On Sat, Jan 12, 2008 at 10:43:31AM -0500, Edward Croft wrote:
On Jan 12, 2008 9:15 AM, Henrik Stoerner <user-ce4a2c883f75@xymon.invalid> wrote:
Have you configured your client(s) for server-side or client-side
configuration ?
I have it set up on different machines, in different configurations trying
to find the one that works.
Ok, let's pick ONE machine and get that to work. Preferably one where
the client is configured for server-side configuration. Verify this by
looking at the "conn" status - you must have a "Client data available"
link right above the graph. If there's no link, then the client isn't
sending a Hobbit "client" message, but just the old-style BB messages.
I'll assume this client system is called "testhost.foo.com". Your
client-local.cfg (on the hobbit server) should then have
[testhost.foo.com]
log:/var/log/messages:10240
trigger NOTICE
trigger WARNING
log:/var/log/secure:10240
ignore "Connection closed by"
trigger BREAKIN
Changes to client-local.cfg can take up to 15 minutes to trickle down to
the client. You can speed this up by 1) sending a HUP signal to the
hobbitd process on the Hobbit server, and then 2) restarting the Hobbit
client software. After restarting the client, it takes 5 minutes for the
changes to take effect.
Your hobbit-clients.cfg - also on the Hobbit server - must have these
lines:
HOST=testhost.foo.com
LOG /var/log/messages WARNING COLOR=yellow
LOG /var/log/messages NOTICE COLOR=red
LOG /var/log/secure BREAKIN
You can test the configuration on the Hobbit server with the
"hobbitd_client --test" command. Like this:
$ bbcmd hobbitd_client --test
2008-01-12 17:41:18 Using default environment file /usr/lib/hobbit/server/etc/hobbitserver.cfg
Hostname (.=end, ?=dump, !=reload) []: testhost.foo.com
Hosttype []:
Test (cpu, mem, disk, proc, log, port): log
log filename: /var/log/secure
To read log data from a file, enter '@FILENAME' at the prompt
log line: Jan 10 13:22:50 sirona sshd[5087]: Connection closed by 10.0.14.249
log line: Jan 10 13:27:51 sirona sshd[5133]: Connection closed by 10.0.14.249
log line: Jan 10 13:31:38 sirona ecroft: BREAKIN
log line: Jan 10 13:32:52 sirona sshd[5181]: Connection closed by 10.0.14.249
log line: Jan 10 13:37:53 sirona sshd[5227]: Connection closed by 10.0.14.249
log line:
Log status is red
&red Jan 10 13:22:50 sirona sshd[5087]: Connection closed by
10.0.14.249Jan 10 13:27:51 sirona sshd[5133]: Connection closed by
10.0.14.249Jan 10 13:31:38 sirona ecroft: BREAKINJan 10 13:32:52 sirona
sshd[5181]: Connection closed by 10.0.14.249Jan 10 13:37:53 sirona
sshd[5227]: Connection closed by 10.0.14.249
Also, while in the "hobbitd_client --test" environment, you can use the
dump-command to see how your hobbits-clients.cfg was parsed.
If this doesn't make your msgs column go red, then I'd like to have a
look at the bb-hosts entry for this host, and your client-local.cfg and
hobbit-clients.cfg files. You can send them directly to me, no need to
bother the entire mailing list with them.
Regards,
Henrik