[Logwatch-Devel] Cisco service broken in 7.3.6

Mike Tremaine mgt at stellarcore.net
Mon Oct 1 06:47:29 MST 2007


Hugo van der Kooij wrote:
> On Sun, 30 Sep 2007, Mike Tremaine wrote:
> 
>> Hugo van der Kooij wrote:
>>> On Sat, 1 Sep 2007, Mike Tremaine wrote:
>>>
>>>> Hugo van der Kooij wrote:
>>>>> Hi,
>>>>>
>>>>> Somehow the Cisco code is broken in 7.3.6 as it spews out messages for the
>>>>> wrong host. I started to fix the entries that were logged but not matched
>>>>> for my Cisco router. But I ended up with unmatched entries that are not
>>>>> for that hostname at all.
>>>>>
>>>>> BTW: It worked much better in 7.3.4
>>>> I think hostname is broken I have fixes in my tree that have not gone
>>>> into CVS yet. They are related to the whole --splithosts thing when I
>>>> get them in I'll have you pull the cvs version and see if it works as
>>>> expected.
>>> Did they get into CVS yet? I did a CVS checkout but it seems to contain
>>> old files. At least none of them is newer then the files included in the
>>> 7.3.6 package.
>> PS - You could try uncommenting *OnlyHost in the
>> conf/logfiles/cisco.conf file to see if that helps limit to only "hostname".
> 
> Ouch. That works the wrong way around. I only get a load of messages from 
> the syslog hos which have nothing to do with any Cisco log. But it did not 
> get anything from the Cisco router I was monitoring.
> 
> The catch and show all part is not supposed in there for generic usage. 
> The Cisco parsing is incomplete at best. So anyone wanting to track other 
> lines needs to enable it instead of the current fall through definition.
> 
> A single warning line at the end will tell that unknown events are not 
> shown. I will write something up and send in a patch along with additions 
> to cover log lines I get but are not yet parsed.
> 
> Hugo.
> 

I was afraid of that, I had the same issues when I was trying to use the 
cisco module last year. Post a line or 2 from you cisco logs when you 
get a chance just so I can have something in front of me as I revisit 
the onlyhost and hostlist regex.

-Mike


More information about the Logwatch-Devel mailing list