(this message was eaten by my spamfilter for some odd reason)
On Mon, Sep 11, 2006 at 12:38:16PM +0100, Andrew Jackson wrote:
Just thought I'd raise this up again. What I am trying to do is monitor
a few machines outside our firewall. I am firing off
hobbitclient-<OS>.sh using ssh from the hobbit server then submitting
the output from the hobbit server like the suggestion in the discussion
on agentless clients. Unlike the agentless client example I have
installed the hobbit client on the target machine and fire off the
hobbitclient-<OS>.sh by using a command associated with the ssh key
being used for access. In the agentless client discussion the output
from the data submission which is used as the configuration file for
logfetch is discarded. I can see it being generated in hobbitclient.sh
when the client submits it's own data. I know I would have to get this
file back to the client if I wanted log monitoring on my systems outside
the firewall. What I can't find is where the logfetch status file
(second argument for logfetch in hobbitclient-<OS>.sh) comes from or is
updated.
The second file is maintained by logfetch itself. It contains the
locations into the various logfiles that logfetch has processed in
earlier runs.
Instead of ssh'ing into the box, perhaps you could use the
msgcache/hobbitfetch utilities ? That lets you run the normal client on
a box together with msgcache, and then hobbitfetch contacts the client
to pick up the data. Log monitoring does work normally with that setup.
Regards,
Henrik