On 9 September 2014 10:16, Kris Springer <kspringer at innovateteam.com> wrote:
I've got a hobbit client that I installed from a FreeBSD Package running on a pfSense firewall.
Time to upgrade to Xymon? Even so, should work for you.
It's working fine other than it trying to read /var/log/messages instead of /var/log/system.log. I can't seem to figure out how to define the log file.
This is defined on the server (assuming you're in central mode) in the file client-local.cfg, like so:
[freebsd] log:/var/log/messages:10240
On my FreeBSD boxes the log file is in /var/log/messages, so that's probably the standard location, and your installation might be unusual (or newer than mine). You can either just edit the filename in client-local.cfg, or create a section with the hostname of your server, so that it overrides the [freebsd] definition:
[myhostname] log:/var/log/messages:10240
Please note that the file needs to be defined twice, once in client-local.cfg to tell the client to sent the log messages, and a second time in analysis.cfg (which I think was hobbit-clients.cfg in Hobbit) to tell Xymon what to alert on. So if you change the filename in client-local.cfg, you need to make sure there's a "LOG" definition that matches in analysis.cfg if you want any, well, analysis done. Example:
HOST=myhostname LOG /var/log/messages "kernel: .* segfault " COLOR=red
I think the default file has no LOG entries at all, so you'll have to add something here if you want any alerting.
In the client /xymon/client/etc/hobbitclient.cfg I've set the CONFIGCLASS
definition to "darwin" which is the only ostype that has the system.log type file (listed on the server in /xymon/server/etc/client-local.cfg).
Yep, this won't affect the log collection (again, assuming central mode). Instead, the log definition gets pulled from the server each time the client sends its client data, and stored in a file in $XYMONTMP/logfetch.<hostname>.cfg. You might like to have a look at that file and you'll probably see the "log:/var/log/messages:10240" definition from the relevant section of client-local.cfg.
J