[hobbit] log file monitoring issues

Jerry Yu jjj863 at gmail.com
Thu Aug 10 22:40:36 CEST 2006


You need both.
clients-local.cfg is to tell the client to report on these logs
hobbit-clients.cfg is tell hobbitd to check/alert against log data reported
from clients

On 8/9/06, Gary B. <gmbfly98 at gmail.com> wrote:
>
> Maybe I'm just missing something in the documentation, but I can't
> seem to get the log file monitoring to work properly.  In the example
> below, I'm trying to look at the "messages" and "maillog" files on
> Linux.
>
> Particularly, I'm trying to EXCLUDE the following "messages" lines:
> Aug  9 21:19:45 www upsd[7860]: Connection from 127.0.0.1
> Aug  9 21:19:45 www upsd[7860]: Client on 127.0.0.1 logged out
> Aug  9 21:19:45 www upsd[7860]: Connection from 127.0.0.1
>
> Aug  9 16:44:01 www crond(pam_unix)[5382]: session opened for user
> root by (uid=0)
> Aug  9 16:44:14 www crond(pam_unix)[5382]: session closed for user root
> Aug  9 16:45:01 www crond(pam_unix)[5484]: session opened for user
> mailman by (uid=0)
> Aug  9 16:45:01 www crond(pam_unix)[5484]: session closed for user mailman
>
> And EXCLUDE the following "maillog" lines:
> Aug  6 11:55:02 www sendmail[15076]: k76Ft1pU015076:
> from=<mailman at HOSTNAME>, size=576, class=0, nrcpts=1,
> msgid=<200608061555.k76Ft1A2015075 at HOSTNAME>, proto=ESMTP, daemon=MTA,
> relay=localhost.localdomain [127.0.0.1]
>
>
> Below is the respective lines from the "client-local.cfg" file:
> log:/var/log/messages:10240
> ignore upsd* Client|Connection 127.0.0.1
> ignore session opened|closed for user mailman|root
> log:/var/log/maillog:10240
> ignore relay=localhost.localdomain
> trigger denied
>
> And below the specific log entries I'm looking for from "
> hobbit-clients.cfg":
> LOG     /var/log/maillog  "relaying denied"  color="yellow"
>
>
> Now, the problem I'm having...
> The "ignore" line for the /var/log/maillog file appears to be working
> correctly, as it does indeed ignore such entries as shown above.  Also
> working is the "ignore session opened..." line for the
> /var/log/messages file.
>
> What is NOT working is the "ignore" line for the "upsd*" lines in
> /var/log/messages.  For the life of me, I just can't figure out how to
> get that to work properly.  That is, two of the three "ignore" lines
> are not working, as those lines still show up in the "full log"
> output.  If anyone has any ideas, let me know.
>
> I'm also having problems with some logs not showing up on the messages
> page.  Do you need both a "LOG" entries in the hobbit-clients.cfg AND
> client-local.cfg, or will an entry in only client-local.cfg be
> sufficient to have it show up on the messages page?
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20060810/5ef6eb77/attachment.html>


More information about the Xymon mailing list