[hobbit] Logfile monitoring - I'd like some comments

Henrik Stoerner henrik at hswn.dk
Wed Feb 15 07:39:11 CET 2006


On Tue, Feb 14, 2006 at 04:56:17PM -0600, Larry Barber wrote:
> The feature of the client retrieving its configuration from the server might
> cause some problems with firewalls, and security types might not be willing
> to open firewalls for such infrequent messages.

Infrequent? It's part of the client sending its status update, so it
happens every 5 minutes.

Since this is just an extension of the protocol that is already being
used for sending statuses to the Hobbit server, you won't need any
additional firewall openings.

And it's not like you can use it for any kind of file transfer. You'll
have to get the data into the Hobbit server first, so security on that
server is obviously important (but if you're care about security, you
should really care about the security of your monitoring server in the
first place). What's sent to the client can only be a part of the 
hobbit servers' log-configuration.

I guess you shouldn't tell your firewall admin's about the "config"
request you can send through the "bb" utility ....

> I like the idea of having
> centralized configuration, but it would be nice if it could be implemented
> without upsetting the firewall admins. It also eliminates the pure "push" of
> the BigBrother client, which is also something security types like. It might
> be a good idea to have an option for local client configuration.

It is possible to run the client using a local configuration. You'll
need to install the PCRE libraries on your clients for that, but it can
be done.


Regards,
Henrik




More information about the Xymon mailing list