Re: {bb} MSGS and hostname

To: bb@bb4.com
Subject: Re: {bb} MSGS and hostname
From: Philip Clark <bblist@cannae.uklinux.net>
Date: 18 Feb 2006 01:03:41 +0000
Content-transfer-encoding: 7bit
Content-type: text/plain
In-reply-to: <OFC48AAB94.7F67303A-ON85257118.00552AFD-85257118.005579A1@CORE.VERIZON.COM>
References: <OFC48AAB94.7F67303A-ON85257118.00552AFD-85257118.005579A1@CORE.VERIZON.COM>
Reply-to: bb@bb4.com
Sender: owner-bb@bb4.com

On Fri, 2006-02-17 at 15:33, chris.ivey@verizon.com wrote:
> All,
>         We have an issue here occasionally where a router/switch is 
> misconfigured to send their syslog to the system log instead of the 
> network log.  When this happens, BB will page us on {server}: msgs 
> problems.  This is VERY annoying, and we would like it to stop.  I have 
> messed with bb-msgstab and it does not seem the change I made is very 
> effective.  Could someone offer some advice on how I tell BB "keep all 
> your current msgs configuration, but ONLY page when the hostname is 
> {server}"?  Any help would be very appreciated!

The exact nature of your problem is not clear to me. If I understand
correctly, your network hardware is configured to send logging
information to a syslog host. That host is set up to write network
logs to a separate file, but occasionally some networking logs end up
in the same file as those from the local machine. In this case, you
would like to filter those entries so that they do not trigger alerts.

If this is accurate, I can think of three approaches:

1. Configure bb-msgstab to prefix each item with the host name.

     myhost: /var/log/messages : : WARNING : NOTICE :

   would become:

     myhost: /var/log/messages : : myhost.*WARNING : myhost.*NOTICE :

   This could get messy if you already have a large number of clauses.

2. Modify bb-msgs.sh to filter out non-local information. This may
   be a problem if you are also testing other files with this
   script.

3. Switch to using syslog-ng, which supports complex filtering rules.

Of these, I'd be tempted to go for number three. It's likely to
require more effort to set up, but it stands the best chance of
getting you exactly what you want.

Cheers, Phil.

-- 
Faith is the quality that enables you to eat blackberry jam on a
picnic without looking to see whether the seeds move.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

References:
- {bb} MSGS and hostname
  - From: chris.ivey@verizon.com

Prev by Date: Re: {bb} How To Files
Next by Date: Re: {bb} How To Files
Previous by thread: {bb} MSGS and hostname
Next by thread: RE: {bb} MSGS and hostname
Index(es):
- Date
- Thread

Home | Main Index | Thread Index