LOG alert not showing yellow
I have a small problem. I've set up monitoring of the /var/log/messages logfile to search for the string "authentication failure" and alert with a yellow button in the MSG column. I can see the error displayed when I click on the button below the Msg column header but it does not turn yellow.
Below is the entry in the clients-local.cfg file:
[batman]
log:/var/log/messages:10240
ignore MARK
This is the entry in the hobbit-clients.cfg file:
HOST=batman
LOG /var/log/messages authentication failure color=yellowWhy doesn't this give me a yellow alert.
Thanks
Robert Manocchia
UNIX System Administrator
IDEXX Laboratories
207 556-6860
EMail Robert-Manocchia at idexx.com
Hi Manocchia,
It could be access rights, if you are running hobbit using the init script it will run as user hobbit and make sure that hobbit user can read /var/log/messages
Regards
Sello Tlabela
From: Manocchia, Robert [mailto:Robert-Manocchia at IDEXX.com] Sent: 05 June 2007 21:38 To: 'hobbit at hswn.dk' Subject: [hobbit] LOG alert not showing yellow
I have a small problem. I've set up monitoring of the /var/log/messages logfile to search for the string "authentication failure" and alert with a yellow button in the MSG column. I can see the error displayed when I click on the button below the Msg column header but it does not turn yellow.
Below is the entry in the clients-local.cfg file:
[batman]
log:/var/log/messages:10240
ignore MARK
This is the entry in the hobbit-clients.cfg file:
HOST=batman
LOG /var/log/messages authentication failurecolor=yellow
Why doesn't this give me a yellow alert.
Thanks
Robert Manocchia
UNIX System Administrator
IDEXX Laboratories
207 556-6860
EMail Robert-Manocchia at idexx.com
This e-mail and its contents are subject to the Telkom SA Limited
e-mail legal notice available at
http://www.telkom.co.za/TelkomEMailLegalNotice.PDF
Try using this syntax (changing space with \s + pcre)
LOG /var/log/messages %authentication\sfailure
color=yellow
Giovanni M. Frainer - Gestor
Sello Tlabela (SD) wrote:
Hi Manocchia,
It could be access rights, if you are running hobbit using the init script it will run as user hobbit and make sure that hobbit user can read /var/log/messages
Regards
Sello Tlabela
*From:* Manocchia, Robert [mailto:Robert-Manocchia at IDEXX.com] *Sent:* 05 June 2007 21:38 *To:* 'hobbit at hswn.dk' *Subject:* [hobbit] LOG alert not showing yellow
I have a small problem. I've set up monitoring of the /var/log/messages logfile to search for the string "authentication failure" and alert with a yellow button in the MSG column. I can see the error displayed when I click on the button below the Msg column header but it does not turn yellow.
Below is the entry in the clients-local.cfg file:
[batman]
log:/var/log/messages:10240
ignore MARK
This is the entry in the hobbit-clients.cfg file:
HOST=batman
LOG /var/log/messages authentication failurecolor=yellow
Why doesn't this give me a yellow alert.
Thanks
Robert Manocchia
UNIX System Administrator
IDEXX Laboratories
207 556-6860
EMail Robert-Manocchia at idexx.com
This e-mail and its contents are subject to the Telkom SA Limited e-mail legal notice available at http://www.telkom.co.za/TelkomEMailLegalNotice.PDF
participants (3)
-
giovanni@redix.com.br
-
Robert-Manocchia@IDEXX.com
-
TlabelSD@telkom.co.za