Not getting alerts for log entries on Solaris 10 Update 3 (SPARC) 🔗 link

On 7/25/07, Kenneth Bourn <user-aa8b94d0acf6@xymon.invalid> wrote:

 I am having issues with getting Hobbit to report log entries from client
log files.  The server is getting the log data but, despite a valid string
entry in the log file, no alerts are generated.

Here is an excerpt from my client-local.cfg file:

[hosta-z1]
log:/var/adm/messages:10240

And a corresponding entry from the hobbit-clients.cfg file:

HOST=hosta-z1
    LOG /var/adm/messages sshd COLOR=red

The status never changes for this host despite sshd entries existing in
the /var/adm/messages file.  I used "sshd" because I KNOW that there are
current entries in /var/adm/messages since everytime hobbit runs an ssh
check on the server an sshd message is generated.  I have chosen this string
just to troubleshoot this problem...

Clicking on "msgs" for this host, there is a message "No entries in
/var/adm/messages".  But if I click on the "/var/adm/messages" link it shows
recent entries with the sshd string in the log file as the following shows:

 [msgs:/var/adm/messages]
Jul 25 16:59:34 hosta-z1 sshd[4164]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:04:37 hosta-z1 sshd[4507]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:09:39 hosta-z1 sshd[4857]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:14:41 hosta-z1 sshd[5192]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:19:41 hosta-z1 sshd[5534]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:24:40 hosta-z1 sshd[5884]: [ID 800047 auth.info] Connection closed by 10.0.0.68
Jul 25 17:29:45 hosta-z1 sshd[6222]: [ID 800047 auth.info] Connection closed by 10.0.0.68

Does anyone know what the problem may be?  Is there possibly any known
issues with Hobbit logging under Solaris 10 Update 3 for SPARC?  I have
tried almost everything I can think of to get this to work and I am getting
no where.

Thanks in advance for any help.

-Ken

-- 

Kenneth Bourn wrote:

I am having issues with getting Hobbit to report log entries from client log files.  The server is getting the log data but, despite a valid string entry in the log file, no alerts are generated.

Here is an excerpt from my client-local.cfg file:

[hosta-z1]
log:/var/adm/messages:10240

And a corresponding entry from the hobbit-clients.cfg file:

HOST=hosta-z1
    LOG /var/adm/messages sshd COLOR=red

Steve Holmes wrote:

Ken,

I notice you have short host names in the config  as well as in the 
log files. Do you have short host names in the bb-hosts file as well?

Steve Holmes

On 7/25/07, * Kenneth Bourn* <user-aa8b94d0acf6@xymon.invalid 
<mailto:user-aa8b94d0acf6@xymon.invalid>> wrote:

    I am having issues with getting Hobbit to report log entries from
    client log files.  The server is getting the log data but, despite
    a valid string entry in the log file, no alerts are generated.

    Here is an excerpt from my client-local.cfg file:

    [hosta-z1]
    log:/var/adm/messages:10240

    And a corresponding entry from the hobbit-clients.cfg file:

    HOST=hosta-z1
        LOG /var/adm/messages sshd COLOR=red

    The status never changes for this host despite sshd entries
    existing in the /var/adm/messages file.  I used "sshd" because I
    KNOW that there are current entries in /var/adm/messages since
    everytime hobbit runs an ssh check on the server an sshd message
    is generated.  I have chosen this string just to troubleshoot this
    problem...

    Clicking on "msgs" for this host, there is a message "No entries
    in /var/adm/messages".  But if I click on the "/var/adm/messages"
    link it shows recent entries with the sshd string in the log file
    as the following shows:

    [msgs:/var/adm/messages]
    Jul 25 16:59:34 hosta-z1 sshd[4164]: [ID 800047 

    Does anyone know what the problem may be?  Is there possibly any
    known issues with Hobbit logging under Solaris 10 Update 3 for
    SPARC?  I have tried almost everything I can think of to get this
    to work and I am getting no where.

    Thanks in advance for any help.

    -Ken


-- 
Nonviolence means avoiding not only external physical violence but also
internal violence of spirit. You not only refuse to shoot a man, but you
refuse to hate him. -Martin Luther King, Jr., civil-rights leader
(1929-1968)
The great thing about getting older is that you don't lose all the other
ages you've been. -Madeleine L'Engle, writer (1918- ) 

-- 

Dominique Frise wrote:

Kenneth Bourn wrote:

I am having issues with getting Hobbit to report log entries from client log files.  The server is getting the log data but, despite a valid string entry in the log file, no alerts are generated.

Here is an excerpt from my client-local.cfg file:

[hosta-z1]
log:/var/adm/messages:10240

And a corresponding entry from the hobbit-clients.cfg file:

HOST=hosta-z1
    LOG /var/adm/messages sshd COLOR=red

Have you tried this (turn off case insensitive matching):

    LOG /var/adm/messages %(?-i)sshd COLOR=red


Dominique
UNIL - University of Lausanne

-- 
Kenneth Bourn
Adaption Technologies
user-aa8b94d0acf6@xymon.invalid
XXX-XXX-XXXX

Kenneth Bourn wrote:

Dominique,

I tried this and am now getting alerts!  Is there a known issue where I can't just specify the string I want and expect it to be searched exactly as I have it entered in the hobbit-clients.cfg file?  Turning off case insensitive matching works...

Thanks!
-Ken

Dominique Frise wrote:

Kenneth Bourn wrote:

I am having issues with getting Hobbit to report log entries from client log files.  The server is getting the log data but, despite a valid string entry in the log file, no alerts are generated.

Here is an excerpt from my client-local.cfg file:

[hosta-z1]
log:/var/adm/messages:10240

And a corresponding entry from the hobbit-clients.cfg file:

HOST=hosta-z1
    LOG /var/adm/messages sshd COLOR=red

Have you tried this (turn off case insensitive matching):

    LOG /var/adm/messages %(?-i)sshd COLOR=red


Dominique
UNIL - University of Lausanne