[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Need help in getting message alerts

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Need help in getting message alerts
From: "Edward Croft" <croftale (at) gmail.com>
Date: Sat, 12 Jan 2008 22:29:54 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=DD5gWsTwdmpKhbEBcrgkRm5yQyXtTZn5MRm9xC+7eSM=; b=rTibgbwIPFLzEopMLLiLw2waeTlukZElYmdrhm8D1Exp0QgkWhFOzKJ6+Dgd+nFpl7e3T5GQ+u+e/CcqQwgIVBSHcxSzsQM5gWplXdFDGmy/Xz1V88jzNvX3JceZbO8CVxEYRMPNP1JzEjWjzzBi+R/rTT0zoM6CILhCgmG7QdA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=QR58R+2CuLNKYHF3IuhKCrkl9KGZZrWnA5naRrwnYT3Be82nN8KTp8B5lta8Z6mI+iIzSiHuHE3hkP3+Bldc7Gx5w3Icu9PzddkRR8M0mCtiZyMC/hRn1Yi2rqW5yc6y7JJqK1bNiLoL9oQ1wiSAyTiBbtodTaHOM271iQK9Euw=
References: <fa42a31d0801101115i7d023f7exb7390651c9f34f9a (at) mail.gmail.com> <20080112141541.GA6310 (at) hswn.dk> <fa42a31d0801120743h16eb01f5oe38a11f13e51b3d3 (at) mail.gmail.com> <20080112164632.GA9960 (at) hswn.dk>

Thank you both. I will check this out first thing Monday morning.

On Jan 12, 2008 11:46 AM, Henrik Stoerner <henrik (at) hswn.dk> wrote:

> On Sat, Jan 12, 2008 at 10:43:31AM -0500, Edward Croft wrote:
> > On Jan 12, 2008 9:15 AM, Henrik Stoerner <henrik (at) hswn.dk> wrote:
> >
> > > Have you configured your client(s) for server-side or client-side
> > > configuration ?
> >
> > I have it set up on different machines, in different configurations
> trying
> > to find the one that works.
>
> Ok, let's pick ONE machine and get that to work. Preferably one where
> the client is configured for server-side configuration. Verify this by
> looking at the "conn" status - you must have a "Client data available"
> link right above the graph. If there's no link, then the client isn't
> sending a Hobbit "client" message, but just the old-style BB messages.
>
>
> I'll assume this client system is called "testhost.foo.com". Your
> client-local.cfg (on the hobbit server) should then have
>
>    [testhost.foo.com]
>    log:/var/log/messages:10240
>    trigger NOTICE
>    trigger WARNING
>
>    log:/var/log/secure:10240
>    ignore "Connection closed by"
>    trigger BREAKIN
>
> Changes to client-local.cfg can take up to 15 minutes to trickle down to
> the client. You can speed this up by 1) sending a HUP signal to the
> hobbitd process on the Hobbit server, and then 2) restarting the Hobbit
> client software. After restarting the client, it takes 5 minutes for the
> changes to take effect.
>
>
> Your hobbit-clients.cfg - also on the Hobbit server - must have these
> lines:
>
>    HOST=testhost.foo.com
>         LOG /var/log/messages WARNING COLOR=yellow
>         LOG /var/log/messages NOTICE COLOR=red
>         LOG /var/log/secure BREAKIN
>
> You can test the configuration on the Hobbit server with the
> "hobbitd_client --test" command. Like this:
>
>    $ bbcmd hobbitd_client --test
>    2008-01-12 17:41:18 Using default environment file
> /usr/lib/hobbit/server/etc/hobbitserver.cfg
>    Hostname (.=end, ?=dump, !=reload) []: testhost.foo.com
>    Hosttype []:
>    Test (cpu, mem, disk, proc, log, port): log
>    log filename: /var/log/secure
>    To read log data from a file, enter '@FILENAME' at the prompt
>    log line: Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
> 10.0.14.249
>    log line: Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
> 10.0.14.249
>    log line: Jan 10 13:31:38 sirona ecroft: BREAKIN
>    log line: Jan 10 13:32:52 sirona sshd[5181]: Connection closed by
> 10.0.14.249
>    log line: Jan 10 13:37:53 sirona sshd[5227]: Connection closed by
> 10.0.14.249
>    log line:
>    Log status is red
>
>    &red Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
>    10.0.14.249Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
>    10.0.14.249Jan 10 13:31:38 sirona ecroft: BREAKINJan 10 13:32:52 sirona
>    sshd[5181]: Connection closed by 10.0.14.249Jan 10 13:37:53 sirona
>    sshd[5227]: Connection closed by 10.0.14.249
>
> Also, while in the "hobbitd_client --test" environment, you can use the
> dump-command to see how your hobbits-clients.cfg was parsed.
>
>
> If this doesn't make your msgs column go red, then I'd like to have a
> look at the bb-hosts entry for this host, and your client-local.cfg and
> hobbit-clients.cfg files. You can send them directly to me, no need to
> bother the entire mailing list with them.
>
>
> Regards,
> Henrik
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe (at) hswn.dk
>
>
>


-- 
If the sane say the insane are insane,
What if the sane are insane?
Would that make the insane sane?
Explains a lot in Washington!
 --E. Croft

References:
- Need help in getting message alerts
  - From: Edward Croft
- Re: [hobbit] Need help in getting message alerts
  - From: Henrik Stoerner
- Re: [hobbit] Need help in getting message alerts
  - From: Edward Croft
- Re: [hobbit] Need help in getting message alerts
  - From: Henrik Stoerner

Prev by Date: Re: [hobbit] Query: IPv6 support ?
Next by Date: Re: [hobbit] OSX 10.5 and nireport
Previous by thread: Re: [hobbit] Need help in getting message alerts
Next by thread: Need help in getting message alerts
Index(es):
- Date
- Thread