[Logwatch-Devel] Cisco service broken in 7.3.6
mgt at stellarcore.net
Mon Oct 1 06:47:29 MST 2007
Hugo van der Kooij wrote:
> On Sun, 30 Sep 2007, Mike Tremaine wrote:
>> Hugo van der Kooij wrote:
>>> On Sat, 1 Sep 2007, Mike Tremaine wrote:
>>>> Hugo van der Kooij wrote:
>>>>> Somehow the Cisco code is broken in 7.3.6 as it spews out messages for the
>>>>> wrong host. I started to fix the entries that were logged but not matched
>>>>> for my Cisco router. But I ended up with unmatched entries that are not
>>>>> for that hostname at all.
>>>>> BTW: It worked much better in 7.3.4
>>>> I think hostname is broken I have fixes in my tree that have not gone
>>>> into CVS yet. They are related to the whole --splithosts thing when I
>>>> get them in I'll have you pull the cvs version and see if it works as
>>> Did they get into CVS yet? I did a CVS checkout but it seems to contain
>>> old files. At least none of them is newer then the files included in the
>>> 7.3.6 package.
>> PS - You could try uncommenting *OnlyHost in the
>> conf/logfiles/cisco.conf file to see if that helps limit to only "hostname".
> Ouch. That works the wrong way around. I only get a load of messages from
> the syslog hos which have nothing to do with any Cisco log. But it did not
> get anything from the Cisco router I was monitoring.
> The catch and show all part is not supposed in there for generic usage.
> The Cisco parsing is incomplete at best. So anyone wanting to track other
> lines needs to enable it instead of the current fall through definition.
> A single warning line at the end will tell that unknown events are not
> shown. I will write something up and send in a patch along with additions
> to cover log lines I get but are not yet parsed.
I was afraid of that, I had the same issues when I was trying to use the
cisco module last year. Post a line or 2 from you cisco logs when you
get a chance just so I can have something in front of me as I revisit
the onlyhost and hostlist regex.
More information about the Logwatch-Devel