Hi all
I'm trying to monitor some log files on Windows 7 clients. I have this in the analysis.cfg file:
HOST=%client.* FILE "C:\users\user\Documents\ClientTiming*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTiming*log" SIZE<1G red TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<1G red TRACK
The files are displayed but regardless of the file size, the test stays green.
I want the test to go red when the files exceed 1GB and yellow when greater than 500MB.
Any ideas where I'm going wrong?
Thanks
CC
On 18/04/2016 9:42 am, Colin Coe wrote:
Hi all
I'm trying to monitor some log files on Windows 7 clients. I have this in the analysis.cfg file:
HOST=%client.* FILE "C:\users\user\Documents\ClientTiming*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTiming*log" SIZE<1G red TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<1G red TRACK
The files are displayed but regardless of the file size, the test stays green.
I want the test to go red when the files exceed 1GB and yellow when greater than 500MB.
Any ideas where I'm going wrong?
Is your filename supposed to be a regex? Wildcard matching isn't builtin.
Try:
FILE "%C:\users\user\Documents\ClientTiming.*log" SIZE<500M yellow TRACK
For starters.
Also, have you checked the file data is in your client data report to match? Note that client-local.cfg only supports explicit filenames unless this is an extension for whatever Windows Xymon client you are using.
An alternative approach is to monitor the size of the folder containing the log files. OK if only a few designated logs in there. Not so good if you've got unlimited history, etc.
I have the following for my Windows clients:
(in /etc/client-local.cfg)
[win32] dir:C:\inetpub dir:C:\ProgramData\Microsoft\Windows\WER dir:C:\Windows\Logs\CBS dir:C:\Windows\Temp
(in analysis.cfg) DIR C:\Windows\Logs\CBS yellow SIZE<200000 TRACK=C-CBS DIR C:\Windows\Logs\CBS red SIZE<500000 DIR C:\ProgramData\Microsoft\Windows\WER yellow SIZE<200000 TRACK=C-WER DIR C:\ProgramData\Microsoft\Windows\WER red SIZE<500000 DIR C:\Windows\Temp yellow SIZE<200000 TRACK=C-Windows-Temp EXHOST=%(sccm) DIR C:\Windows\Temp red SIZE<500000 EXHOST=%(sccm)
David.
-- David Baldwin - Senior Systems Administrator (Datacentres + Networks) Digital Information Management and Technology Australian Sports Commission http://ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au 1 Leverrier Street Bruce ACT 2617 Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
Hi David and thanks for the reply
I've corrected the regex but the test is still not going red.
Could you share your client-local.cfg?
Thanks
CC
On Mon, Apr 18, 2016 at 8:40 AM, David Baldwin <david.baldwin at ausport.gov.au
wrote:
On 18/04/2016 9:42 am, Colin Coe wrote:
Hi all
I'm trying to monitor some log files on Windows 7 clients. I have this in the analysis.cfg file:
HOST=%client.* FILE "C:\users\user\Documents\ClientTiming*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTiming*log" SIZE<1G red TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<500M yellow TRACK FILE "C:\users\user\Documents\ClientTrace*log" SIZE<1G red TRACK
The files are displayed but regardless of the file size, the test stays green.
I want the test to go red when the files exceed 1GB and yellow when greater than 500MB.
Any ideas where I'm going wrong?
Is your filename supposed to be a regex? Wildcard matching isn't builtin.
Try:
FILE "%C:\users\user\Documents\ClientTiming.*log" SIZE<500M yellow TRACK
For starters.
Also, have you checked the file data is in your client data report to match? Note that client-local.cfg only supports explicit filenames unless this is an extension for whatever Windows Xymon client you are using.
An alternative approach is to monitor the size of the folder containing the log files. OK if only a few designated logs in there. Not so good if you've got unlimited history, etc.
I have the following for my Windows clients:
(in /etc/client-local.cfg)
[win32] dir:C:\inetpub dir:C:\ProgramData\Microsoft\Windows\WER dir:C:\Windows\Logs\CBS dir:C:\Windows\Temp
(in analysis.cfg) DIR C:\Windows\Logs\CBS yellow SIZE<200000 TRACK=C-CBS DIR C:\Windows\Logs\CBS red SIZE<500000 DIR C:\ProgramData\Microsoft\Windows\WER yellow SIZE<200000 TRACK=C-WER DIR C:\ProgramData\Microsoft\Windows\WER red SIZE<500000 DIR C:\Windows\Temp yellow SIZE<200000 TRACK=C-Windows-Temp EXHOST=%(sccm) DIR C:\Windows\Temp red SIZE<500000 EXHOST=%(sccm)
David.
-- David Baldwin - Senior Systems Administrator (Datacentres + Networks) Digital Information Management and Technology Australian Sports Commission http://ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616david.baldwin at ausport.gov.au 1 Leverrier Street Bruce ACT 2617 Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
Colin,
Hi David and thanks for the reply
I've corrected the regex but the test is still not going red.
Is there anything in the Client Data report? You should see sections like:
[file:C:\WINDOWS\system.ini] type:0x00020 (file) mode:777 (not implemented) linkcount:1 owner:0 (not implemented) group:0 (not implemented) size:219 atime:1247574897 (2009/07/14-12:34:57) ctime:1247574897 (2009/07/14-12:34:57) mtime:1244704084 (2009/06/11-07:08:04)
Could you share your client-local.cfg?
I don't have any wildcard matching, only specific named files, so nothing I can send you.
participants (2)
-
colin.coe@gmail.com
-
david.baldwin@ausport.gov.au