[hobbit] Monitoring MSGS issues

Tats SHIBATA ts at rewse.jp
Sun Dec 17 12:36:59 CET 2006 

Hi Lars,

Thanks for your answer. I fixed the second question by %.

And the first question was resolved, too. I'm ashamed to say that I  
set br104fmx (BR1) but there are brl04fmx (BRL) at the log...

Yours,

-- 
Tats SHIBATA
Rewse Lab.


On 2006/12/17, at 18:03, lars ebeling wrote:

> Your first question I don't understand,
> but in the second try with:
>
> LOG /var/log/messages %failure
>
> Lars
>
> ----- Original Message ----- From: "Tats SHIBATA" <gadget at rewse.jp>
> To: <hobbit at hswn.dk>
> Sent: Sunday, December 17, 2006 9:50 AM
> Subject: [hobbit] Monitoring MSGS issues
>
>
>> Hi all,
>> I have two issues for MSGS. Thanks for your help.
>> # Environment #
>>   Hobbit: Hobbit 4.2.0
>>       OS: CentOS 4.4 (Linux 2.6.9)
>> Hostname: oscar (Both Hobbit server and client)
>> ----------------------------------------
>> 1. "ignore" clause in client-local.cfg doesn't filter out it.
>> I set the below in client-local.cfg on oscar, but the msgs page  
>> on  Hobbit shows the below. Why does not it filter out "br104fmx"?
>> == ~hobbit/server/etc/clinet-local.cfg ==
>> [oscar]
>> log:/var/log/messages:10240
>> ignore br104fmx
>> == oscar - msgs ==
>> No entries in /var/log/messages
>> Full log /var/log/messages
>> Dec 17 16:50:43 uniform brl04fmx TCP connection dropped -   
>> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 
>> 53131,LAN
>> Dec 17 16:50:43 uniform brl04fmx [2006-12-17 16:50:43] | From:  
>> [xxx.xxx.xxx.xxx] | Port:[53131] | [Blocked]
>> Dec 17 16:51:16 uniform brl04fmx TCP connection dropped -   
>> Source:xxx.xxx.xxx.xxx,4689,WAN - Destination:xxx.xxx.xxx.xxx,445,LAN
>> Dec 17 16:51:16 uniform brl04fmx [2006-12-17 16:51:16] | From:  
>> [xxx.xxx.xxx.xxx] | Port:[445] | [Blocked]
>> Dec 17 16:52:22 oscar su(pam_unix)[4887]: session opened for user   
>> root by gadget(uid=500)
>> Dec 17 16:55:43 uniform brl04fmx TCP connection dropped -   
>> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 
>> 53147,LAN
>> (abbr)
>> ----------------------------------------
>> 2. I set the below in hobbit-clients.cfg on oscar, but Hobbit  
>> doesn't  alert it. Sent logfile is the below. Why does not Hobbit  
>> alert  "failure"? PORT and PROC have no problems.
>> == ~hobbit/server/etc/hobbit-clients.cfg ==
>> HOST=oscar
>>     PORT 139 "TEXT=NetBIOS: 139"
>>     PORT 445 "TEXT=SMB: 445"
>>     PORT 3303 "TEXT=MySQL: 3306"
>>     PORT 3690 "TEXT=Subversion: 3690"
>>     LOG /var/log/messages failure
>>     PROC nfsd
>>     PROC mysqld 2
>>     PROC smbd
>>     PROC svnserve
>> == oscar - msgs ==
>> No entries in /var/log/messages
>> Full log /var/log/messages
>> (abbr)
>> Dec 17 17:28:40 uniform brl04fmx TCP connection dropped -   
>> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 
>> 53404,LAN
>> Dec 17 17:28:40 uniform brl04fmx [2006-12-17 17:28:40] | From:  
>> [xxx.xxx.xxx.xxx] | Port:[53404] | [Blocked]
>> Dec 17 17:30:26 oscar sshd(pam_unix)[5637]: authentication  
>> failure;  logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac   
>> user=gadget
>> Dec 17 17:30:35 oscar sshd(pam_unix)[5637]: 2 more authentication   
>> failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac    
>> user=gadget
>> Dec 17 17:33:39 uniform brl04fmx TCP connection dropped -   
>> Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 
>> 53418,LAN
>> Dec 17 17:33:39 uniform brl04fmx [2006-12-17 17:33:39] | From:  
>> [xxx.xxx.xxx.xxx] | Port:[53418] | [Blocked]
>> (abbr)
>> Thanks,
>> -- 
>> Tats SHIBATA
>> Rewse Lab.

More information about the Xymon mailing list