[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Monitoring logs
From: |
Petra Humann |
Subject: |
Re: Monitoring logs |
Date: |
Fri, 4 Mar 2016 09:37:02 +0100 |
Hello Martin,
from monit.log:
> [CET Mar 2 08:23:11] info : 'syslog' start on user request
> ...
> [CET Mar 2 08:23:41] error : 'syslog' content match [Mar 2 06:28:25 host
> kernel: matching content
> ….
> [CET Mar 2 08:23:41] error : 'syslog' content match [Mar 2 07:54:44 host
> kernel: matching content
Is it possible to scan the file not from beginning, but from 'syslog‘ starting
time
to get only new matching entries?
> Am 02.03.2016 um 15:05 schrieb Martin Pala <address@hidden>:
>
> monit saves the log file position in the state file (by default stored in
> ~/.monit.state). If the inode changes, or size of the file shrinks, the
> position is reset.
> Please check if your state file is stored in a persistent filesystem.
Here is all okay.
>> On 02 Mar 2016, at 10:03, Petra Humann <> wrote:
>>
>> I’m monitoring syslog with
>>
>> check file syslog with path /var/log/syslog
>> stop program = "/usr/bin/ssh remote /sbin/cmd parameter"
>> start program = "/bin/true"
>> if match „some string" then restart
>>
>> Two problems:
>> If I start monitoring, the whole syslog is scanned from beginning
>> and not from the monit start time.
>> If the condition occurs, I see in the logs of the remote system
>> the login, but the command "/sbin/cmd parameter“ is not always
>> executed….
Solved. This was not a monit problem.
>> The system is an actual Debian Jessie LTS.
Thank you very much.
Petra Humann
smime.p7s
Description: S/MIME cryptographic signature