26 Jul
2007
26 Jul
'07
8:01 a.m.
Kenneth Bourn wrote:
I am having issues with getting Hobbit to report log entries from client log files. The server is getting the log data but, despite a valid string entry in the log file, no alerts are generated.
Here is an excerpt from my client-local.cfg file:
[hosta-z1] log:/var/adm/messages:10240
And a corresponding entry from the hobbit-clients.cfg file:
HOST=hosta-z1 LOG /var/adm/messages sshd COLOR=red
Have you tried this (turn off case insensitive matching):
LOG /var/adm/messages %(?-i)sshd COLOR=redDominique UNIL - University of Lausanne