LOG not triggering
list Bill Hart
I'm hoping this is something obvious.
My Hobbit server (4.2.0, patched on Friday) has the following entry in
the hobbit-clients.cfg file :
HOST=hobbit
PROC arpwatch 1
LOG /var/log/messages "arpwatch" COLOR=yellow
That is all I've changed, the default section remains the same
The PROC line works fine, but the LOG seems to be ignored.
I have entries in the messages file showing up on the hobbit server :
System logs at Tue Feb 13 11:40:27 CST 2007
No entries in /var/log/messages
Full log /var/log/messages
Feb 13 11:09:07 hobbit arpwatch: bogon 0.0.0.0
Feb 13 11:25:34 hobbit arpwatch: bogon 169.254.49.204
Feb 13 11:25:36 hobbit last message repeated 2 times
Feb 13 11:30:47 hobbit arpwatch: new station xx.xx.xx.xx
Feb 13 11:34:51 hobbit arpwatch: new station xx.xx.xx.xx
As you can see it's not triggering on the arpwatch entries there.
I've tried arpwatch, "arpwatch:", and "arpwatch", as well as %.* in
place of /var/log/messages, none of it seems to cause a yellow
condition.
Anyone have any pointers on what I'm doing wrong ? The logs all look
clean in /var/log/hobbit, only entries for an external script I'm
running that has nothing to do with this.
Thanks,
Bill Hart
Computer Support Supervisor
Burke Corporation
XXXX South D Avenue
PO Box 209
Nevada, IA XXXXX-XXXX
(XXX) XXX-XXXX x8406
www.BurkeCorp.com
Always make it your best(r)
list Massimo Morsiani
Hi Bill,
you have to use:
HOST=hobbit
PROC arpwatch 1
LOG /var/log/messages %arpwatch COLOR=yellow
I'm using this syntax in my Hobbit installation and it works fine.
Regards.
Massimo Morsiani
Information Technology Dept.
Gilbarco S.p.a.
via de' Cattani, 220/G
50145 Firenze
tel: +XX-XXX-XXXXX
fax: +XX-XXX-XXXXXX
email: user-32025d8bd22e@xymon.invalid
web: http://www.gilbarco.it
▸
-----Original Message-----
From: Bill Hart [mailto:user-1131e5ac48a4@xymon.invalid] Sent: martedì 13 febbraio 2007 18.51
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] LOG not triggering
I'm hoping this is something obvious.
My Hobbit server (4.2.0, patched on Friday) has the following entry in the hobbit-clients.cfg file :
HOST=hobbit
PROC arpwatch 1
LOG /var/log/messages "arpwatch" COLOR=yellow
That is all I've changed, the default section remains the same
The PROC line works fine, but the LOG seems to be ignored.
I have entries in the messages file showing up on the hobbit server :
System logs at Tue Feb 13 11:40:27 CST 2007
No entries in /var/log/messages
Full log /var/log/messages
Feb 13 11:09:07 hobbit arpwatch: bogon 0.0.0.0 Feb 13 11:25:34 hobbit arpwatch: bogon 169.254.49.204 Feb 13 11:25:36 hobbit last message repeated 2 times Feb 13 11:30:47 hobbit arpwatch: new station xx.xx.xx.xx Feb 13 11:34:51 hobbit arpwatch: new station xx.xx.xx.xx
As you can see it's not triggering on the arpwatch entries there.
I've tried arpwatch, "arpwatch:", and "arpwatch", as well as %.* in place of /var/log/messages, none of it seems to cause a yellow condition.
Anyone have any pointers on what I'm doing wrong ? The logs all look clean in /var/log/hobbit, only entries for an external script I'm running that has nothing to do with this.
Thanks,
Bill Hart
Computer Support Supervisor
Burke Corporation
XXXX South D Avenue
PO Box 209
Nevada, IA XXXXX-XXXX
(XXX) XXX-XXXX x8406
www.BurkeCorp.com
Always make it your best(r)
This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.
list Bill Hart
I don't know why I didn't think to try that, thanks for the tip, it is working now. Bill Hart Burke Corporation
▸
-----Original Message----- From: Morsiani, Massimo [mailto:user-32025d8bd22e@xymon.invalid] Sent: Tuesday, February 13, 2007 12:14 PM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] LOG not triggering Hi Bill, you have to use: HOST=hobbit PROC arpwatch 1 LOG /var/log/messages %arpwatch COLOR=yellow I'm using this syntax in my Hobbit installation and it works fine. Regards. Massimo Morsiani Information Technology Dept. Gilbarco S.p.a. via de' Cattani, 220/G 50145 Firenze tel: +XX-XXX-XXXXX fax: +XX-XXX-XXXXXX email: user-32025d8bd22e@xymon.invalid web: http://www.gilbarco.it -----Original Message----- From: Bill Hart [mailto:user-1131e5ac48a4@xymon.invalid] Sent: martedì 13 febbraio 2007 18.51 To: user-ae9b8668bcde@xymon.invalid Subject: [hobbit] LOG not triggering I'm hoping this is something obvious. My Hobbit server (4.2.0, patched on Friday) has the following entry in the hobbit-clients.cfg file : HOST=hobbit PROC arpwatch 1 LOG /var/log/messages "arpwatch" COLOR=yellow That is all I've changed, the default section remains the same The PROC line works fine, but the LOG seems to be ignored. I have entries in the messages file showing up on the hobbit server : System logs at Tue Feb 13 11:40:27 CST 2007 No entries in /var/log/messages Full log /var/log/messages Feb 13 11:09:07 hobbit arpwatch: bogon 0.0.0.0 Feb 13 11:25:34 hobbit arpwatch: bogon 169.254.49.204 Feb 13 11:25:36 hobbit last message repeated 2 times Feb 13 11:30:47 hobbit arpwatch: new station xx.xx.xx.xx Feb 13 11:34:51 hobbit arpwatch: new station xx.xx.xx.xx As you can see it's not triggering on the arpwatch entries there. I've tried arpwatch, "arpwatch:", and "arpwatch", as well as %.* in place of /var/log/messages, none of it seems to cause a yellow condition. Anyone have any pointers on what I'm doing wrong ? The logs all look clean in /var/log/hobbit, only entries for an external script I'm running that has nothing to do with this. Thanks, Bill Hart Computer Support Supervisor Burke Corporation XXXX South D Avenue PO Box 209 Nevada, IA XXXXX-XXXX (XXX) XXX-XXXX x8406 www.BurkeCorp.com Always make it your best(r) This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.
list Henrik Størner
▸
On Tue, Feb 13, 2007 at 11:50:48AM -0600, Bill Hart wrote:
HOST=hobbit
PROC arpwatch 1
LOG /var/log/messages "arpwatch" COLOR=yellow
The PROC line works fine, but the LOG seems to be ignored.My immediate thought is that this ought to work, but testing it I can see that it doesn't - there might be a bug there with the simple string matching. However, using a regular expression does work. So your LOG entry could be written as LOG /var/log/messages %arpwatch COLOR=yellow and you'll get the result you want. Regards, Henrik