[hobbit] Need help in getting message alerts

Henrik Stoerner henrik at hswn.dk
Sat Jan 12 17:46:32 CET 2008 

On Sat, Jan 12, 2008 at 10:43:31AM -0500, Edward Croft wrote:
> On Jan 12, 2008 9:15 AM, Henrik Stoerner <henrik at hswn.dk> wrote:
> 
> > Have you configured your client(s) for server-side or client-side
> > configuration ?
>
> I have it set up on different machines, in different configurations trying
> to find the one that works.

Ok, let's pick ONE machine and get that to work. Preferably one where
the client is configured for server-side configuration. Verify this by
looking at the "conn" status - you must have a "Client data available" 
link right above the graph. If there's no link, then the client isn't
sending a Hobbit "client" message, but just the old-style BB messages.


I'll assume this client system is called "testhost.foo.com". Your 
client-local.cfg (on the hobbit server) should then have

    [testhost.foo.com]
    log:/var/log/messages:10240
    trigger NOTICE
    trigger WARNING

    log:/var/log/secure:10240
    ignore "Connection closed by"
    trigger BREAKIN

Changes to client-local.cfg can take up to 15 minutes to trickle down to
the client. You can speed this up by 1) sending a HUP signal to the
hobbitd process on the Hobbit server, and then 2) restarting the Hobbit
client software. After restarting the client, it takes 5 minutes for the
changes to take effect.


Your hobbit-clients.cfg - also on the Hobbit server - must have these
lines:

    HOST=testhost.foo.com
         LOG /var/log/messages WARNING COLOR=yellow
	 LOG /var/log/messages NOTICE COLOR=red
	 LOG /var/log/secure BREAKIN

You can test the configuration on the Hobbit server with the
"hobbitd_client --test" command. Like this:

    $ bbcmd hobbitd_client --test
    2008-01-12 17:41:18 Using default environment file /usr/lib/hobbit/server/etc/hobbitserver.cfg
    Hostname (.=end, ?=dump, !=reload) []: testhost.foo.com
    Hosttype []:
    Test (cpu, mem, disk, proc, log, port): log
    log filename: /var/log/secure
    To read log data from a file, enter '@FILENAME' at the prompt
    log line: Jan 10 13:22:50 sirona sshd[5087]: Connection closed by 10.0.14.249
    log line: Jan 10 13:27:51 sirona sshd[5133]: Connection closed by 10.0.14.249
    log line: Jan 10 13:31:38 sirona ecroft: BREAKIN
    log line: Jan 10 13:32:52 sirona sshd[5181]: Connection closed by 10.0.14.249
    log line: Jan 10 13:37:53 sirona sshd[5227]: Connection closed by 10.0.14.249
    log line:
    Log status is red

    &red Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
    10.0.14.249Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
    10.0.14.249Jan 10 13:31:38 sirona ecroft: BREAKINJan 10 13:32:52 sirona
    sshd[5181]: Connection closed by 10.0.14.249Jan 10 13:37:53 sirona
    sshd[5227]: Connection closed by 10.0.14.249

Also, while in the "hobbitd_client --test" environment, you can use the
dump-command to see how your hobbits-clients.cfg was parsed.


If this doesn't make your msgs column go red, then I'd like to have a
look at the bb-hosts entry for this host, and your client-local.cfg and
hobbit-clients.cfg files. You can send them directly to me, no need to
bother the entire mailing list with them.


Regards,
Henrik

More information about the Xymon mailing list