Hi all,
As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period. Is this something that other people would find useful? (even if it was only a count of occurrences within the last 30 minutes and not a configurable time).
Is there any chance something like this may be in a future release Henrik?
Regards,
Neil Simmonds
Senior Operations Analyst (Operations Support Group) Express Gifts Limited
Express House
Clayton Business Park
Accrington
Lancashire
BB5 5JY T: 01254 303092 | E: <mailto:neil.simmonds at Express-Gifts.co.uk> neil.simmonds at Express-Gifts.co.uk
Hello,
Hi all,
As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period. Is this something that other people would find useful? (even if it was only a count of occurrences within the last 30 minutes and not a configurable time).
This is a useful feature, but I doubt if I will use it if implemented in Xymon.
I've written two custom scripts which do just this type of data collection. One script counts the number of denied licence requests from the FLEXlm log file (one log file per product), the other one counts the number of DHCP discovers, requests etc. from the ISC dhcpd log file.
Both scripts use quit different counting strategies. The first script counts the number of denied license request since the start of this year. The result is fed into RRD, using a DS of type DERIVE with a minimum of zero. The minimum suppresses the negative spike at each new year.
The second script starts reading the log file at the location where it stopped the last time. This is a faster method, but it introduces small errors. Some (small) parts of the log file can be scanned twice or some (small) parts are never scanned, depending on the moment the file size (which is the starting point for the next pass) is retrieved.
Both scripts do something special with fast repeating entries: if two or more license requests from one requester for one particular product are denied within two seconds the set of di=enials is counted as one denial, and hosts which send many DHCP requests are reported. Hence the doubt if I will use a similar functionality in Xymon.
Regards, Wim Nelis.
The NLR disclaimer is valid for NLR e-mail messages.
This message is only meant for providing information. Nothing in this e-mail message amounts to a contractual or legal commitment on the part of the sender. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. Sender accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
hi guys, to analize logs you can use "sec.pl" this is a powerful open source tool
http://simple-evcorr.sourceforge.net/
Regards HB
On Mon, Mar 3, 2014 at 10:17 AM, Neil Simmonds <neilsimmonds1808 at gmail.com>wrote:
Hi all,
As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period. Is this something that other people would find useful? (even if it was only a count of occurrences within the last 30 minutes and not a configurable time).
Is there any chance something like this may be in a future release Henrik?
*Regards,*
*Neil Simmonds*
*Senior Operations Analyst (Operations Support Group)* *Express Gifts Limited*
Express House
Clayton Business Park
Accrington
Lancashire
BB5 5JY T: 01254 303092 | E: neil.simmonds at Express-Gifts.co.uk
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Hernán Berman wrote:
hi guys, to analize logs you can use "sec.pl <http://sec.pl>" this is a powerful open source tool
http://simple-evcorr.sourceforge.net/
Regards HB
On Mon, Mar 3, 2014 at 10:17 AM, Neil Simmonds <neilsimmonds1808 at gmail.com <mailto:neilsimmonds1808 at gmail.com>> wrote:
Hi all,____ __ __ As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period. Is this something that other people would find useful? (even if it was only a count of occurrences within the last 30 minutes and not a configurable time). ____ __ __ Is there any chance something like this may be in a future release Henrik?____ __ __ __ __ *Regards,*____ ____ *Neil Simmonds*____
We also make use of the Simple Event Corrulator both on clients to analyze fast moving logs (and/or logs in real time) and also on the Xymon Server to analyze trap logs in the manner of http://cerebro.victoriacollege.edu/hobbit-trap.html (which is linked under Tips and Tricks on the Help pages).
We have a perl module that can be integrated with SEC which makes it possible to install SEC on clients completely independently from any Xymon Client software if necessary.
It is still a pain having to manage SEC rules locally on every client, but you can overcome this by keeping the rules on the Xymon server and use the Xymon download command from within SEC to keep these in sync.
-- Andy
On 4 March 2014 00:17, Neil Simmonds <neilsimmonds1808 at gmail.com> wrote:
As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period.
Sure there is. From the client-local.cfg file comments:
"linecount:FILENAME"
Monitor the text-based logfile FILENAME, but just
count the number of times certain expressions appear.
This processes the entire file every time. It must
be followed by one or more lines with
"KEYWORD PATTERN"
KEYWORD identifies this count. You can use any string
except whitespace. PATTERN is a regular expression
that you want to search for in the file.
I use this to monitor the count of "xfer-in" and "xfer-out" messages on my DNS servers. There's already a graphs.cfg definition called [lines] that presents them nicely in a graph.
J
From: Jeremy Laidman [mailto:jlaidman at rebel-it.com.au] Sent: 14 March 2014 22:14 To: Neil Simmonds Cc: xymon at xymon.com Subject: Re: [Xymon] Log file monitoring
On 4 March 2014 00:17, Neil Simmonds <neilsimmonds1808 at gmail.com <mailto:neilsimmonds1808 at gmail.com> > wrote:
As far as I can see there is no built in way in Xymon to monitor a log for the number of times a string has occurred in a specified time period.
Sure there is. From the client-local.cfg file comments:
"linecount:FILENAME"
Monitor the text-based logfile FILENAME, but just
count the number of times certain expressions appear.
This processes the entire file every time. It must
be followed by one or more lines with
"KEYWORD PATTERN"
KEYWORD identifies this count. You can use any string
except whitespace. PATTERN is a regular expression
that you want to search for in the file.
I use this to monitor the count of "xfer-in" and "xfer-out" messages on my DNS servers. There's already a graphs.cfg definition called [lines] that presents them nicely in a graph.
J
II've just had a chance to look at this and it still doesn't fir my original requirements. I want to count the number of lines matching a regex within a specific time period. So for example I might want to alert if I get 10 warning messages in 30 minutes.
Built in Xymon functionality does not seem to give me a way of doing this.
I'm looking into Simple Event Correlator as suggested by Henrik as a solution for this but it seems a little heavy solution for a simple requirement. I'm hopeful other requirements will occur in the future to justify the time spent on SEC,
Given the fact that once people hear of the capability they'll come up with all sorts of ways of using it, I'm guessing it will get used.
Neil.
participants (5)
-
abs@shadymint.com
-
herber75@gmail.com
-
jlaidman@rebel-it.com.au
-
neilsimmonds1808@gmail.com
-
Wim.Nelis@nlr.nl