Hi,
Here is the swatch.conf file which we currently use. Any input welcome.
--sk
#
# FHCRC InfoTech loghost swatch config file
#
# The upfront "ignore" lines are purely for performance optimization,
# to reduce the amount of stuff which actually gets searched for
# meaning
########################################################################
# Ignore lots of stuff, to improve performance
########################################################################
# Ignore these boxes entirely
ignore = /cache-eng/
ignore = /ga-a-fw|ga-b-fw/
ignore = /cf-a-rtr|cf-b-rtr|df-a-rtr|df-b-rtr|mp-a-rtr|mp-b-rtr/
# Skip the popular entries
# Frequent ones
ignore = /bootpd|radiusd|slapd|pop3|imap/
# Common ones
ignore = /nodewatch|qpage|xntpd|last
message|inetd|printer|mail.local|tftp/
# Regular ones
ignore = /bind_stats|AT-6-NODEWRONG|apager|fping|bulkmail|Admusermod
failed/
# BOOTP/dhcpd error messages
ignore = /BOOTREQUEST from/
ignore = /No applicable record for BOOTP host/
# Normal dhcpd messages
ignore = /DHCPREQUEST|DHCPACK|DHCPOFFER|DHCPDISCOVER|DHCPRELEASE/
# BIND error messages
ignore = /dangling CNAME pointer|Lame server on/
ignore = /bad referral|No possible A RRs|Response from unexpected source/
ignore = /NS points to CNAME|unapproved update from/
ignore = /dumping nameserver stats|NSTATS|XSTATS|A RR negative cache
entry/
# Normal NIS+ messages
ignore = /read only child|readonly child|replica_update/
ignore = /timestamp is earlier than the one previously/
ignore = /invalid timestamp received from unix/
ignore = /is unable to encrypt session key|keyserv_client: can't stat/
ignore = /starting to reap child process|child prcoess ended/
ignore = /is unable to generate session key/
#######################################################################
# Look for interesting stuff
#######################################################################
# Applications ####################################################
# sendmail issues
#watchfor = /config error: mail loops back to me/
# exec=/opt/local/bin/qpage -f \"\" cns \"Duty: mail relay
configuration error -- we are bouncing mail. --swatch\"
# mail = it-server
# throttle=480:00
#
ignore = /sendmail/
# BIND issues
watchfor = /CNAME and OTHER data error/
mail = it-server
throttle = 60:00
watchfor = /db_load could not open/
mail = it-server
throttle = 60:00
ignore = /named/
# DHCP issues
watchfor = /no free leases/
exec=/home/netops/bin/let_me_sleep -g skendric -m \"Duty: A DHCP
pool on $4 has exhausted its leases. --swatch\"
mail = it-server
throttle = 480:00
ignore = /dhcpd/
# Packet Infrastructure issues ######################################
# Ascend issues
watchfor = /LAN security error.*isdn/
# exec=/opt/local/bin/qpage -f \"\" cns \"Duty: cf-x-rad are denying
valid username-password combinations. --swatch\"
throttle = 480:00
mail = skendric
ignore = /ASCEND/
# Router sees duplicate IP addresses
watchfor = /STANDBY-3-DUPADDR/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The Supervisor card
in $4 is failing. --swatch\"
mail = skendric
throttle = 480:00
ignore = /STANDBY/
# IP space ########################################################
# Duplicate IP addresses
watchfor = /Duplicate address/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Duplicate IP
address. Som
eone has assigned $4 's IP address to another device. --swatch\"
mail = it-server
throttle = 480:00
# Unix OS Stuff ######################################################
# File system full
watchfor = /file system full/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk space exhausted
on $4. --swatch\"
mail = it-server
throttle = 480:00
# System crashes and halts
watchfor = /(panic|halt)/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: $4 panicked and is
now rebooting. --swatch\"
mail = it-server
throttle = 480:00
# File system errors
watchfor = /Media Error/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
# Hardware errors ##################################################
# Memory errors
watchfor = /dma error|DMA error/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: RAM problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
# SCSI Bus errors
watchfor = /SCSI transport failed/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: SCSI bus problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
# Security issues ##################################################
# Stack smashing attempt
watchfor = /attempt to execute code on stack/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Hackers are
attacking $4: attempt to execute code on stack. --swatch\"
mail = it-server
throttle = 60:00
# NIS+ issues #########################################################
# These indicate possible corruption in the NIS+ space
watchfor = /NIS+ server needs to be checkpointed/
mail = it-server
throttle = 480:00
watchfor = /Error in RPC subsystem/
mail = it-server
throttle = 480:00
# These indicate serious corruption in the NIS+ space
watchfor = /no public key for unix/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The NIS+ server $4
may be corrupted. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /possible loop detected in name space/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The NIS+ server $4
is corrupted. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /xdr_array: out of memory/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The NIS+ server $4
is corrupted. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /xdr_bytes: out of memory/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The NIS+ server $4
is corrupted. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /WARNING: db_dictionary/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: The NIS+ server $4
is corrupted. --swatch\"
mail = it-server
throttle = 480:00
# DiskSuite ########################################################
# These indicate physical drive problems
watchfor = /Could not load misc/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /db: Parsing error on/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /Hot spared device/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /hotspared device/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /no mem for property/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /Cannot load .* driver/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /Open error of hotspare/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /read error on/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /write error on/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /State database/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /Unknown close type/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /Unknown open type/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
watchfor = /WARNING: md: . --swatch* needs maintenance/
exec=/opt/local/bin/qpage -f \"\" cns \"Duty: Disk problems on
$4. --swatch\"
mail = it-server
throttle = 480:00
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 10:42:11 PDT