Wednesday, January 2, 2013

Main blog post thumbnail image firstImageUrl

Adding local logcheck rules to wview to reduce chattiness on server instalation

Wview daily weather view live example
Wview running on my station in Fountain Hills, AZ
I recently installed wview (version 5.20.2) to monitor my Davis Vantage VUE weather station (weather station unboxing and hardware review). This station runs on a 24/7 headless 10.04 Ubuntu LTS server in my basement.

I've finished getting it set up and running. I really like the software. The only thing I haven't seen addressed is the verbosity of the logging. Wview has great capabilities to enable a disable logging from the GUI (see online manual http://www.wviewweather.com/release-notes/wview-User-Manual.html#Configuration-wviewmgmt-services). I found this invaluable when originally setting up my Ubuntu system, but have turned all the configurable logging off.

I'm currently getting a few to many logcheck alerts each day from the server. I run logcheck at the "server" level (sudo nano /etc/logcheck/logcheck.conf configuration line set to REPORTLEVEL="server") to keep track of anything out of the ordinary on the server.


I'm currently getting emails from logcheck with entries like this throughout the day:
Jan  2 06:32:30 MyServer wviewd[11129]: <1357129950809> : station time synchronized to: 01-02-2013 06:32:30
Jan  2 06:32:30 MyServer wviewd[11129]: <1357129950809> : station GMT offset synchronized to: -6 hours, 0 minutes
Jan  2 02:33:00 MyServer wviewd[11129]: <1357115580414> : station time synchronized to: 01-02-2013 02:33:00
Jan  2 02:33:00 MyServer wviewd[11129]: <1357115580414> : station GMT offset synchronized to: -6 hours, 0 minutes

Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434571> : NOAA DB: syncing 20130101 => 20130101
Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434670> : NOAA DB: done: 24 HILOW records => 1 NOAA records
Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434671> : NOAA Generate: updating monthly NOAA report for 201301
Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434682> : NOAA: 8 days, 2 months
Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434682> : NOAA Generate: updating yearly NOAA report for 2013
Jan  2 00:00:34 MyServer htmlgend[11135]: <1357106434685> : NOAA: 2 months, 2 years
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035541> : NOAA DB: syncing 20121231 => 20121231
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035624> : NOAA DB: done: 24 HILOW records => 1 NOAA records
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035625> : NOAA Generate: updating monthly NOAA report for 201212
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035627> : NOAA: 7 days, 1 months
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035627> : NOAA Generate: updating yearly NOAA report for 2012
Jan  1 00:00:35 MyServer htmlgend[11135]: <1357020035629> : NOAA: 1 months, 1 years

Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504405> : computeDataWeek: 20121225
Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504414> : computeDataWeek: 20121226
Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504423> : computeDataWeek: 20121227
Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504433> : computeDataWeek: 20121228
Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504442> : computeDataWeek: 20121229
Dec 31 00:15:04 MyServer wviewd[11129]: <1356934504451> : computeDataWeek: 20121230
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304444> : computeDataWeek: 20121226
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304454> : computeDataWeek: 20121227
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304463> : computeDataWeek: 20121228
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304473> : computeDataWeek: 20121229
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304482> : computeDataWeek: 20121230
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304491> : computeDataWeek: 20121231
Jan  2 00:15:04 MyServer wviewd[11129]: <1357107304500> : computeDataWeek: 20130101
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905422> : computeDataWeek: 20121225
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905431> : computeDataWeek: 20121226
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905441> : computeDataWeek: 20121227
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905451> : computeDataWeek: 20121228
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905460> : computeDataWeek: 20121229
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905470> : computeDataWeek: 20121230
Jan  1 00:15:05 MyServer wviewd[11129]: <1357020905480> : computeDataWeek: 20121231
Though they are helpful in /var/log/syslog (or /var/log/wview.log entries via rsyslog), they are nothing that I want to see on a consistent basis.I can always pull them from either the /var/log/syslog or /var/log/wview.log when I need them.

I created a local-rules file for logcheck on the server and named it so it would be read when running the server configuration and by starting with local, wouldn't be overwritten in the future by another rule. The following commands create the empty file as root, change file permissions, and open the empty file up in the nano editor.
sudo touch /etc/logcheck/ignore.d.server/local-rules
sudo chmod 640 /etc/logcheck/ignore.d.server/local-rules
sudo nano /etc/logcheck/ignore.d.server/local-rules
and added in these rules to eliminate the the types of messages from being picked up by logcheck:
# Ignoring wview time, NOAA, and compute update messages
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wviewd\[[0-9]+\]: <[0-9]+> : station time|GMT offset synchronized to: [- :0-9hoursminutes]+

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ htmlgend\[[0-9]+\]: <[0-9]+> : NOAA Generate: updating monthly|yearly NOAA report for [0-9]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ htmlgend\[[0-9]+\]: <[0-9]+> : NOAA DB: syncing|done: [0-9]+ HILOW records =>|=> [0-9]+$| NOAA records
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ htmlgend\[[0-9]+\]: <[0-9]+> : NOAA: [0-9]+ days,|months, [0-9]+ months|years

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wviewd\[[0-9]+\]: <[0-9]+> : computeDataWeek: [0-9]+

I tried to be very specific in the rules so that a message that I did want to see wasn't accidently eliminated.You can easily verify that the messages are being excluded from the logcheck runs by running one or both the commands in the terminal on the server:
sudo egrep -f /etc/logcheck/ignore.d.server/local-rules /var/log/syslog
sudo egrep -f /etc/logcheck/ignore.d.server/local-rules /var/log/wview.log
The lines that would be returned are the lines that you new local-rules would now eliminate.