prelude-lml-rules 4.1.0-1 / etc / prelude-lml / ruleset / ms-cluster.rules

This file is indexed.

/etc/prelude-lml/ruleset/ms-cluster.rules is in prelude-lml-rules 4.1.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#FULLNAME: Microsoft Cluster
#VERSION: 1.0
#DESCRIPTION: Cluster service from Microsoft. The rules included here were developed using NTSyslog and Windows 2003 Cluster Service.

#####
#
# Copyright (C) 2006 G Ramon Gomez <gene at gomezbrothers dot com>
# All Rights Reserved
#
# This file is part of the Prelude-LML program.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#####

#DESCRIPTION:Cluster communication failure
#CATEGORY:High Availability
#LOG:Oct 22 04:15:01 smf-syslog-02 smf-exchange-06/smf-exchange-06 clussvc[error] 1079  The node cannot join the cluster because it cannot communicate with node SMF-EXCHANGE-05 over any network configured for internal cluster communication. Check the network configuration of the node and the cluster.
regex=The node cannot join the cluster because it cannot communicate with node (\S+) over any network configured for internal cluster communication.; \
 classification.text=Cluster communication failure; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=Windows Event ID; \
 classification.reference(0).name=1079; \
 id=4900; \
 revision=1; \
 analyzer(0).name=Cluster Server; \
 analyzer(0).manufacturer=Microsoft; \
 analyzer(0).class=Cluster; \
 assessment.impact.severity=medium; \
 assessment.impact.completion=failed; \
 assessment.impact.type=dos; \
 assessment.impact.description=$1 could not connect to the active cluster member/cluster coordinator.  It will be removed from the cluster.; \
 source(0).process.name=clussvc; \
 source(0).node.address(0).category=unknown; \
 source(0).node.address(0).address=$1; \
 source(0).node.name=$1; \
 target(0).process.name=clussvc; \
 last

#DESCRIPTION:Cluster node removed from the active cluster membership
#CATEGORY:High Availability
#LOG:Oct 22 04:16:04 smf-syslog-02 smf-exchange-05/smf-exchange-05 clussvc[warning] 1135  Cluster node SMF-EXCHANGE-06 was removed from the active cluster membership. The Clustering Service may have been stopped on the node, the node may have failed, or the node may have lost communication with the other active cluster nodes
regex=Cluster node (\S+) was removed from the active cluster membership; \
 classification.text=Cluster communication failure; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=Windows Event ID; \
 classification.reference(0).name=1135; \
 id=4901; \
 revision=1; \
 analyzer(0).name=Cluster Server; \
 analyzer(0).manufacturer=Microsoft; \
 analyzer(0).class=Cluster; \
 assessment.impact.severity=medium; \
 assessment.impact.completion=failed; \
 assessment.impact.type=dos; \
 assessment.impact.description=The active cluster member/cluster coordinator could not connect to $1.  $1 will be removed from the cluster.; \
 source(0).process.name=clussvc; \
 source(0).node.address(0).category=unknown; \
 source(0).node.address(0).address=$1; \
 source(0).node.name=$1; \
 target(0).process.name=clussvc; \
 last

#DESCRIPTION:Cluster is UP
#CATEGORY:High Availability
#LOG:Oct 23 19:09:38 smf-syslog-02 smf-exchange-02/smf-exchange-02 clussvc[info] Cluster network 'Public' is operational (up). All available cluster nodes attached to the network can communicate using it.
regex=Cluster network '(.+)' is operational \(up\); \
 classification.text=Cluster up; \
 id=4902; \
 revision=1; \
 analyzer(0).name=Cluster Server; \
 analyzer(0).manufacturer=Microsoft; \
 analyzer(0).class=Cluster; \
 assessment.impact.severity=low; \
 assessment.impact.completion=succeeded; \
 assessment.impact.type=other; \
 assessment.impact.description=The cluster $1 is now up.; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Cluster name; \
 additional_data(0).data=$1; \
 last

APT Browse - Built by Thomas Orozco.