 1 -type f -name messages-\*.log:10240log:/var/log/maillog:10240 log:/var/log/secure:10240ignore MARK

The client's msgs GUI page shows

No entries in /var/log/messagesNo entries in /var/log/messages-20180816.log No entries in /var/log/maillog No entries in /var/log/secure

Full log /var/log/messagesFull log /var/log/messages-20180816.log Full log /var/log/maillog Full log /var/log/secure

ie it can find/knows about that respective messages file.

However...

in analysis.cfg, for the respective client this line LOG %/var/log/messages*.log "DIDDS"  COLOR=yellow

doesn't flag anything - even if the string DIDDS is in that messages-20180816.log file .. hence the line in the GUI No entries in /var/log/messages-20180816.log

SO CLOSE.

what am I missing here?

Because if I merely use LOG %/var/log/messages "DIDDS"  COLOR=yellow with DIDDS within /var/log/messages  it goes yellow almost immediately. ??? didds

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon