LOGWATCH

k_teru · March 03, 2011, 07:50:04 AM

Hi,

As for logwatch, it is a question.

The message generated in the past is detected two or more times.
Isn't there method of not detecting the message in the past detected once?

--------------------------------------------------

#The first
sysmem date time Node Level log messages
02-Mar-2011   16:00:21   server-99   Warning   "16:00:17.284 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   16:00:26   server-99   Warning   "16:00:21.350 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   16:00:26   server-99   Warning   "16:00:25.247 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   16:00:31   server-99   Warning   "16:00:29.472 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   16:00:36   server-99   Warning   "16:00:32.820 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   16:00:41   server-99   Warning   "16:00:37.331 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"

#The second
02-Mar-2011   18:12:27   server-99   Warning   "16:00:17.284 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   18:12:27   server-99   Warning   "16:00:21.350 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   18:12:27   server-99   Warning   "16:00:25.247 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   18:12:27   server-99   Warning   "16:00:29.472 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   18:12:27   server-99   Warning   "16:00:32.820 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   18:12:27   server-99   Warning   "16:00:37.331 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"

#The third
02-Mar-2011   19:55:29   server-99   Warning   "16:00:17.284 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   19:55:29   server-99   Warning   "16:00:21.350 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   19:55:29   server-99   Warning   "16:00:25.247 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   19:55:29   server-99   Warning   "16:00:29.472 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   19:55:29   server-99   Warning   "16:00:32.820 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"
02-Mar-2011   19:55:29   server-99   Warning   "16:00:37.331 0 SYSTEM XXX 'aaaaaaaaa' has updated the eeeeeeee Keys"

--------------------------------------------------

Agent: version 1.0.8 Linux
Manager: version 1.0.8 Windows 2008 64bit

Best regards.

Victor Kirhenshtein · March 03, 2011, 03:35:31 PM

Maybe I'm not understanding question completely: you wish to suppress several identical messages coming in short time interval? I see that messages in your example all differs with time stamps - what criteria for suppression you wish to use?

Best regards,
Victor

k_teru · March 07, 2011, 11:46:13 AM

hi!

Please look at the time stamp and the detection time of the syslog. Do not you detect it since the second times though it is correct movement that detects by the first time?

Best regards.

k_teru · March 11, 2011, 11:04:15 AM

hi!

Nxagentd.log was confirmed.
The following messages appeared. The log file doesn't rotate.
The target log file is frequently written.

nxagentd.log
-------------------------
[11-Mar-2011 13:45:05] LogParser: file size differs for stat(8 ) and fstat(/var/log/test.log), assume file rename
[11-Mar-2011 13:45:05] LogParser: file "/var/log/test.log" (pattern "/var/log/test.log") successfully opened
-------------------------

Best regards.

NetXMS Support Forum

News:

LOGWATCH

k_teru

Victor Kirhenshtein

k_teru

k_teru