Help with ignoring certain syslog messages.
I'm trying to turn the messages test red when "NOTICE" is in a syslog message, but not when "Charged or "Backup initiated" is also present in the message. The config I'm using does ignore the "Backup initiated" messages, but not the "Charged" ones. Can someone give me some hints on how to can handle this situation? Here is the message I'm trying to ignore: "Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010) {Unique ID#: 09ecee}" In hobbit-clients.cfg I have this: LOG %.* NOTICE COLOR=red "IGNORE=%(Charged|Backup initiated)" When I run "hobbitd_client --test" to test the config, it shows that message would report as green.
hobbitd_client --testHostname (.=end, ?=dump, !=reload) []: sycamore.example.comHosttype []: SunOSTest (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 17 02:05:58 sycamore SUNWscsdMonitor[979]: [ID 218055 daemon.error] [SUNWscsd 0x030B1D0E:0x00000000 Informational] <rctrl0000> Standard General Event, NOTICE: Controller BBU Fully Charged !.[info: 5E-00E6E83FE] (Secondary, Wed Mar 17 06:10:12 2010) log line: Log status is green
Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: Mar 10 22:36:17 sycamore vmtape: [ID 428768 kern.notice] Backup initiated: Compression(none)Encryption(none)log line: Log status is green Hostname (.=end, ?=dump, !=reload) [sycamore.example.com]: Test (cpu, mem, disk, proc, log, port): loglog filename: /var/adm/messagesTo read log data from a file, enter '@FILENAME' at the promptlog line: NOTICE: testing noticelog line: Log status is red &red NOTICE: testing notice
Thanks, Jason
<img src="http://www.bigstring.com/refer.php?img=68" width="1" height="1">Start making money with PeopleString!
Hi
I want to filter some messages from a specific server's message log. So I built a special rule in hobbit-clients.cfg to filter that message, but it is ignored. It seems Hobbit preferres the DEFAULT section. If I uncomment the DEFAULT LOG rule my special rule is used and the message is filtered.
So how can I have a default rule including some IGNORE clauses which is used for all my servers and an additional set of rule specific to one or more servers.
Here is my hobbit-client.cfg. The rule I currently playing with is marked with (***), it's the host s068c326. If I comment out the last two lines it works, if not the message "ntpd error" is detected as error.
HOST=s068310i DISK %^/platform.* IGNORE
HOST=s068310b DISK %^/platform.* IGNORE
HOST=s068a300 LOG %.* %(fatal|error) COLOR=red IGNORE=%(smb_proc_readdir_long|peer) LOG %.* warning COLOR=yellow
DISK * 10 15
HOST=s068c327 DISK /mnt IGNORE
#HOST=%s068c32.* HOST=s068c326 #HOST=s068c320,s068c321,s068c322,s068c323,s068c324,s068c325,s068c326,s068c327 LOG %.* %(fatal|error) IGNORE=%ntpd COLOR=red #(***)
HOST=s068c320,s068c321,s068c322 PROC "lmgrd -c" 1 1 PROC "pam_lmd" 1 1
DEFAULT # These are the built-in defaults. UP 1h LOAD 5.0 10.0 DISK * 90 95 DISK /media/cdrom 101 101 MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97
LOG %.* %(fatal|error) COLOR=red IGNORE=%(read_socket_data|peer) LOG %.* warning COLOR=yellow IGNORE=40960
Thank you for help
Thorsten Erdmann
If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
participants (2)
-
jasoneh@bigstring.com
-
thorsten.erdmann@daimler.com