[hobbit] port rule evaluation in hobbit-clients.cfg

Dominique Frise Dominique.Frise at unil.ch
Thu Sep 13 16:49:46 CEST 2007 

Henrik Stoerner wrote:
> On Thu, Sep 13, 2007 at 09:20:08AM -0400, Jay Brislin wrote:
>> I set up a PORT rule to alert for SENDMAIL logins in the DEFAULT section of my hobbit-clients.cfg file. I wanted
>> to override that rule for certain hosts to allow SENDMAIL logins. My hobbit-clients.cfg looks like this:
>> ------------
>> HOST=luxuria
>>         PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
>> DEFAULT
>>         PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
>>         PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
>>         PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
> 
> The DEFAULT section should ONLY be used to change the defaults for cpu-,
> disk- and memory-thresholds. Do NOT use it for process- or
> port-monitoring.  Instead, you should use:
> 
> HOST=luxuria
>         PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
> 
> EXHOST=luxuria
>         PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
>         PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
>         PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
> 
> 
> Henrik
> 
> 
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
> 
> 

We use the DEFAULT section for common LOG rules.
(IGNORE rules omitted for clarity)

DEFAULT
    # These are the built-in defaults.
    UP	   1h
    LOAD	   5.0 10.0
    DISK	   %^/cdrom/.* 101 101
    DISK	   * 90 95
    MEMPHYS 100 101
    MEMSWAP 50 80
    MEMACT  90 97
    LOG /var/adm/messages %(?-i)NOTICE|kern.error
    LOG /var/adm/messages %(?-i)WARNING COLOR=yellow IGNORE=%(?-i)forceload
    LOG /var/log/messages %(?-i)Redundancy\slost|degraded|error|Error
    LOG /var/log/messages %(?-i)failed IGNORE=%(?-i)cdrom:\sopen\sfailed 
COLOR=yellow
    LOG /var/log/system.log %(?-i)error|Error
    LOG /var/log/system.log %(?-i)failed COLOR=yellow


Is this really wrong?

Dominique
UNIL - University of Lausanne

More information about the Xymon mailing list