[Xymon] Xymon Log Retrieval

Phil Crooker Phil.Crooker at orix.com.au
Mon Apr 22 07:57:40 CEST 2013


If you want to monitor changes to the passwd/shadow file, one way would be to write an ext script. One can get around the OS recording changes to users by just editing the files directly, so this would be a bit more foolproof. 
You'd need be to keep a copy of the passwd file somewhere else (say the xymon server itself) and then do a diff against it.   Something like:
 
if scp $server:/etc/passwd $BBHOME/secret/$server.passwd.new
then
	    if diff $BBHOME/secret/$server.passwd.new $BBHOME/secret/$server.passwd.reference
	    then
				 COLOR=green
	    else
				 COLOR=red
	    fi
else
	    COLOR=red
fi
 
cheers, Phil
 

>>> 

Yes, that's what I've done but management want a copy of them for some
reason or other...

Regards,

Nick Pettefar


On 19 April 2013 14:18, Galen Johnson <Galen.Johnson at sas.com> wrote:
> Why not just use the Xymon client's built-in ability to test for file age and trigger an alert if it changes?
>
> =G=
>
> ________________________________________
> From: xymon-bounces at xymon.com [xymon-bounces at xymon.com] on behalf of Nick [Nick at Pettefar.com]
> Sent: Friday, April 19, 2013 8:00 AM
> To: xymon at xymon.com
> Subject: [Xymon] Xymon Log Retrieval
>
> Is there a doco anywhere explaining the log file retrieval mechanism?
>
> I want to use Xymon to fetch /etc/passwd files so that I can check for unwanted/unnoticed changes.
>
> Nick
> Dublin
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130422/eea330dd/attachment.html>


More information about the Xymon mailing list