[Logcheck-devel] Rules for cacti
Todd Troxell
ttroxell at debian.org
Tue Jan 10 11:32:11 UTC 2006
Hi Vincent,
On Fri, Dec 16, 2005 at 11:39:25AM +0100, Vincent Correze wrote:
> Hi,
>
> I just installed logcheck on a Sarge Server on which we installed cacti
> (http://www.cacti.net/), an SNMP RDDTool FrontEnd.
>
> We installed it in daemon stage, logs are filled with cactid warning.
>
> These two rules match the cacti system stats and the warnings from the
> cacti daemon.
>
> Please let me know if this is helpful,
>
> Cheers for your work,
>
> Vincent Correze
Content-Description: cacti
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Cacti\[[0-9]+\]: SYSTEM
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Cacti\[[0-9]+\]:[ /0-9]{10}[ :0-9]{10} AM - CACTID: Poller\[[0-9]\] Host\[[0-9]{2}\] DS\[[0-9]{3}\] WARNING:
Thanks for your input.
Unfortunately our policy is to only archive rules if they end in "$" and use
.* only when absolutely necessary. This accuracy decreases chances of missing
something sneaky.
(I guess we should probably document this somewhere...)
Cheers,
--
Todd Troxell
http://rapidpacket.com/~xtat
More information about the Logcheck-devel
mailing list