The single string I find catches the most Linux log messages is "fail" . I have it set to scan for it no matter the case. Other than that all the other strings are tied to particular applications (backup software, Oracle, etc.).

Hope that helps,

Bruce

  Bruce White Senior Enterprise Systems Engineer | Phone: 1-630-671-5169 | Fax: 630-893-1648 | bewhite at fellowes.com | http://www.fellowes.com/ Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Fellowes, Inc.

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of bb4 at richter-it.net Sent: Tuesday, August 16, 2011 4:00 AM To: xymon at xymon.com Subject: [Xymon] Linux messages monitoring - best practice

Hi folks,

our company is switching from Solaris to Linux (Red Hat). And now I'm curious what patterns do you have for system log file monitoring since the messages and other files look slightly different from the ones in Solaris.

Thanks

Torsten