[Logwatch-Devel] Cisco service broken in 7.3.6

Hugo van der Kooij hvdkooij at vanderkooij.org
Mon Oct 1 00:01:38 MST 2007


On Sun, 30 Sep 2007, Mike Tremaine wrote:

> Hugo van der Kooij wrote:
>> On Sat, 1 Sep 2007, Mike Tremaine wrote:
>>
>>> Hugo van der Kooij wrote:
>>>> Hi,
>>>>
>>>> Somehow the Cisco code is broken in 7.3.6 as it spews out messages for the
>>>> wrong host. I started to fix the entries that were logged but not matched
>>>> for my Cisco router. But I ended up with unmatched entries that are not
>>>> for that hostname at all.
>>>>
>>>> BTW: It worked much better in 7.3.4
>>> I think hostname is broken I have fixes in my tree that have not gone
>>> into CVS yet. They are related to the whole --splithosts thing when I
>>> get them in I'll have you pull the cvs version and see if it works as
>>> expected.
>>
>> Did they get into CVS yet? I did a CVS checkout but it seems to contain
>> old files. At least none of them is newer then the files included in the
>> 7.3.6 package.
>
> PS - You could try uncommenting *OnlyHost in the
> conf/logfiles/cisco.conf file to see if that helps limit to only "hostname".

Ouch. That works the wrong way around. I only get a load of messages from 
the syslog hos which have nothing to do with any Cisco log. But it did not 
get anything from the Cisco router I was monitoring.

The catch and show all part is not supposed in there for generic usage. 
The Cisco parsing is incomplete at best. So anyone wanting to track other 
lines needs to enable it instead of the current fall through definition.

A single warning line at the end will tell that unknown events are not 
shown. I will write something up and send in a patch along with additions 
to cover log lines I get but are not yet parsed.

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hugo.vanderkooij.org/
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 	(Thanks JFK, for this quote of George Bernard Shaw.)


More information about the Logwatch-Devel mailing list