[Xymon] 4.3.21 Monitoring log files
James Louis
jglouisjr at gmail.com
Fri Aug 14 22:45:07 CEST 2015
Can Xymon read that snort log?
On Fri, Aug 14, 2015 at 2:28 PM, usa ims via Xymon <xymon at xymon.com> wrote:
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
> ---------- Forwarded message ----------
> From: usa ims <usaims at yahoo.com>
> To: Xymon Mailinglist <xymon at xymon.com>
> Cc:
> Date: Fri, 14 Aug 2015 19:19:34 +0000 (UTC)
> Subject: 4.3.21 Monitoring log files
> Hello,
> I'll try not to span this time.
>
> I just installed '4.3.21' server on a Raspberry Pi Debian.
> Additionally, I just compiled '4.3.21' as a client on a Raspberry Pi
> Debian.
>
> Xymon is going to be used to monitor one server, a network intrusion
> software called snort.
> I'm going to monitor one log file which has all the detected alerts. If an
> alert comes in, I want Xymon to be red.
>
> So, I went to the xymon server and modified the 'client-local.cfg':
> [snort]
> log:/var/log/snort/alert:4096
>
> 'snort' is the name of the sniffer server and I only want to monitor
> '/var/log/snort/alert' file.
>
> Then I went to the 'analysis.cfg' on the xymon server and added:
>
> HOST=snort
> LOG /var/log/snort/alert ERROR COLOR=red
>
> I waited 20 minutes and I'm getting:
>
> No log data available
> The client did not report any logfile data
>
> I do see green happy faces on conn, disk, info, memory but 'msgs' is white.
>
> I had this working on a very old version of 'xymon' a while ago but this
> is the first time I'm using the latest and greatest.
>
> Please help.
>
> usaims
>
>
--
* Jim Louis \\\\||//// \ ~ ~ / | @ @ |*
*--oOo---(_)---oOo--*
'If a Neanderthal came and sat next to you on a bus, you'd probably get up
and change seats. But if a *Homo erectus* came and sat next to you on a
bus, you'd probably get off the bus.' ~ unknown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150814/7efa0965/attachment.html>
More information about the Xymon
mailing list