I have it set up on different machines, in different configurations trying to find the one that works.The only one that works is the one that is using the bb client. We are trying to move away from Big Brother. When it is client-side, I configure it on the client, on the server side I configure all of them whether they are client-side or not. Question, I note that the bb-hosts file isn't installed client-side, I did copy it over to /usr/local/hobbit/client/etc directory just in case, but still no go.
The important thing is for it to alert if there is the word NOTICE in the line for messages, and BREAKIN for secure.
Thanks Henrik. Other than that, it all looks great. I really like it, but I have to get this working or it is a no go and I will have to look elsewhere.
On Jan 12, 2008 9:15 AM, Henrik Stoerner <user-ce4a2c883f75@xymon.invalid <mailto:user-ce4a2c883f75@xymon.invalid>> wrote:
Have you configured your client(s) for server-side or client-side
configuration ? It's the first question asked when you configure
the client:
Server side client configuration, or client side [server] ?
And what host are you editing the client-local.cfg and
hobbit-clients.cfg files on ? On the client or on the server?
Henrik
On Thu, Jan 10, 2008 at 02:15:24PM -0500, Edward Croft wrote:On the message page I am getting the following results.
In the client-local.cfg file it says:
log:/var/log/messages:10240
trigger NOTICE
trigger WARNING
log:/var/log/secure:10240
ignore "Connection closed by"
trigger BREAKIN
In hobbit-clients.cfg it says:
LOG /var/log/messages WARNING COLOR=yellow
LOG /var/log/messages NOTICE COLOR=red
LOG /var/log/secure BREAKIN
Yet, nothing appears in the top half and it never changes from
green.
No entries in /var/log/messages
<
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages>>;
No entries in /var/log/secure
<
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure>>;
Full log /var/log/messages
<
http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/messages>>;
Jan 10 13:31:40 sirona ecroft: NOTICE
Full log /var/log/secure
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure
<http://phanes/hobbit-cgi/bb-hostsvc.sh?CLIENT=sirona.hq.openratings.com&SECTION=msgs:/var/log/secure>>;Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:31:38 sirona ecroft: BREAKIN
Jan 10 13:32:52 sirona sshd[5181]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:37:53 sirona sshd[5227]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:42:54 sirona sshd[5273]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:47:55 sirona sshd[5319]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
Jan 10 13:52:56 sirona sshd[5365]: Connection closed by
10.0.14.249 <http://10.0.14.249>;
--
If the sane say the insane are insane,
What if the sane are insane?
Would that make the insane sane?
Explains a lot in Washington!
--E. Croft
--
Henrik Storner
--
If the sane say the insane are insane,
What if the sane are insane?
Would that make the insane sane?
Explains a lot in Washington!
--E. Croft