aboutsummaryrefslogtreecommitdiffstats
path: root/modules/xymon/templates/client-local.cfg
blob: e42ce4676a89e215b97c921fea941ab65b9cedd9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# The client-local.cfg file contains configuration for
# the Xymon clients running on monitored systems. When
# clients contact the Xymon server, they get the section
# from this file which matches their hostname or operating
# system.
#
# The following configuration items are currently possible:
#   "log:FILENAME:MAXDATA"
#       Monitor the text-based logfile FILENAME, and report
#       back at most MAXDATA bytes. The Xymon client will
#       only report back entries generated during the past
#       30 minutes, so MAXDATA is an upper limit.
#   "ignore EXPRESSION"
#       Must follow a "log:..." entry. Lines matching the 
#       regular EXPRESSION are not sent to the Xymon server.
#   "trigger EXPRESSION"
#       Must follow a "log:..." entry. Lines matching the
#       regular EXPRESSION are always sent to the Xymon server.
#       Use this for extremely critical errors that must be
#       reported.
#
#   "linecount:FILENAME"
#       Monitor the text-based logfile FILENAME, but just
#       count the number of times certain expressions appear.
#       This processes the entire file every time. It must
#       be followed by one or more lines with
#   "KEYWORD PATTERN"
#       KEYWORD identifies this count. You can use any string
#       except whitespace. PATTERN is a regular expression
#       that you want to search for in the file.
#
#   "file:FILENAME[:hash]"
#       Monitor the file FILENAME by reporting file metadata.
#       The Xymon client will report back all of the file 
#       meta-data, e.g. size, timestamp, filetype, permissions
#       etc. The optional "hash" setting is "md5", "sha1" or
#       "rmd160", and causes the Xymon client to compute a
#       file hash using the MD5, SHA-1 or RMD160 algorithm.
#       Note: Computing the hash value may be CPU-intensive,
#             so You should use this sparingly. For large-scale
#             file integrity monitoring, use a real host-based
#             IDS (Tripwire, AIDE or similar).
#
#   "dir:DIRECTORY"
#       Monitor the size of DIRECTORY, including sub-directories.
#       This causes the Xymon client to run a "du" on DIRECTORY
#       and send this back to the Xymon server.
#       Note: Running "du" on large/deep directory structures can
#             cause a significant system load.
#
# NB: If FILENAME and/or DIRECTORY are of the form `COMMAND`,
#     then COMMAND is run on the client, and the lines output
#     by the command are used as the file- or directory-names.
#     This allows you to monitor files where the names change,
#     as long as you can script some way of determining the
#     interesting filenames.

[sunos]
log:/var/adm/messages:10240

[osf1]
log:/var/adm/messages:10240

[aix]
log:/var/adm/syslog/syslog.log:10240

[hp-ux]
log:/var/adm/syslog/syslog.log:10240

[win32]

[freebsd]
log:/var/log/messages:10240

[netbsd]
log:/var/log/messages:10240

[openbsd]
log:/var/log/messages:10240

[linux]
log:/var/log/messages:10240
ignore MARK
file:/var/lib/puppet/state/state.yaml

[linux22]
log:/var/log/messages:10240
ignore MARK

[redhat]
log:/var/log/messages:10240
ignore MARK

[debian]
log:/var/log/messages:10240
ignore MARK

[suse]
log:/var/log/messages:10240
ignore MARK

[mandrake]
log:/var/log/messages:10240
ignore MARK

[mandrivalinux]
log:/var/log/messages:10240
#log:/var/log/secure:10240
ignore MARK

[redhatAS]
log:/var/log/messages:10240
ignore MARK

[redhatES]
log:/var/log/messages:10240
ignore MARK

[rhel3]
log:/var/log/messages:10240
ignore MARK

[irix]
log:/var/adm/SYSLOG:10240

[darwin]
log:/var/log/system.log:10240

[sco_sv]
log:/var/adm/syslog:10240