17 Dec
2006
17 Dec
'06
11:36 a.m.
Hi Lars,
Thanks for your answer. I fixed the second question by %.
And the first question was resolved, too. I'm ashamed to say that I
set br104fmx (BR1) but there are brl04fmx (BRL) at the log...
Yours,
-- Tats SHIBATA Rewse Lab.
On 2006/12/17, at 18:03, lars ebeling wrote:
Your first question I don't understand, but in the second try with:
LOG /var/log/messages %failure
Lars
----- Original Message ----- From: "Tats SHIBATA" <gadget at rewse.jp> To: <hobbit at hswn.dk> Sent: Sunday, December 17, 2006 9:50 AM Subject: [hobbit] Monitoring MSGS issues
Hi all, I have two issues for MSGS. Thanks for your help.
Environment
Hobbit: Hobbit 4.2.0 OS: CentOS 4.4 (Linux 2.6.9) Hostname: oscar (Both Hobbit server and client)
- "ignore" clause in client-local.cfg doesn't filter out it. I set the below in client-local.cfg on oscar, but the msgs page
on Hobbit shows the below. Why does not it filter out "br104fmx"? == ~hobbit/server/etc/clinet-local.cfg == [oscar] log:/var/log/messages:10240 ignore br104fmx == oscar - msgs == No entries in /var/log/messages Full log /var/log/messages Dec 17 16:50:43 uniform brl04fmx TCP connection dropped -
Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 53131,LAN Dec 17 16:50:43 uniform brl04fmx [2006-12-17 16:50:43] | From:
[xxx.xxx.xxx.xxx] | Port:[53131] | [Blocked] Dec 17 16:51:16 uniform brl04fmx TCP connection dropped -
Source:xxx.xxx.xxx.xxx,4689,WAN - Destination:xxx.xxx.xxx.xxx,445,LAN Dec 17 16:51:16 uniform brl04fmx [2006-12-17 16:51:16] | From:
[xxx.xxx.xxx.xxx] | Port:[445] | [Blocked] Dec 17 16:52:22 oscar su(pam_unix)[4887]: session opened for user
root by gadget(uid=500) Dec 17 16:55:43 uniform brl04fmx TCP connection dropped -
Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 53147,LAN (abbr)
I set the below in hobbit-clients.cfg on oscar, but Hobbit
Tats SHIBATA Rewse Lab.
doesn't alert it. Sent logfile is the below. Why does not Hobbit
alert "failure"? PORT and PROC have no problems. == ~hobbit/server/etc/hobbit-clients.cfg == HOST=oscar PORT 139 "TEXT=NetBIOS: 139" PORT 445 "TEXT=SMB: 445" PORT 3303 "TEXT=MySQL: 3306" PORT 3690 "TEXT=Subversion: 3690" LOG /var/log/messages failure PROC nfsd PROC mysqld 2 PROC smbd PROC svnserve == oscar - msgs == No entries in /var/log/messages Full log /var/log/messages (abbr) Dec 17 17:28:40 uniform brl04fmx TCP connection dropped -
Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 53404,LAN Dec 17 17:28:40 uniform brl04fmx [2006-12-17 17:28:40] | From:
[xxx.xxx.xxx.xxx] | Port:[53404] | [Blocked] Dec 17 17:30:26 oscar sshd(pam_unix)[5637]: authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac
user=gadget Dec 17 17:30:35 oscar sshd(pam_unix)[5637]: 2 more authentication
failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=powermac
user=gadget Dec 17 17:33:39 uniform brl04fmx TCP connection dropped -
Source:xxx.xxx.xxx.xxx,6293,WAN - Destination:xxx.xxx.xxx.xxx, 53418,LAN Dec 17 17:33:39 uniform brl04fmx [2006-12-17 17:33:39] | From:
[xxx.xxx.xxx.xxx] | Port:[53418] | [Blocked] (abbr) Thanks,