Xymon Mailing List Archive search

port rule evaluation in hobbit-clients.cfg

list Dominique Frise
Thu, 13 Sep 2007 16:49:46 +0200
Message-Id: <user-4dea10ac7743@xymon.invalid>

Henrik Stoerner wrote:
On Thu, Sep 13, 2007 at 09:20:08AM -0400, Jay Brislin wrote:
I set up a PORT rule to alert for SENDMAIL logins in the DEFAULT section of my hobbit-clients.cfg file. I wanted
to override that rule for certain hosts to allow SENDMAIL logins. My hobbit-clients.cfg looks like this:
HOST=luxuria
        PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
DEFAULT
        PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
        PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
        PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
The DEFAULT section should ONLY be used to change the defaults for cpu-,
disk- and memory-thresholds. Do NOT use it for process- or
port-monitoring.  Instead, you should use:

HOST=luxuria
        PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"

EXHOST=luxuria
        PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
        PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
        PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"


Henrik


We use the DEFAULT section for common LOG rules.
(IGNORE rules omitted for clarity)

DEFAULT
    # These are the built-in defaults.
    UP	   1h
    LOAD	   5.0 10.0
    DISK	   %^/cdrom/.* 101 101
    DISK	   * 90 95
    MEMPHYS 100 101
    MEMSWAP 50 80
    MEMACT  90 97
    LOG /var/adm/messages %(?-i)NOTICE|kern.error
    LOG /var/adm/messages %(?-i)WARNING COLOR=yellow IGNORE=%(?-i)forceload
    LOG /var/log/messages %(?-i)Redundancy\slost|degraded|error|Error
    LOG /var/log/messages %(?-i)failed IGNORE=%(?-i)cdrom:\sopen\sfailed 
COLOR=yellow
    LOG /var/log/system.log %(?-i)error|Error
    LOG /var/log/system.log %(?-i)failed COLOR=yellow


Is this really wrong?

Dominique
UNIL - University of Lausanne