I have it set up on different machines, in different configurations
trying to find the one that works.The only one that works is the one
that is using the bb client. We are trying to move away from Big
Brother. When it is client-side, I configure it on the client, on the
server side I configure all of them whether they are client-side or
not. Question, I note that the bb-hosts file isn't installed
client-side, I did copy it over to /usr/local/hobbit/client/etc
directory just in case, but still no go.
The important thing is for it to alert if there is the word NOTICE in
the line for messages, and BREAKIN for secure.
Thanks Henrik. Other than that, it all looks great. I really like it,
but I have to get this working or it is a no go and I will have to
look elsewhere.
On Jan 12, 2008 9:15 AM, Henrik Stoerner <henrik (at) hswn.dk
<mailto:henrik (at) hswn.dk>> wrote:
Have you configured your client(s) for server-side or client-side
configuration ? It's the first question asked when you configure
the client:
Server side client configuration, or client side [server] ?
And what host are you editing the client-local.cfg and
hobbit-clients.cfg files on ? On the client or on the server?
Henrik
On Thu, Jan 10, 2008 at 02:15:24PM -0500, Edward Croft wrote:
> On the message page I am getting the following results.
> In the client-local.cfg file it says:
> log:/var/log/messages:10240
> trigger NOTICE
> trigger WARNING
>
> log:/var/log/secure:10240
> ignore "Connection closed by"
> trigger BREAKIN
>
> In hobbit-clients.cfg it says:
> LOG /var/log/messages WARNING COLOR=yellow
> LOG /var/log/messages NOTICE COLOR=red
> LOG /var/log/secure BREAKIN
>
> Yet, nothing appears in the top half and it never changes from
green.
>
>
> No entries in /var/log/messages
> <
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages>>
>
> No entries in /var/log/secure
> <
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure>>
>
>
> Full log /var/log/messages
> <
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages>>
> Jan 10 13:31:40 sirona ecroft: NOTICE
>
> Full log /var/log/secure
>
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure>>
> Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:31:38 sirona ecroft: BREAKIN
> Jan 10 13:32:52 sirona sshd[5181]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:37:53 sirona sshd[5227]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:42:54 sirona sshd[5273]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:47:55 sirona sshd[5319]: Connection closed by
10.0.14.249 <http://10.0.14.249>
> Jan 10 13:52:56 sirona sshd[5365]: Connection closed by
10.0.14.249 <http://10.0.14.249>
>
>
>
> --
> If the sane say the insane are insane,
> What if the sane are insane?
> Would that make the insane sane?
> Explains a lot in Washington!
> --E. Croft
--
Henrik Storner
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk <mailto:hobbit-unsubscribe (at) hswn.dk>
--
If the sane say the insane are insane,
What if the sane are insane?
Would that make the insane sane?
Explains a lot in Washington!
--E. Croft