Logcheck devel - Dec 2005 - Rules for cacti

Hi,

I just installed logcheck on a Sarge Server on which we installed cacti
(http://www.cacti.net/), an SNMP RDDTool FrontEnd.

We installed it in daemon stage, logs are filled with cactid warning.

These two rules match the cacti system stats and the warnings from the
cacti daemon.

Please let me know if this is helpful,

Cheers for your work,

Vincent Correze
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cacti
Url:
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051216/91a3e3c7/attachment.txt

Hi Vincent,

On Fri, Dec 16, 2005 at 11:39:25AM +0100, Vincent Correze
wrote:
>  Hi,
> 
> I just installed logcheck on a Sarge Server on which we installed cacti
> (http://www.cacti.net/), an SNMP RDDTool FrontEnd.
> 
> We installed it in daemon stage, logs are filled with cactid warning.
> 
> These two rules match the cacti system stats and the warnings from the
> cacti daemon.
> 
> Please let me know if this is helpful,
> 
> Cheers for your work,
> 
> Vincent Correze
Content-Description: cacti
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Cacti\[[0-9]+\]: SYSTEM
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Cacti\[[0-9]+\]:[ /0-9]{10}[ :0-9]{10}
AM - CACTID: Poller\[[0-9]\] Host\[[0-9]{2}\] DS\[[0-9]{3}\] WARNING:
Thanks for your input.

Unfortunately our policy is to only archive rules if they end in "$"
and use
.* only when absolutely necessary.  This accuracy decreases chances of missing
something sneaky.

(I guess we should probably document this somewhere...)

Cheers,
-- 
Todd Troxell
http://rapidpacket.com/~xtat