<div dir="ltr">Can Xymon read that snort log?<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 14, 2015 at 2:28 PM, usa ims via Xymon <span dir="ltr"><<a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br><br>---------- Forwarded message ----------<br>From: usa ims <<a href="mailto:usaims@yahoo.com">usaims@yahoo.com</a>><br>To: Xymon Mailinglist <<a href="mailto:xymon@xymon.com">xymon@xymon.com</a>><br>Cc: <br>Date: Fri, 14 Aug 2015 19:19:34 +0000 (UTC)<br>Subject: 4.3.21 Monitoring log files<br><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div dir="ltr">Hello,<br>I'll try not to span this time.<br><br>I just installed '4.3.21' server on a Raspberry Pi Debian.<br>Additionally, I just compiled '4.3.21' as a client on a Raspberry Pi Debian.<br><br>Xymon is going to be used to monitor one server, a network intrusion software called snort.<br>I'm going to monitor one log file which has all the detected alerts. If an alert comes in, I want Xymon to be red.<br><br>So, I went to the xymon server and modified the 'client-local.cfg':<br>[snort]<br>log:/var/log/snort/alert:4096<br><br>'snort' is the name of the sniffer server and I only want to monitor '/var/log/snort/alert' file.<br><br>Then I went to the 'analysis.cfg' on the xymon server and added:<br><br>HOST=snort<br> LOG /var/log/snort/alert ERROR COLOR=red<br><br>I waited 20 minutes and I'm getting:<br><br>No log data available<br>The client did not report any logfile data<br><br>I do see green happy faces on conn, disk, info, memory but 'msgs' is white.<br><br>I had this working on a very old version of 'xymon' a while ago but this is the first time I'm using the latest and greatest.</div><div dir="ltr"><br></div><div dir="ltr">Please help.</div><div dir="ltr"><br></div><div dir="ltr">usaims<br></div></div></div><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><b><span style="font-size:8pt;font-family:"OCR A Extended","serif""><br><br><br> Jim Louis<br><br> \\\\||////<br> \ ~ ~ /<br> | @ @ |<br></span></b></div><b><span style="font-size:8.0pt;font-family:"OCR A Extended","serif"">--oOo---(_)---oOo--<br><br></span></b><div><div><p style="margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0px;text-indent:0px">'If a Neanderthal came and sat next to you on a bus, you'd probably get up and change seats. But if a <i>Homo erectus</i> came and<i> </i>sat next to you on a bus, you'd probably get off the bus.' ~ unknown<br></p></div></div></div></div></div></div></div></div></div></div></div></div>
</div>