[hobbit] clamd monitoring
Hubbard, Greg L
greg.hubbard at eds.com
Thu Oct 23 17:12:48 CEST 2008
This would probably be best done as a client-side test, launched
externally from the standard Hobbit client functions. It is pretty easy
to integrate custom tests with the Hobbit infrastructure.
GLH
________________________________
From: Jon Boede [mailto:jon at shadowsoft.com]
Sent: Thursday, October 23, 2008 9:44 AM
To: hobbit at hswn.dk
Subject: Re: [hobbit] clamd monitoring
While we're on the topic...
It seems that the clamd monitoring just checks to see if clamd
is answering the phone.
Is there a way to check that clamd is, well, happy as a clam?
This is to say, up to date, hasn't found anything, etc.?
Thanks,
Jon
Bill Arlofski wrote:
Hanrahan, Kevin wrote:
Hi all,
I am having trouble monitoring clamAV. As in
the docs, I put "clamd" in the bb-hosts file for my monitored host but I
get the following result:
Service clamd on server.domain.com is not OK :
Service unavailable (No route to host)
The server is reachable so there really IS a
route to the host.
any ideas?
kh
Just a guess, but I bet that clamd on the server is
either listening on
127.0.0.1:3310/TCP or only on a local socket, either of
which would render it
it inaccessible from a remote monitoring server.
Usually this is the desired configuration since then
only the mail server
itself can "use" the clamd service. From the
/etc/clamd.conf file:
--[snip]--
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of
protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
--[snip]--
You'll have to find your clamd config file and tell it
to bind to all IP
addresses by commenting out that TCPAddr line and then
either secure it with
iptables on the local host or recompile it with
tcpwrappers support.
Oh and check this option too --> "LocalSocket". It may
be enabled on your
installation:
--[snip]--
# The daemon works in a local OR a network mode. Due to
security reasons we
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
# LocalSocket /var/run/clamav/clamav.sock
--[snip]--
--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
* Stop the NSA from illegally eavesdropping on your
personal email *
Learn about PGP and start encrypting your email today
http://gnupg.org or http://www.pgp.com
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20081023/fea30fb6/attachment.html>
More information about the Xymon
mailing list