[hobbit] Problem with LOG test

Fri Sep 22 13:39:51 CEST 2006

Olivier Boyaval wrote:
> Hello,
> 
> I have a problem to test many log file on a linux client. I test a log 
> file with word cirtical and major but hobbit doesn't send any alarm when 
> this log file contains message with this key words.
> 
> My client doesn't use the local config and use the server config.
> 
> -------> My log file (for test) :
> 
> ------------------------------------------
> Major : test alarme
> Critical : test alarme
> 
> fin
> 
> Nota : If I don't add the first line (-------) then the begin of line is 
> cut after 5 characters.
> 
> -------> My hobbit server's hobbit-clients.cfg extract :
> 
> HOST=agecanonix
>        PROC /usr/sbin/ntpd 1
>        PROC tina_daemon 1
>        LOG /var/log/messages WARNING COLOR=yellow
>        LOG /var/log/messages ERROR COLOR=red
>        LOG /home/sirt/log/alarm_tina.log major COLOR=yellow
>        LOG /home/sirt/log/alarm_tina.log critical COLOR=red
>        DISK /media/dvd IGNORE
> 
> 
> -------> My hobbit server's client-local.cfg extract :
> 
> [agecanonix]
> log:/var/log/messages:10240
> trigger %WARNING|ERROR
> log:/home/sirt/log/alarm_tina.log:10240
> trigger %major|critical
> 
> -------> The hobbit page :

Try this:

[agecanonix]
log:/var/log/messages:10240
trigger WARNING|ERROR
log:/home/sirt/log/alarm_tina.log:10240
trigger major|critical

I do not think '%' (pcre) is supported in this file.

> 
> 
>      System logs at Fri Sep 22 10:30:17 CEST 2006
> 
> No entries in /var/log/messages 
> <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/var/log/messages> 
> 
> 
> No entries in /home/sirt/log/alarm_tina.log 
> <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/home/sirt/log/alarm_tina.log> 
> 
> 
> 
> Full log /var/log/messages 
> <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/var/log/messages> 
> 
> Sep 22 08:05:21 agecanonix vsftpd: Fri Sep 22 10:05:21 2006 [pid 23276] 
> CONNECT: Client "xxxxx"
> Sep 22 10:07:58 agecanonix su: (to hobbit) root on /dev/pts/2
> Sep 22 10:07:58 agecanonix su: pam_unix2: session started for user 
> hobbit, service su Sep 22 08:10:22 agecanonix vsftpd: Fri Sep 22 
> 10:10:22 2006 [pid 23415] CONNECT: Client "xxxxx"
> Sep 22 10:11:46 agecanonix su: pam_unix2: session finished for user 
> hobbit, service su Sep 22 10:12:17 agecanonix su: pam_unix2: session 
> finished for user sirt, service su Sep 22 08:12:22 agecanonix vsftpd: 
> Fri Sep 22 10:12:22 2006 [pid 23418] CONNECT: Client "xxxxx"
> Sep 22 10:12:28 agecanonix su: (to sirt) root on /dev/pts/2
> Sep 22 10:12:28 agecanonix su: pam_unix2: session started for user sirt, 
> service su Sep 22 10:15:01 agecanonix /USR/SBIN/CRON[23502]: (sirt) CMD 
> (/home/sirt/bin/alarm_tina.sh) Sep 22 10:15:03 agecanonix su: (to 
> hobbit) root on /dev/pts/2
> Sep 22 10:15:03 agecanonix su: pam_unix2: session started for user 
> hobbit, service su Sep 22 08:17:23 agecanonix vsftpd: Fri Sep 22 
> 10:17:23 2006 [pid 23640] CONNECT: Client "xxxxx"
> Sep 22 08:22:25 agecanonix vsftpd: Fri Sep 22 10:22:25 2006 [pid 23686] 
> CONNECT: Client "xxxxx"
> Sep 22 08:27:26 agecanonix vsftpd: Fri Sep 22 10:27:26 2006 [pid 23729] 
> CONNECT: Client "xxxxx"
> Sep 22 10:30:01 agecanonix /USR/SBIN/CRON[23737]: (sirt) CMD 
> (/home/sirt/bin/alarm_tina.sh)
> Full log /home/sirt/log/alarm_tina.log 
> <http://alambix.ch-bethune.fr/hobbit-cgi/bb-hostsvc.sh?CLIENT=agecanonix&SECTION=msgs:/home/sirt/log/alarm_tina.log> 
> 
> -------------------------
> Major : test alarme
> Critical : test alarme
> 
> fin
> 
> 
> 
> 
> Any idea ?
> 
> Cdl
> 
> Olivier
> 
> 
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
> 
> 