Okay, the logs are showing up in the "Full log" section correctly now,
but my LOG keyword monitoring isn't working.
Ex)
[<server name>]
. . .
LOG /var/log/maillog did not issue MAIL/EXPN/VRFY/ETRN COLOR=yellow
. . .
LOG /var/log/httpd/intranet/error_log client denied COLOR=yellow
Does "client denied" and "did not issue MAIL/EXPN/VRFY/ETRN" have to
be in quotes?
Just ONE remaining issue now. There are still additional log files I
want to check for that aren't showing up. I have this specific
hosts's client-local.cfg entry defined as:
[master.homeoffice.none]
log:/var/log/samba/client.nmbd.log
log:/var/log/messages:10240
log:/var/log/maillog:10240
ignore relay=localhost\.localdomain
trigger denied
The "messages" and "maillog" entries are showing up just fine, but the
"client.nmbd.log" file is not showing up; not even with an empty "full
log" section. Any ideas?
Check if the configuration data makes it to the client. Does this
data show up in the client's ~hobbit/client/tmp/logfetch.HOSTNAME.cfg
file ?
If it does, then pick any status page from this host and click on the
"Client data" link near the bottom of the page. Look for the "[msgs:...]"
and "[logfile:...]" sections. Is there one for the client.nmbd.log file ?
A thanks to Chris Morris for solving this issue. I can't believe I
missed it after staring that file for quite a while, but I was missing
the :SIZE part. Adding that fixed it, and now the additional logs are
showing up. I still have an issue with file permissions in OpenBSD,
but at least now it's not a Hobbit-related issue.