hobbit-clients.cfg LOG configuration
Hi,
In hobbit-clients.cfg LOG configuration, I want to catch critical event lines, which have the keyword "EventID" and either keyword of failed, failure or error. Looks this line doesn't work, any idea please?
LOG /var/log/messages %EventID.*(failed|failure|error)
thanks,
Geng
On Tue, Oct 30, 2007 at 05:17:10PM +0800, Geng Hu wrote:
In hobbit-clients.cfg LOG configuration, I want to catch critical event lines, which have the keyword "EventID" and either keyword of failed, failure or error. Looks this line doesn't work, any idea please?
LOG /var/log/messages %EventID.*(failed|failure|error)
It would help if you could show us some of the actual lines from the logfile that you would expect this to catch.
Henrik
For each line with "EventID", i want to catch the lines have keyword like "failed" or "error",which is critical.
lines i want to match: EventID:2083 Physical disk rebuild failed EventID:2272 uncorrectable media error.
lines i don't want to match: EventID:2086 Virtual disk format completed other lines without "EventID"
thanks!
Geng
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will be down also because of a switch issue. I don't want to receive two alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
I use the "route" tag for that instead:
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn route:Toronto
You'd get an alert on Toronto...... someone please correct me if my understanding is wrong.
---Eric
From: Michael A. Price [mailto:mprice at sgt-inc.com] Sent: Wednesday, October 31, 2007 07:30 To: hobbit at hswn.dk Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will be down also because of a switch issue. I don't want to receive two alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
Eric is right. When Toronto goes red oriole will go yellow with a message like "The router toronto (IP:192.168.192.20) is not reachable, causing this host to be unreachable."
You can also have multiple things in the route tag if it makes sense to do so. I have a Hobbit server on our main LAN and monitored devices at the far end of WAN links...so I use route to check the router at this side, the router's WAN at the far side, and the router's LAN at the far side. That quickly tells me if I have a router problem here, a WAN link problem, or a LAN problem at the remote site.
Cheers.
D
From: Eric Meddaugh [mailto:etmsys at rit.edu] Sent: Wednesday, October 31, 2007 9:15 AM To: hobbit at hswn.dk Subject: RE: [hobbit] The Depends Tag
I use the "route" tag for that instead:
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn route:Toronto
You'd get an alert on Toronto...... someone please correct me if my understanding is wrong.
---Eric
From: Michael A. Price [mailto:mprice at sgt-inc.com] Sent: Wednesday, October 31, 2007 07:30 To: hobbit at hswn.dk Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will be down also because of a switch issue. I don't want to receive two alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
Gents,
I configured everything for the route tag and it works great :-)
Thanks, michael
From: Dugan, Darin D [EIT] [mailto:dddugan at iastate.edu] Sent: Wednesday, October 31, 2007 2:25 PM To: hobbit at hswn.dk Subject: RE: [hobbit] The Depends Tag
Eric is right. When Toronto goes red oriole will go yellow with a message like "The router toronto (IP:192.168.192.20) is not reachable, causing this host to be unreachable."
You can also have multiple things in the route tag if it makes sense to do so. I have a Hobbit server on our main LAN and monitored devices at the far end of WAN links...so I use route to check the router at this side, the router's WAN at the far side, and the router's LAN at the far side. That quickly tells me if I have a router problem here, a WAN link problem, or a LAN problem at the remote site.
Cheers.
D
From: Eric Meddaugh [mailto:etmsys at rit.edu] Sent: Wednesday, October 31, 2007 9:15 AM To: hobbit at hswn.dk Subject: RE: [hobbit] The Depends Tag
I use the "route" tag for that instead:
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn route:Toronto
You'd get an alert on Toronto...... someone please correct me if my understanding is wrong.
---Eric
From: Michael A. Price [mailto:mprice at sgt-inc.com] Sent: Wednesday, October 31, 2007 07:30 To: hobbit at hswn.dk Subject: [hobbit] The Depends Tag
Fellow Hobbit users,
I need a little help with something, it has stumped me...
I have two hosts on the same network, if one goes down. The other will be down also because of a switch issue. I don't want to receive two alerts. So I wrote in the depends tag, is this correct format???
192.168.192.20 toronto # trace conn
192.168.192.21 oriole # trace conn depends=(conn:toronto/conn)
If toronto is down and oriole is down, I just one one email alert.
Thanks for the help, michael
participants (5)
-
dddugan@iastate.edu
-
etmsys@rit.edu
-
henrik@hswn.dk
-
hugeng@gmail.com
-
mprice@sgt-inc.com