[hobbit] Need help in getting message alerts
Edward Croft
croftale at gmail.com
Sun Jan 13 04:29:54 CET 2008
Thank you both. I will check this out first thing Monday morning.
On Jan 12, 2008 11:46 AM, Henrik Stoerner <henrik at hswn.dk> wrote:
> On Sat, Jan 12, 2008 at 10:43:31AM -0500, Edward Croft wrote:
> > On Jan 12, 2008 9:15 AM, Henrik Stoerner <henrik at hswn.dk> wrote:
> >
> > > Have you configured your client(s) for server-side or client-side
> > > configuration ?
> >
> > I have it set up on different machines, in different configurations
> trying
> > to find the one that works.
>
> Ok, let's pick ONE machine and get that to work. Preferably one where
> the client is configured for server-side configuration. Verify this by
> looking at the "conn" status - you must have a "Client data available"
> link right above the graph. If there's no link, then the client isn't
> sending a Hobbit "client" message, but just the old-style BB messages.
>
>
> I'll assume this client system is called "testhost.foo.com". Your
> client-local.cfg (on the hobbit server) should then have
>
> [testhost.foo.com]
> log:/var/log/messages:10240
> trigger NOTICE
> trigger WARNING
>
> log:/var/log/secure:10240
> ignore "Connection closed by"
> trigger BREAKIN
>
> Changes to client-local.cfg can take up to 15 minutes to trickle down to
> the client. You can speed this up by 1) sending a HUP signal to the
> hobbitd process on the Hobbit server, and then 2) restarting the Hobbit
> client software. After restarting the client, it takes 5 minutes for the
> changes to take effect.
>
>
> Your hobbit-clients.cfg - also on the Hobbit server - must have these
> lines:
>
> HOST=testhost.foo.com
> LOG /var/log/messages WARNING COLOR=yellow
> LOG /var/log/messages NOTICE COLOR=red
> LOG /var/log/secure BREAKIN
>
> You can test the configuration on the Hobbit server with the
> "hobbitd_client --test" command. Like this:
>
> $ bbcmd hobbitd_client --test
> 2008-01-12 17:41:18 Using default environment file
> /usr/lib/hobbit/server/etc/hobbitserver.cfg
> Hostname (.=end, ?=dump, !=reload) []: testhost.foo.com
> Hosttype []:
> Test (cpu, mem, disk, proc, log, port): log
> log filename: /var/log/secure
> To read log data from a file, enter '@FILENAME' at the prompt
> log line: Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
> 10.0.14.249
> log line: Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
> 10.0.14.249
> log line: Jan 10 13:31:38 sirona ecroft: BREAKIN
> log line: Jan 10 13:32:52 sirona sshd[5181]: Connection closed by
> 10.0.14.249
> log line: Jan 10 13:37:53 sirona sshd[5227]: Connection closed by
> 10.0.14.249
> log line:
> Log status is red
>
> &red Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
> 10.0.14.249Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
> 10.0.14.249Jan 10 13:31:38 sirona ecroft: BREAKINJan 10 13:32:52 sirona
> sshd[5181]: Connection closed by 10.0.14.249Jan 10 13:37:53 sirona
> sshd[5227]: Connection closed by 10.0.14.249
>
> Also, while in the "hobbitd_client --test" environment, you can use the
> dump-command to see how your hobbits-clients.cfg was parsed.
>
>
> If this doesn't make your msgs column go red, then I'd like to have a
> look at the bb-hosts entry for this host, and your client-local.cfg and
> hobbit-clients.cfg files. You can send them directly to me, no need to
> bother the entire mailing list with them.
>
>
> Regards,
> Henrik
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
--
If the sane say the insane are insane,
What if the sane are insane?
Would that make the insane sane?
Explains a lot in Washington!
--E. Croft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20080112/7d83474f/attachment.html>
More information about the Xymon
mailing list