FreeBSD hobbit client has wrong path to log file
I've got a hobbit client that I installed from a FreeBSD Package running on a pfSense firewall. It's working fine other than it trying to read /var/log/messages instead of /var/log/system.log. I can't seem to figure out how to define the log file. In the client /xymon/client/etc/hobbitclient.cfg I've set the CONFIGCLASS definition to "darwin" which is the only ostype that has the system.log type file (listed on the server in /xymon/server/etc/client-local.cfg). I restart the hobbit service on the client and wait a bit. The web page on my server says it's looking in /var/log/messages but it finds no entries (because duh, there isn't a file with that name).
Where do I define the log file path in the client configs? Or can I define it in the server's hosts.cfg file? Signature - Kris
Thank you.
Kris Springer
On 9 September 2014 10:16, Kris Springer <kspringer at innovateteam.com> wrote:
I've got a hobbit client that I installed from a FreeBSD Package running on a pfSense firewall.
Time to upgrade to Xymon? Even so, should work for you.
It's working fine other than it trying to read /var/log/messages instead of /var/log/system.log. I can't seem to figure out how to define the log file.
This is defined on the server (assuming you're in central mode) in the file client-local.cfg, like so:
[freebsd] log:/var/log/messages:10240
On my FreeBSD boxes the log file is in /var/log/messages, so that's probably the standard location, and your installation might be unusual (or newer than mine). You can either just edit the filename in client-local.cfg, or create a section with the hostname of your server, so that it overrides the [freebsd] definition:
[myhostname] log:/var/log/messages:10240
Please note that the file needs to be defined twice, once in client-local.cfg to tell the client to sent the log messages, and a second time in analysis.cfg (which I think was hobbit-clients.cfg in Hobbit) to tell Xymon what to alert on. So if you change the filename in client-local.cfg, you need to make sure there's a "LOG" definition that matches in analysis.cfg if you want any, well, analysis done. Example:
HOST=myhostname LOG /var/log/messages "kernel: .* segfault " COLOR=red
I think the default file has no LOG entries at all, so you'll have to add something here if you want any alerting.
In the client /xymon/client/etc/hobbitclient.cfg I've set the CONFIGCLASS
definition to "darwin" which is the only ostype that has the system.log type file (listed on the server in /xymon/server/etc/client-local.cfg).
Yep, this won't affect the log collection (again, assuming central mode). Instead, the log definition gets pulled from the server each time the client sends its client data, and stored in a file in $XYMONTMP/logfetch.<hostname>.cfg. You might like to have a look at that file and you'll probably see the "log:/var/log/messages:10240" definition from the relevant section of client-local.cfg.
J
Well my problem is half fixed. I've set the hostname in client-local.cfg on the server and now it's showing the correct log file name on the webpage. The problem now is that it says there's no data in the log. Is the client not sending the data? This still feels like something that needs set on the client side. How do clients know what file is the correct log file to send? Signature - Kris
Thank you.
Kris Springer
On 9/8/2014 11:47 PM, Jeremy Laidman wrote:
On 9 September 2014 10:16, Kris Springer <kspringer at innovateteam.com <mailto:kspringer at innovateteam.com>> wrote:
I've got a hobbit client that I installed from a FreeBSD Package running on a pfSense firewall.Time to upgrade to Xymon? Even so, should work for you.
It's working fine other than it trying to read /var/log/messages instead of /var/log/system.log. I can't seem to figure out how to define the log file.This is defined on the server (assuming you're in central mode) in the file client-local.cfg, like so:
[freebsd] log:/var/log/messages:10240
On my FreeBSD boxes the log file is in /var/log/messages, so that's probably the standard location, and your installation might be unusual (or newer than mine). You can either just edit the filename in client-local.cfg, or create a section with the hostname of your server, so that it overrides the [freebsd] definition:
[myhostname] log:/var/log/messages:10240
Please note that the file needs to be defined twice, once in client-local.cfg to tell the client to sent the log messages, and a second time in analysis.cfg (which I think was hobbit-clients.cfg in Hobbit) to tell Xymon what to alert on. So if you change the filename in client-local.cfg, you need to make sure there's a "LOG" definition that matches in analysis.cfg if you want any, well, analysis done. Example:
HOST=myhostname LOG /var/log/messages "kernel: .* segfault " COLOR=red
I think the default file has no LOG entries at all, so you'll have to add something here if you want any alerting.
In the client /xymon/client/etc/hobbitclient.cfg I've set the CONFIGCLASS definition to "darwin" which is the only ostype that has the system.log type file (listed on the server in /xymon/server/etc/client-local.cfg).Yep, this won't affect the log collection (again, assuming central mode). Instead, the log definition gets pulled from the server each time the client sends its client data, and stored in a file in $XYMONTMP/logfetch.<hostname>.cfg. You might like to have a look at that file and you'll probably see the "log:/var/log/messages:10240" definition from the relevant section of client-local.cfg.
J
On 9 September 2014 23:42, Kris Springer <kspringer at innovateteam.com> wrote:
Well my problem is half fixed. I've set the hostname in client-local.cfg on the server and now it's showing the correct log file name on the webpage. The problem now is that it says there's no data in the log. Is the client not sending the data? This still feels like something that needs set on the client side. How do clients know what file is the correct log file to send?
Clients know what file is the correct log file by looking in the file logfetch.<hostname>.cfg in the tmp directory ($BBTMP).
A common problem is when a logfile is not readable by the xymon user. On some of my systems, I create a group called "logread" with the xymon user in it, and set the logfile to be group-readable by logread.
J
participants (2)
-
jlaidman@rebel-it.com.au
-
kspringer@innovateteam.com