[hobbit] log file monitoring issues

Gary B. gmbfly98 at gmail.com
Fri Aug 11 16:28:40 CEST 2006 

Hmm, another issue I'm finding is that even with the permissions set
so that the Hobbit client can read the log files, they still aren't
reporting back any data.  That is, the "Full log <log file>" section
of the appropriate messages page has nothing.


On 8/11/06, Dominique Frise <Dominique.Frise at unil.ch> wrote:
> Gary B. wrote:
> > ...I'm still having issues with "Permission denied" errors from Hobbit
> > in trying to access /var/log/maillog on all my OpenBSD boxes.
> > Apparently, the only way I've been able to get Hobbit to read them is
> > if I set them 644.  However, every time OpenBSD rotates the logs, it
> > resets the permissions to 600.  Is there any way to get this to work
> > properly without having to run the Hobbit client as root?
> >
> >
> >> You need both.
> >>  clients-local.cfg is to tell the client to report on these logs
> >>  hobbit-clients.cfg is tell hobbitd to check/alert against log data
> >> reported
> >> from clients
> >>
> >>
> >> On 8/9/06, Gary B. <gmbfly98 at gmail.com> wrote:
> >> >
> >>  Maybe I'm just missing something in the documentation, but I can't
> >> seem to get the log file monitoring to work properly.  In the example
> >> below, I'm trying to look at the "messages" and "maillog" files on
> >> Linux.
> >>
> >> Particularly, I'm trying to EXCLUDE the following "messages" lines:
> >> Aug  9 21:19:45 www upsd[7860]: Connection from 127.0.0.1
> >> Aug  9 21:19:45 www upsd[7860]: Client on 127.0.0.1 logged out
> >> Aug  9 21:19:45 www upsd[7860]: Connection from 127.0.0.1
> >>
> >> Aug  9 16:44:01 www crond(pam_unix)[5382]: session opened for user
> >>  root by (uid=0)
> >> Aug  9 16:44:14 www crond(pam_unix)[5382]: session closed for user root
> >> Aug  9 16:45:01 www crond(pam_unix)[5484]: session opened for user
> >> mailman by (uid=0)
> >> Aug  9 16:45:01 www crond(pam_unix)[5484]: session closed for user
> >> mailman
> >>
> >> And EXCLUDE the following "maillog" lines:
> >> Aug  6 11:55:02 www sendmail[15076]: k76Ft1pU015076:
> >> from=<mailman at HOSTNAME>, size=576, class=0, nrcpts=1,
> >> msgid=<200608061555.k76Ft1A2015075 at HOSTNAME >, proto=ESMTP,
> >> daemon=MTA,
> >> relay=localhost.localdomain [127.0.0.1]
> >>
> >>
> >> Below is the respective lines from the "client-local.cfg" file:
> >> log:/var/log/messages:10240
> >>  ignore upsd* Client|Connection 127.0.0.1
> >> ignore session opened|closed for user mailman|root
> >> log:/var/log/maillog:10240
> >> ignore relay=localhost.localdomain
> >> trigger denied
> >>
> >> And below the specific log entries I'm looking for from "
> >> hobbit-clients.cfg":
> >> LOG     /var/log/maillog  "relaying denied"  color="yellow"
> >>
> >>
> >> Now, the problem I'm having...
> >> The "ignore" line for the /var/log/maillog file appears to be working
> >> correctly, as it does indeed ignore such entries as shown above.  Also
> >> working is the "ignore session opened..." line for the
> >> /var/log/messages file.
> >>
> >> What is NOT working is the "ignore" line for the "upsd*" lines in
> >> /var/log/messages.  For the life of me, I just can't figure out how to
> >> get that to work properly.  That is, two of the three "ignore" lines
> >> are not working, as those lines still show up in the "full log"
> >> output.  If anyone has any ideas, let me know.
> >>
> >> I'm also having problems with some logs not showing up on the messages
> >> page.  Do you need both a "LOG" entries in the hobbit-clients.cfg AND
> >> client-local.cfg , or will an entry in only client-local.cfg be
> >> sufficient to have it show up on the messages page?
> >>
> >> To unsubscribe from the hobbit list, send an e-mail to
> >> hobbit-unsubscribe at hswn.dk
> >>
> >>
> >>
> >>
> >
> > To unsubscribe from the hobbit list, send an e-mail to
> > hobbit-unsubscribe at hswn.dk
> >
> >
>
> This is what we do under:
>
> Linux RH
> --------
> # chgrp <hobbit-group> /var/log/messages*
> # chmod g+r /var/log/messages*
>
> Debian
> ------
> # addgroup <hobbit-user> adm
>
>
> The files rotation preserve these settings.
>
>
> Dominique
> UNIL - University of Lausanne
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>

More information about the Xymon mailing list