There's always a way (it's open source after all) but nothing simple comes to mind.

If it were me, I would create my own log monitoring subsystem and have it report into Xymon after working out $MACHINE from the logfile (or some configuration). You might be able to do this sort of thing using swatch, sawmill or splunk.

Another option might be to create a job that runs your own instance of logtetch after setting MACHINE the way you want it. Something like this:

#!/bin/sh [ "$XYMON" ] || { echo "Plese run using xymoncmd"; exit 1; } MACHINEDOTS="Server09" LOGFILE="/opt/syslogs/$MACHINE/apache2.error.log" LOGFETCHCFG=/tmp/logfetch.$MACHINE.cfg LOGFETCHSTATUS=/tmp/logfetch.$MACHINE.status { echo "client/apachelog" $MACHINEDOTS.$OSTYPE" echo "[msgs:$LOGFILE]" $XYMONHOME/bin/logfetch $LOGFETCHCFG $LOGFETCHSTATUS > $TEMPFILE } | $XYMON $XYMSRV @

Note that the logfetch config file (/tmp/logfetch.$MACHINE.cfg) is something you'd need to fill out yourself, probably with the relevant entry from your client-local.cfg file.

Alternatively, you could create this file dynamically from queries to the server. You can get the "log:" entries for Server09 by issuing the following command (from any Xymon client, not just Server09):

$XYMON $XYMSRV "client/bogus Server09.bogos"

But first you'd have to have the "log:" entry in client-local.cfg moved from [syslogserver] to a new [Server09] section if it doesn't already exist.

From this, you could (optionally) grep out the "apache2.error.log" entries, drop them directly into $LOGFETCHCFG for the server, and then the logfetch command can go to work.

If the Server09 server already has its own entry in client-local.cfg, then you don't want Server09 trying to do the log processing that syslogserver is already doing. So you could create a special entry for [syslogserver-Server09] and adjust the script accordingly.

I hope that all makes sense.

J

On 30 December 2014 at 05:32, usa ims via Xymon <xymon at xymon.com> wrote:

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon

---------- Forwarded message ---------- From: usa ims <usaims at yahoo.com> To: xymon at xymon.com Cc: Date: Mon, 29 Dec 2014 10:29:42 -0800 Subject: monitoring multiple log files on a single syslog server Greetings,

I'm monitoring multiple log files on a single syslog server.

I have a syslog server that stores the apache error logs in a server named ‘syslogserver’ looking for the word ‘CurlTransfer’. When xymon finds the word ‘CurlTransfer’ it sends an alert but it alerts that it is coming from ‘syslogserver’ and the guys are complaining that ‘nongreen.html’ is reporting the servername rather than the actual name of the server where the error originated from.

Is there a way if xymon finds the word ‘CurlTransfer’ in ‘/opt/syslogs/Server09/apache2.error.log’, to get it to report in the ‘msgs’ column that it came from ‘Server09’?

Here is my current config for this.

[syslogserver] log:/opt/syslogs/Server09/apache2.error.log:4096 log:/opt/syslogs/Server10/apache2.error.log:4096 log:/opt/syslogs/Server11/apache2.error.log:4096 log:/opt/syslogs/Server12/apache2.error.log:4096 log:/opt/syslogs/Server13/apache2.error.log:4096

I have configured my analysis.cfg with:

HOST= syslogserver LOG /opt/syslogs/Server09/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server10/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server11/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server12/apache2.error.log CurlTransfer COLOR=red LOG /opt/syslogs/Server13/apache2.error.log CurlTransfer COLOR=red

Thanks in advance.

usaims