[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] port rule evaluation in hobbit-clients.cfg
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] port rule evaluation in hobbit-clients.cfg
- From: henrik (at) hswn.dk (Henrik Stoerner)
- Date: Thu, 13 Sep 2007 16:22:22 +0200
- References: <46E93908.8080504 (at) bc.edu>
- User-agent: Mutt/1.5.13 (2006-08-11)
On Thu, Sep 13, 2007 at 09:20:08AM -0400, Jay Brislin wrote:
> I set up a PORT rule to alert for SENDMAIL logins in the DEFAULT section of my hobbit-clients.cfg file. I wanted
> to override that rule for certain hosts to allow SENDMAIL logins. My hobbit-clients.cfg looks like this:
> ------------
> HOST=luxuria
> PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
> DEFAULT
> PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
> PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
> PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
The DEFAULT section should ONLY be used to change the defaults for cpu-,
disk- and memory-thresholds. Do NOT use it for process- or
port-monitoring. Instead, you should use:
HOST=luxuria
PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
EXHOST=luxuria
PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
Henrik