LOG test fails to IGNORE ?
list Jerry Yu
hi, I have one single Hobbit server running 4.2RC1-20060712 on CentOS 4. Clients have some harmless SELinux warning messages in /var/log/messages. I configured Hobbit to ignore such lines (conf entries appended). However, the LOG test still generates alerts. Below is excerpted from an email alert. Any idea why? I brought up before 4.2 final version is released, I believe, and was told it should not be the case. &yellow Sep 28 15:58:20 saturn su[4070]: Warning! Could not relabel with user_u:object_r:devpts_t, not relabeling. ---cut---x------ hobbit-clients.cfg -----x-------cut----- HOST=saturn log /var/log/messages %WARNING|NOTICE|ERROR COLOR=yellow IGNORE=relabeling ---cut---x------ clients-local.cfg -----x-------cut----- [saturn] log:/var/log/messages:10240 ignore MARK
list Jerry Yu
any one ? On 9/28/06, Jerry Yu <user-764c1f364fe0@xymon.invalid> wrote:
hi, I have one single Hobbit server running 4.2RC1-20060712 on CentOS 4. Clients have some harmless SELinux warning messages in /var/log/messages. I configured Hobbit to ignore such lines (conf entries appended). However, the LOG test still generates alerts. Below is excerpted from an email alert. Any idea why? I brought up before 4.2 final version is released, I believe, and was told it should not be the case. &yellow Sep 28 15:58:20 saturn su[4070]: Warning! Could not relabel with user_u:object_r:devpts_t, not relabeling. ---cut---x------ hobbit-clients.cfg -----x-------cut----- HOST=saturn log /var/log/messages %WARNING|NOTICE|ERROR COLOR=yellow IGNORE=relabeling ---cut---x------ clients-local.cfg -----x-------cut----- [saturn] log:/var/log/messages:10240 ignore MARK
list Olivier Boyaval
Jerry Yu a écrit :
any one ? On 9/28/06, *Jerry Yu* <user-764c1f364fe0@xymon.invalid <mailto:user-764c1f364fe0@xymon.invalid>>
▸
wrote:
hi,
I have one single Hobbit server running 4.2RC1-20060712 on CentOS
4. Clients have some harmless SELinux warning messages in
/var/log/messages. I configured Hobbit to ignore such lines (conf
entries appended).
However, the LOG test still generates alerts. Below is excerpted
from an email alert. Any idea why? I brought up before 4.2 final
version is released, I believe, and was told it should not be the
case.
&yellow Sep 28 15:58:20 saturn su[4070]: Warning! Could not
relabel with user_u:object_r:devpts_t, not relabeling.
---cut---x------ hobbit-clients.cfg -----x-------cut-----
HOST=saturn
log /var/log/messages %WARNING|NOTICE|ERROR COLOR=yellow
IGNORE=relabeling
---cut---x------ clients-local.cfg -----x-------cut-----
[saturn]
log:/var/log/messages:10240
ignore MARK
You can test : log /var/log/messages %WARNING|NOTICE|ERROR yellow "IGNORE=relabeling" and ignore RELABELING Cdl Olivier
list Jerry Yu
The 'hobbit-clients.cfg' man page give this example: LOG /var/log/daemon.log %WARNING|NOTICE COLOR=yellow IGNORE=lpr This is identical to mine except the actual log file name and strings.
▸
On 9/29/06, Olivier Boyaval <user-f56ee5cec7be@xymon.invalid> wrote:Jerry Yu a écrit :any one ? On 9/28/06, *Jerry Yu* <user-764c1f364fe0@xymon.invalid <mailto:user-764c1f364fe0@xymon.invalid>> wrote: hi, I have one single Hobbit server running 4.2RC1-20060712 on CentOS 4. Clients have some harmless SELinux warning messages in /var/log/messages. I configured Hobbit to ignore such lines (conf entries appended). However, the LOG test still generates alerts. Below is excerpted from an email alert. Any idea why? I brought up before 4.2 final version is released, I believe, and was told it should not be the case. &yellow Sep 28 15:58:20 saturn su[4070]: Warning! Could not relabel with user_u:object_r:devpts_t, not relabeling. ---cut---x------ hobbit-clients.cfg -----x-------cut----- HOST=saturn log /var/log/messages %WARNING|NOTICE|ERROR COLOR=yellow IGNORE=relabeling ---cut---x------ clients-local.cfg -----x-------cut----- [saturn] log:/var/log/messages:10240 ignore MARKYou can test : log /var/log/messages %WARNING|NOTICE|ERROR yellow "IGNORE=relabeling" and ignore RELABELING Cdl Olivier
list Olivier Boyaval
▸
Jerry Yu a écrit :
The 'hobbit-clients.cfg' man page give this example: LOG /var/log/daemon.log %WARNING|NOTICE COLOR=yellow IGNORE=lpr This is identical to mine except the actual log file name and strings.
I had the same problem with this synthax. I have resolved it by using
this synthax :
log /var/log/messages %WARNING|NOTICE|ERROR yellow "IGNORE=relabeling"
-> no use of COLOR= keyword
-> use of quote (") on the ignore keyword and string.
Cdl
Olivier
list Jerry Yu
I'll try it out. Thanks, Oliver. I initially didn't have color specification. I had added color=yellow since, only to mimic the example in the man page.
▸
On 10/2/06, Olivier Boyaval <user-f56ee5cec7be@xymon.invalid> wrote:Jerry Yu a écrit :The 'hobbit-clients.cfg' man page give this example: LOG /var/log/daemon.log %WARNING|NOTICE COLOR=yellow IGNORE=lpr This is identical to mine except the actual log file name and strings.I had the same problem with this synthax. I have resolved it by using this synthax : log /var/log/messages %WARNING|NOTICE|ERROR yellow "IGNORE=relabeling" -> no use of COLOR= keyword -> use of quote (") on the ignore keyword and string. Cdl Olivier
list Jerry Yu
I believe it worked! I faked a log entry with 'relabeling' and 'warning' in there.
▸
On 10/2/06, Jerry Yu <user-764c1f364fe0@xymon.invalid> wrote:I'll try it out. Thanks, Oliver. I initially didn't have color specification. I had added color=yellow since, only to mimic the example in the man page. On 10/2/06, Olivier Boyaval <user-f56ee5cec7be@xymon.invalid> wrote:Jerry Yu a écrit :The 'hobbit-clients.cfg' man page give this example: LOG /var/log/daemon.log %WARNING|NOTICE COLOR=yellow IGNORE=lpr This is identical to mine except the actual log file name and strings.I had the same problem with this synthax. I have resolved it by using this synthax : log /var/log/messages %WARNING|NOTICE|ERROR yellow "IGNORE=relabeling" -> no use of COLOR= keyword -> use of quote (") on the ignore keyword and string. Cdl Olivier