4.3.21 Monitoring log files
list Usa Ims
Hello, I'll try not to span this time. I just installed '4.3.21' server on a Raspberry Pi Debian. Additionally, I just compiled '4.3.21' as a client on a Raspberry Pi Debian. Xymon is going to be used to monitor one server, a network intrusion software called snort. I'm going to monitor one log file which has all the detected alerts. If an alert comes in, I want Xymon to be red. So, I went to the xymon server and modified the 'client-local.cfg': [snort] log:/var/log/snort/alert:4096 'snort' is the name of the sniffer server and I only want to monitor '/var/log/snort/alert' file. Then I went to the 'analysis.cfg' on the xymon server and added: HOST=snort LOG /var/log/snort/alert ERROR COLOR=red I waited 20 minutes and I'm getting: No log data available The client did not report any logfile data I do see green happy faces on conn, disk, info, memory but 'msgs' is white. I had this working on a very old version of 'xymon' a while ago but this is the first time I'm using the latest and greatest. Please help. usaims
list James Louis
Can Xymon read that snort log? On Fri, Aug 14, 2015 at 2:28 PM, usa ims via Xymon <xymon at xymon.com> wrote:
---------- Forwarded message ---------- From: usa ims <user-42bb6445007b@xymon.invalid> To: Xymon Mailinglist <xymon at xymon.com> Cc: Date: Fri, 14 Aug 2015 19:19:34 +0000 (UTC) Subject: 4.3.21 Monitoring log files
▸
Hello,
I'll try not to span this time.
I just installed '4.3.21' server on a Raspberry Pi Debian.
Additionally, I just compiled '4.3.21' as a client on a Raspberry Pi
Debian.
Xymon is going to be used to monitor one server, a network intrusion
software called snort.
I'm going to monitor one log file which has all the detected alerts. If an
alert comes in, I want Xymon to be red.
So, I went to the xymon server and modified the 'client-local.cfg':
[snort]
log:/var/log/snort/alert:4096
'snort' is the name of the sniffer server and I only want to monitor
'/var/log/snort/alert' file.
Then I went to the 'analysis.cfg' on the xymon server and added:
HOST=snort
LOG /var/log/snort/alert ERROR COLOR=red
I waited 20 minutes and I'm getting:
No log data available
The client did not report any logfile data
I do see green happy faces on conn, disk, info, memory but 'msgs' is white.
I had this working on a very old version of 'xymon' a while ago but this
is the first time I'm using the latest and greatest.
Please help.
usaims
--
* Jim Louis \\\\||//// \ ~ ~ / | @ @ |*
*--oOo---(_)---oOo--*
'If a Neanderthal came and sat next to you on a bus, you'd probably get up
and change seats. But if a *Homo erectus* came and sat next to you on a
bus, you'd probably get off the bus.' ~ unknown
list Usa Ims
I have resolved the issue by removing '--local' from clientlaunch.cfg. Sorry for the repeated emails -- I don't know why this is happenings.
▸
On Friday, August 14, 2015 3:28 PM, usa ims via Xymon <xymon at xymon.com> wrote:
Hello,
I'll try not to span this time.
I just installed '4.3.21' server on a Raspberry Pi Debian.
Additionally, I just compiled '4.3.21' as a client on a Raspberry Pi Debian.
Xymon is going to be used to monitor one server, a network intrusion software called snort.
I'm going to monitor one log file which has all the detected alerts. If an alert comes in, I want Xymon to be red.
So, I went to the xymon server and modified the 'client-local.cfg':
[snort]
log:/var/log/snort/alert:4096
'snort' is the name of the sniffer server and I only want to monitor '/var/log/snort/alert' file.
Then I went to the 'analysis.cfg' on the xymon server and added:
HOST=snort
LOG /var/log/snort/alert ERROR COLOR=red
I waited 20 minutes and I'm getting:
No log data available
The client did not report any logfile data
I do see green happy faces on conn, disk, info, memory but 'msgs' is white.
I had this working on a very old version of 'xymon' a while ago but this is the first time I'm using the latest and greatest.
Please help.
usaims