Hello,
I have a problem to test many log file on a linux client. I test a log file with word cirtical and major but hobbit doesn't send any alarm when this log file contains message with this key words.
My client doesn't use the local config and use the server config.
-------> My log file (for test) :
------------------------------------------ Major : test alarme Critical : test alarme
fin
Nota : If I don't add the first line (-------) then the begin of line is cut after 5 characters.
-------> My hobbit server's hobbit-clients.cfg extract :
HOST=agecanonix PROC /usr/sbin/ntpd 1 PROC tina_daemon 1 LOG /var/log/messages WARNING COLOR=yellow LOG /var/log/messages ERROR COLOR=red LOG /home/sirt/log/alarm_tina.log major COLOR=yellow LOG /home/sirt/log/alarm_tina.log critical COLOR=red DISK /media/dvd IGNORE
-------> My hobbit server's client-local.cfg extract :
[agecanonix] log:/var/log/messages:10240 trigger %WARNING|ERROR log:/home/sirt/log/alarm_tina.log:10240 trigger %major|critical
-------> The hobbit page :
Try this:
[agecanonix] log:/var/log/messages:10240 trigger WARNING|ERROR log:/home/sirt/log/alarm_tina.log:10240 trigger major|critical
I do not think '%' (pcre) is supported in this file.
System logs at Fri Sep 22 10:30:17 CEST 2006
No entries in /var/log/messages <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/var/log/messages>
No entries in /home/sirt/log/alarm_tina.log <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/home/sirt/log/alarm_tina.log>
Full log /var/log/messages <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/var/log/messages>
Sep 22 08:05:21 agecanonix vsftpd: Fri Sep 22 10:05:21 2006 [pid 23276] CONNECT: Client "xxxxx"
Sep 22 10:07:58 agecanonix su: (to hobbit) root on /dev/pts/2
Sep 22 10:07:58 agecanonix su: pam_unix2: session started for user hobbit, service su Sep 22 08:10:22 agecanonix vsftpd: Fri Sep 22 10:10:22 2006 [pid 23415] CONNECT: Client "xxxxx"
Sep 22 10:11:46 agecanonix su: pam_unix2: session finished for user hobbit, service su Sep 22 10:12:17 agecanonix su: pam_unix2: session finished for user sirt, service su Sep 22 08:12:22 agecanonix vsftpd: Fri Sep 22 10:12:22 2006 [pid 23418] CONNECT: Client "xxxxx"
Sep 22 10:12:28 agecanonix su: (to sirt) root on /dev/pts/2
Sep 22 10:12:28 agecanonix su: pam_unix2: session started for user sirt, service su Sep 22 10:15:01 agecanonix /USR/SBIN/CRON[23502]: (sirt) CMD (/home/sirt/bin/alarm_tina.sh) Sep 22 10:15:03 agecanonix su: (to hobbit) root on /dev/pts/2
Sep 22 10:15:03 agecanonix su: pam_unix2: session started for user hobbit, service su Sep 22 08:17:23 agecanonix vsftpd: Fri Sep 22 10:17:23 2006 [pid 23640] CONNECT: Client "xxxxx"
Sep 22 08:22:25 agecanonix vsftpd: Fri Sep 22 10:22:25 2006 [pid 23686] CONNECT: Client "xxxxx"
Sep 22 08:27:26 agecanonix vsftpd: Fri Sep 22 10:27:26 2006 [pid 23729] CONNECT: Client "xxxxx"
Sep 22 10:30:01 agecanonix /USR/SBIN/CRON[23737]: (sirt) CMD (/home/sirt/bin/alarm_tina.sh)
Full log /home/sirt/log/alarm_tina.log <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/home/sirt/log/alarm_tina.log>
------------------------- Major : test alarme Critical : test alarme
fin
Any idea ?
Cdl
Olivier
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe (at) hswn.dk