[hobbit] Monitoring MSGS issues
lars ebeling
lars.ebeling at leopg9.no-ip.org
Sun Dec 17 10:03:38 CET 2006
Your first question I don't understand,
but in the second try with:
LOG /var/log/messages %failure
Lars
----- Original Message -----
From: "Tats SHIBATA" <gadget at rewse.jp>
To: <hobbit at hswn.dk>
Sent: Sunday, December 17, 2006 9:50 AM
Subject: [hobbit] Monitoring MSGS issues
> Hi all,
>
> I have two issues for MSGS. Thanks for your help.
>
> # Environment #
>
> Hobbit: Hobbit 4.2.0
> OS: CentOS 4.4 (Linux 2.6.9)
> Hostname: oscar (Both Hobbit server and client)
>
> ----------------------------------------
> 1. "ignore" clause in client-local.cfg doesn't filter out it.
>
> I set the below in client-local.cfg on oscar, but the msgs page on
> Hobbit shows the below. Why does not it filter out "br104fmx"?
>
> == ~hobbit/server/etc/clinet-local.cfg ==
> [oscar]
> log:/var/log/messages:10240
> ignore br104fmx
>
> == oscar - msgs ==
> No entries in /var/log/messages
>
>
> Full log /var/log/messages
> Dec 17 16:50:43 uniform brl04fmx TCP connection dropped -
> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx,53131,LAN
> Dec 17 16:50:43 uniform brl04fmx [2006-12-17 16:50:43] | From:
> [xxx.xxx.xxx.xxx] | Port:[53131] | [Blocked]
> Dec 17 16:51:16 uniform brl04fmx TCP connection dropped -
> Source:xxx.xxx.xxx.xxx,4689,WAN - Destination:xxx.xxx.xxx.xxx,445,LAN
> Dec 17 16:51:16 uniform brl04fmx [2006-12-17 16:51:16] | From:
> [xxx.xxx.xxx.xxx] | Port:[445] | [Blocked]
> Dec 17 16:52:22 oscar su(pam_unix)[4887]: session opened for user
> root by gadget(uid=500)
> Dec 17 16:55:43 uniform brl04fmx TCP connection dropped -
> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx,53147,LAN
> (abbr)
>
> ----------------------------------------
> 2. I set the below in hobbit-clients.cfg on oscar, but Hobbit doesn't
> alert it. Sent logfile is the below. Why does not Hobbit alert
> "failure"? PORT and PROC have no problems.
>
> == ~hobbit/server/etc/hobbit-clients.cfg ==
> HOST=oscar
> PORT 139 "TEXT=NetBIOS: 139"
> PORT 445 "TEXT=SMB: 445"
> PORT 3303 "TEXT=MySQL: 3306"
> PORT 3690 "TEXT=Subversion: 3690"
> LOG /var/log/messages failure
> PROC nfsd
> PROC mysqld 2
> PROC smbd
> PROC svnserve
>
> == oscar - msgs ==
> No entries in /var/log/messages
>
>
> Full log /var/log/messages
> (abbr)
> Dec 17 17:28:40 uniform brl04fmx TCP connection dropped -
> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx,53404,LAN
> Dec 17 17:28:40 uniform brl04fmx [2006-12-17 17:28:40] | From:
> [xxx.xxx.xxx.xxx] | Port:[53404] | [Blocked]
> Dec 17 17:30:26 oscar sshd(pam_unix)[5637]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac user=gadget
> Dec 17 17:30:35 oscar sshd(pam_unix)[5637]: 2 more authentication
> failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac
> user=gadget
> Dec 17 17:33:39 uniform brl04fmx TCP connection dropped -
> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx,53418,LAN
> Dec 17 17:33:39 uniform brl04fmx [2006-12-17 17:33:39] | From:
> [xxx.xxx.xxx.xxx] | Port:[53418] | [Blocked]
> (abbr)
>
>
> Thanks,
>
> --
> Tats SHIBATA
> Rewse Lab.
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
More information about the Xymon
mailing list