Javier, Sorry for my delay. DEbugging/logging is enabled. Hereby the trigger.log file of 21/7. So what I want is that not only the down events of for example atm0-interface, but also (for example in green) when the atm-interface comes up again : this is important for me to know what is the downtime/uptime. Correct me if I am wrong, but I thought that a trigger-action was sending sms/mail/... based on for example the events/alarms. What I notice is that the down alert given in the events is based on the rules given in event analyzer/Event Types : Interface Protocol Big Fault Interface <interface> Link <state> <info> (<client> <interface-description>)
On Tue, 2004-07-13 at 03:15, Javier Szyszlican wrote:
> Hi Johan,
>
> Sorry for the delay, can you enable debugging/Logging in the setup.php
> and then after you think that the rules should have been triggered, send
> me the logs/trigger.log file (compressed).
>
> Javier
>
> [EMAIL PROTECTED] wrote:
> > Hi Javier,
> >
> > I deleted the rule and added again : the error message is gone, but I dont
> > get any up alerts, only down alerts. What is the rule I have to add for
> > getting up and down alerts of the interefaces ?
> >
> > Greetings,
> > Johan
> > ----- Original Message -----
> > From: "Javier Szyszlican" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Friday, July 09, 2004 7:39 PM
> > Subject: Re: [jffnms-users] Re: cpu values not discovered on cisco 800
> >
> >
> >
> >>Johan,
> >>
> >>Try deleting the rule and adding it again.
> >>
> >>That warning is a sing of something nor correctly working.
> >>
> >>Javier
> >>
> >>[EMAIL PROTECTED] wrote:
> >>
> >>>only one trigger rule : (I notice this warning) : under trigger rules
> >>>administration
> >>> Triggers Administration More Less
> >
> > Add
> >
> >>> Action ID Description Type
> >>> Edit Del View Rules 2 Interface Status Change Match
> >
> > Alarms
> >
> >>>Match Events
> >>>
> >>>under : view rules :
> >>>
> >>> Action ID Position Field Operator Value Action Action
> >>>Parameters if Match
> >>> Edit Del 2 10 If is Not In
> >>> Warning: call_user_func_array(): First argumented is expected to be
> >
> > a
> >
> >>>valid callback, '' was given in d:\jffnms\lib\gui.controls.inc.php on
> >
> > line
> >
> >>>529
> >>> Then Send Mail Subject: <interface-client_shortname> <
> >>> Comment: Default Trigger
> >>> Continue And
> >>>
> >>>
> >>>
> >>>Greetz,
> >>>Johan
> >>>----- Original Message -----
> >>>From: "Javier Szyszlican" <[EMAIL PROTECTED]>
> >>>Cc: <[EMAIL PROTECTED]>
> >>>Sent: Wednesday, July 07, 2004 5:14 PM
> >>>Subject: Re: [jffnms-users] Re: cpu values not discovered on cisco 800
> >>>
> >>>
> >>>
> >>>
> >>>>Hi Johan,
> >>>>
> >>>>If you want to limit a user by a customer interfaces, you have to create
> >>>>a customer, thats right. But you could have used a map, or used the
> >>>>Customer access directly (only to the performance graphs).
> >>>>
> >>>>You don't have to touch 'Different Alarm for UP event' thats an internal
> >>>>parameter that will not affect the triggers.
> >>>>
> >>>>The trigger system should be sending you all the events you filtered
> >>>>with the rules.
> >>>>
> >>>>What trigger rules do you have? are they event or alarm rules?
> >>>>
> >>>>As for the limits, a (Customer Limited) User should only see its stats
> >>>>in the Start Page, and it can only change a few profile options, it can
> >>>>see them all, but it can't change them. Profile options are defined in a
> >>>>Menu, so you can modify them.
> >>>>
> >>>>Javier
> >>>>
> >>>>[EMAIL PROTECTED] wrote:
> >>>>
> >>>>
> >>>>>Hi,
> >>>>>
> >>>>>It seems to work too : i figured out that i have to make for same
> >
> > client
> >
> >>>a
> >>>
> >>>
> >>>>>customer AND a user : so this works too. Next : I notice that I only
> >>>
> >>>get
> >>>
> >>>
> >>>>>alerts when the interfaces go down : is it possible to receive an alert
> >>>
> >>>too
> >>>
> >>>
> >>>>>when the interface comes up ? I notice that in the Event Types
> >>>>>Administration there is a rule Interface Protocol Big Fault
> >
> > Interface
> >
> >>>>><interface> Protocol <state> <info> (<client> <interface-description>)
> >>>>>
> >>>>>
> >>>>>and that this causes the down messages. I notice that there is a bit
> >>>>>further "different alarms for up event" . But when I point there for
> >>>
> >>>example
> >>>
> >>>
> >>>>>"internal", I dont see anything when interfaces comes up again. What
> >>>
> >>>exactly
> >>>
> >>>
> >>>>>do I ave to with this "different alarms for up event" ?
> >>>>>Other question : Is there a way to limit the users's rights. I see that
> >>>
> >>>they
> >>>
> >>>
> >>>>>receive the views/start page with all the options : where can I limit
> >>>
> >>>the
> >>>
> >>>
> >>>>>topics they can see. Also users appear to have rights to edit their own
> >>>>>profile, which i dont want : also possibility to avoid this ?
> >>>>>ps : sorry for the number of questions, I will try to limit them :))
> >>>>>
> >>>>>Greetings,
> >>>>>Johan
> >>>>>
> >>>>>
> >>>>>
> >>>>>----- Original Message -----
> >>>>>From: "Javier Szyszlican" <[EMAIL PROTECTED]>
> >>>>>Cc: <[EMAIL PROTECTED]>
> >>>>>Sent: Monday, July 05, 2004 3:54 AM
> >>>>>Subject: Re: [jffnms-users] Re: cpu values not discovered on cisco 800
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Hi Johan,
> >>>>>>
> >>>>>>You have to use Users for this.
> >>>>>>
> >>>>>>And you CAN filter a User view by a Customer ID, use the Customer
> >
> > Filter
> >
> >>>>>>profile option, and use the Customer ID as a value.
> >>>>>>
> >>>>>>So that user will only see the customer interfaces and events.
> >>>>>>
> >>>>>>This also works with maps using the Base Map profile option.
> >>>>>>
> >>>>>>Javier
> >>>>>>
> >>>>>>[EMAIL PROTECTED] wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>Javier,
> >>>>>>>
> >>>>>>>Thx this works too. Thx a lot. Now another question :)) woops. It is
> >>>>>
> >>>>>perhaps
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>an idea for next version : what I like to have is that customers only
> >>>>>
> >>>>>can
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>see the statistics of their own router, this means the customers
> >>>
> >>>section
> >>>
> >>>
> >>>>>>>(not users) and if there is a possibility that they can receive a
> >
> > mail
> >
> >>>>>when
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>some of their interfaces goes down, i.e. a customers triggers
> >>>>>
> >>>>>administration
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>and a profile for the customers. I notice that now there is a users
> >>>>>
> >>>>>section
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>for this. You could see use the customer as user, but with user I see
> >>>>>
> >>>>>all
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>the routers and not the only one of the customer. What I also try to
> >>>
> >>>get
> >>>
> >>>
> >>>>>>>fixed is some kind of events integrated in the performance trends,
> >>>
> >>>which
> >>>
> >>>
> >>>>>>>makes the customer can see that his interface goes up and down.
> >>>>>>>
> >>>>>>>If you can help me, let me know
> >>>>>>>
> >>>>>>>greetz,
> >>>>>>>Johan
> >>>>>>>----- Original Message -----
> >>>>>>>From: "Javier Szyszlican" <[EMAIL PROTECTED]>
> >>>>>>>Cc: <[EMAIL PROTECTED]>
> >>>>>>>Sent: Sunday, July 04, 2004 3:15 AM
> >>>>>>>Subject: [jffnms-users] Re: cpu values not discovered on cisco 800
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>Hi Johan,
> >>>>>>>>
> >>>>>>>>You should add a new poller with this OIDs in the Pollers screen,
> >
> > then
> >
> >>>>>>>>add them to the Cisco Router Poller Group, copy all other values
> >
> > from
> >
> >>>>>>>>the normal Cisco CPU Utilization poller.
> >>>>>>>>
> >>>>>>>>Javier
> >>>>>>>>
> >>>>>>>>[EMAIL PROTECTED] wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>Javier,
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>thx a lot : i get the correct bandwidth settings discovered
> >
> > correctly
> >
> >>>>>>>now.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>But life goes on and I have some new issues. It concerns the cpu
> >>>>>>>
> >>>>>>>monitoring
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>of certain cisco's. With cisco 1700 series, correct values are
> >
> > being
> >
> >>>>>>>given.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>Nevertheless with cisco 800 series (dsl routers) memory is being
> >>>
> >>>given
> >>>
> >>>
> >>>>>>>>>correctly, but with cpu no values are returned. Normally they
> >
> > should
> >
> >>>>>use
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>OID
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>1.3.6.1.4.1.9.2.1.57.0 and OID 1.3.6.1.4.1.9.2.1.58.0.
> >>>>>>>>>Do I have to change something in some of the scripts (which
> >
> > script?)
> >
> >>>or
> >>>
> >>>
> >>>>>>>is
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>there possibility that this works by adding specific mib (in
> >>>
> >>>/usr/mibs/
> >>>
> >>>
> >>>>>>>?)
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>Greetings,
> >>>>>>>>>Johan
> >>>>>>>>>
> >>>>>>>>>----- Original Message -----
> >>>>>>>>>From: "Javier Szyszlican" <[EMAIL PROTECTED]>
> >>>>>>>>>Cc: <[EMAIL PROTECTED]>
> >>>>>>>>>Sent: Wednesday, June 30, 2004 10:15 PM
> >>>>>>>>>Subject: Re: [jffnms-users] Can't get MySQL Pipe working with
> >>>
> >>>syslog-ng
> >>>
> >>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>Claytom
> >>>>>>>>>>
> >>>>>>>>>>Good, now add this:
> >>>>>>>>>>
> >>>>>>>>>>destination jffnms_processing {
> >>>>>>>>>> program ("mysql -u jffnms -pjffnms jffnms <
> >>>
> >>>/tmp/mysql.pipe"); };
> >>>
> >>>
> >>>>>>>>>>log {
> >>>>>>>>>> source (s_jffnms);
> >>>>>>>>>> filter (f_jffnms); #if you use it
> >>>>>>>>>> destination (d_jffnms);
> >>>>>>>>>>};
> >>>>>>>>>>
> >>>>>>>>>>And restart syslog-ng.. and show me the ps fax again.
> >>>>>>>>>>
> >>>>>>>>>>Javier
> >>>>>>>>>>
> >>>>>>>>>>Clayton Dukes wrote:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>Yes,
> >>>>>>>>>>>Sorry -- let me clarify -- perhaps I have changed it some to fit
> >
> > my
> >
> >>>>>>>>>already
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>running needs (Sorry :-))
> >>>>>>>>>>>
> >>>>>>>>>>>Thanks for the help!
> >>>>>>>>>>>
> >>>>>>>>>>>Here's my syslog-ng.conf:
> >>>>>>>>>>>
> >>>>>>>>>>># $Header:
> >>>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> > /home/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v
> >
> >>>>>>>>>>>1.3 2003/05/12 22:43:48 msterret Exp $
> >>>>>>>>>>>#
> >>>>>>>>>>># Syslog-ng default configuration file for Gentoo Linux
> >>>>>>>>>>># contributed by Michael Sterrett
> >>>>>>>>>>>#
> >>>>>>>>>>>
> >>>>>>>>>>>options { use_fqdn(yes);
> >>>>>>>>>>> keep_hostname(yes);
> >>>>>>>>>>> use_dns(no);
> >>>>>>>>>>> long_hostnames(off);
> >>>>>>>>>>> sync(0);
> >>>>>>>>>>> log_fifo_size(1000);
> >>>>>>>>>>>
> >>>>>>>>>>> # The default action of syslog-ng 1.6.0 is to log a STATS
> >>>
> >>>line
> >>>
> >>>
> >>>>>>>>>>> # to the file every 10 minutes. That's pretty ugly after a
> >>>>>>>>>
> >>>>>>>>>while.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>> # Change it to every 12 hours so you get a nice daily update
> >>>>>
> >>>>>of
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>> # how many messages syslog-ng missed (0).
> >>>>>>>>>>> stats(43200);
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>############################
> >>>>>>>>>>># Set up Sources
> >>>>>>>>>>>############################
> >>>>>>>>>>>source src { unix-dgram("/dev/log"); internal(); };
> >>>>>>>>>>>source net { udp(); };
> >>>>>>>>>>>source s_jffnms { unix-dgram("/dev/log"); internal(); udp(); };
> >>>>>>>>>>>
> >>>>>>>>>>>############################
> >>>>>>>>>>># Set up Destinations
> >>>>>>>>>>>############################
> >>>>>>>>>>>
> >>>>>>>>>>># System Logs
> >>>>>>>>>>>destination messages { file("/var/log/messages"); };
> >>>>>>>>>>>destination authlog { file("/var/log/auth.log"); };
> >>>>>>>>>>>destination syslog { file("/var/log/syslog"); };
> >>>>>>>>>>>destination kern { file("/var/log/kern.log"); };
> >>>>>>>>>>>destination maillog { file("/var/log/maillog"); };
> >>>>>>>>>>># Core, Dist., Access and Security Layer Logs
> >>>>>>>>>>>destination corelog { file("/var/log/core.log"); };
> >>>>>>>>>>>destination accesslog { file("/var/log/access.log"); };
> >>>>>>>>>>>destination distributionlog {
> >
> > file("/var/log/distribution.log"); };
> >
> >>>>>>>>>>>destination securitylog { file("/var/log/security.log"); };
> >>>>>>>>>>>destination ciscolog { file("/var/log/cisco.log"); };
> >>>>>>>>>>>
> >>>>>>>>>>># Catch-all logs
> >>>>>>>>>>>destination debug { file("/var/log/debug"); };
> >>>>>>>>>>>
> >>>>>>>>>>># MySQL Logs
> >>>>>>>>>>>destination d_jffnms {
> >>>>>>>>>>>pipe("/tmp/mysql.pipe"
> >>>>>>>>>>>template("INSERT INTO syslog (date, date_logged, host, message)
> >>>>>>>>>
> >>>>>>>>>VALUES
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\), '$FU
> >>>>>>>>>>>LLHOST', '$MSG');\n") template-escape(yes));
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>############################
> >>>>>>>>>>># Set up Filters
> >>>>>>>>>>>############################
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>># System Filters
> >>>>>>>>>>>filter f_messages { level(info .. warn) and not facility(auth,
> >>>
> >>>mail,
> >>>
> >>>
> >>>>>>>>>local6,
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>local5, local4, local3, local0); };
> >>>>>>>>>>>filter f_authpriv { facility(auth) ; };
> >>>>>>>>>>>filter f_syslog { not facility(auth) and not facility(mail); };
> >>>>>>>>>>>filter f_kern { facility(kern); };
> >>>>>>>>>>>filter f_mail { facility(mail); };
> >>>>>>>>>>>
> >>>>>>>>>>># Core, Dist., Access and Security Layer Filters
> >>>>>>>>>>>filter f_core { facility(local6); };
> >>>>>>>>>>>filter f_distribution { facility(local5); };
> >>>>>>>>>>>filter f_access { facility(local4); };
> >>>>>>>>>>>filter f_security { facility(local3); };
> >>>>>>>>>>>filter f_cisco { facility(local6, local5, local4, local3); };
> >>>>>>>>>>>
> >>>>>>>>>>># Catch-all Filters
> >>>>>>>>>>>filter f_debug { not facility(kern, auth, mail, local6, local5,
> >>>>>
> >>>>>local4,
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>local3, local0); };
> >>>>>>>>>>>filter f_emergency { level(emerg); };
> >>>>>>>>>>>
> >>>>>>>>>>># MySQL Filters
> >>>>>>>>>>># No filter for MySQL
> >>>>>>>>>>>#filter f_jffnms { facility(local6); }; # not needed for now
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>############################
> >>>>>>>>>>># Set up Logs
> >>>>>>>>>>>############################
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>># System Logs
> >>>>>>>>>>>log { source(src); source(net); filter(f_messages);
> >>>>>>>>>
> >>>>>>>>>destination(messages);
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>##END Syslog-ng.conf
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>># PS FAX:
> >>>>>>>>>>>
> >>>>>>>>>>>[EMAIL PROTECTED] root]# ps fax
> >>>>>>>>>>>PID TTY STAT TIME COMMAND
> >>>>>>>>>>>1 ? S 0:14 init [3]
> >>>>>>>>>>>2 ? S 0:00 [powerd]
> >>>>>>>>>>>3 ? S 0:00 [keventd]
> >>>>>>>>>>>4 ? SN 0:00 [ksoftirqd_CPU0]
> >>>>>>>>>>>5 ? SN 0:00 [ksoftirqd_CPU1]
> >>>>>>>>>>>6 ? SN 0:00 [ksoftirqd_CPU2]
> >>>>>>>>>>>7 ? SN 0:00 [ksoftirqd_CPU3]
> >>>>>>>>>>>8 ? S 0:07 [kswapd]
> >>>>>>>>>>>9 ? S 0:00 [bdflush]
> >>>>>>>>>>>10 ? S 0:22 [kupdated]
> >>>>>>>>>>>17 ? S 0:00 [scsi_eh_0]
> >>>>>>>>>>>18 ? S 0:00 [scsi_eh_1]
> >>>>>>>>>>>19 ? S 0:00 [khubd]
> >>>>>>>>>>>156 ? Ss 0:00 /sbin/devfsd /dev
> >>>>>>>>>>>355 ? S 3:07 [kjournald]
> >>>>>>>>>>>1173 ? Ss 0:00 /bin/sh /usr/bin/mysqld_safe
> >>>>>>>>>>>1244 ? S 0:07 \_ /usr/sbin/mysqld --basedir=/usr
> >>>>>>>>>>>--datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysql
> >>>>>>>>>>>1300 ? S 0:09 \_ /usr/sbin/mysqld --basedir=/usr
> >>>>>>>>>>>--datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/m
> >>>>>>>>>>>1301 ? S 4:22 \_
> >>>
> >>>/usr/sbin/mysqld --basedir=/usr
> >>>
> >>>
> >>>>>>>>>>>--datadir=/var/lib/mysql --user=mysql --pid-file=/var/r
> >>>>>>>>>>>20646 ? S 0:53 \_
> >>>>>
> >>>>>/usr/sbin/mysqld --basedir=/usr
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>--datadir=/var/lib/mysql --user=mysql --pid-file=/var/r
> >>>>>>>>>>>1316 ? Ss 0:27 /usr/sbin/apache2 -k start -D SSL -D
> >
> > PHP4
> >
> >>>>>>>>>>>20814 ? S 0:00 \_ /usr/bin/perl
> >>>>>>>>>
> >>>>>>>>>/usr/sbin/apache2splitlogfile
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20815 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>20816 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>20817 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>20818 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>20819 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>20820 ? S 0:00 \_ /usr/sbin/apache2 -k start -D
> >
> > SSL -D
> >
> >>>>>>>PHP4
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>1438 ? Ss 0:01 /usr/lib/postfix/master
> >>>>>>>>>>>1453 ? S 0:00 \_ qmgr -l -t fifo -u
> >>>>>>>>>>>21248 ? S 0:00 \_ pickup -l -t fifo -u
> >>>>>>>>>>>1509 tts/0 Ss+ 0:00 /sbin/agetty 9600 ttyS0 vt100
> >>>>>>>>>>>9384 ? S 0:00 /usr/sbin/snmpd -P /var/run/snmpd.pid
> >>>>>>>>>>>27929 ? Ss 0:00 /usr/sbin/sshd
> >>>>>>>>>>>20847 ? Ss 0:00 \_ sshd: [EMAIL PROTECTED]/1
> >>>>>>>>>>>20853 pts/1 Ss+ 0:00 | \_ -bash
> >>>>>>>>>>>21315 ? Ss 0:00 \_ sshd: [EMAIL PROTECTED]/2
> >>>>>>>>>>>21319 pts/2 Ss 0:00 \_ -bash
> >>>>>>>>>>>21343 pts/2 R+ 0:00 \_ ps fax
> >>>>>>>>>>>20644 ? S 0:00 /usr/bin/rtgpoll -t
> >
> > /etc/rtg/targets.cfg
> >
> >>>>>>>>>>>20647 ? S 0:00 \_ /usr/bin/rtgpoll -t
> >>>>>
> >>>>>/etc/rtg/targets.cfg
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>20648 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20649 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20650 ? S 0:05 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20651 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20652 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20653 ? S 0:05 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20654 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20655 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20656 ? S 0:05 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20657 ? S 0:06 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>20658 ? S 0:00 \_ /usr/bin/rtgpoll -t
> >>>>>>>>>
> >>>>>>>>>/etc/rtg/targets.cfg
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>21237 ? Ss 0:15 /usr/sbin/syslog-ng
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>-----Original Message-----
> >>>>>>>>>>>From: [EMAIL PROTECTED]
> >>>>>>>>>>>[mailto:[EMAIL PROTECTED] On Behalf Of
> >>>
> >>>Javier
> >>>
> >>>
> >>>>>>>>>>>Szyszlican
> >>>>>>>>>>>Sent: Wednesday, June 30, 2004 1:00 PM
> >>>>>>>>>>>Cc: [EMAIL PROTECTED]
> >>>>>>>>>>>Subject: Re: [jffnms-users] Can't get MySQL Pipe working with
> >>>>>
> >>>>>syslog-ng
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>Clayon,
> >>>>>>>>>>>
> >>>>>>>>>>>But the configuration you show here its not the same.
> >>>>>>>>>>>
> >>>>>>>>>>>I mean this one:
> >>>>>>>>>>>
> >>>>>>>>>>># ---------------------------------------------------------- # #
> >>>>>
> >>>>>Before
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>this
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>can work you have to do mkfifo /tmp/mysql.pipe # #
> >>>>>>>>>>>---------------------------------------------------------- #
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>># ---------------------------------------------------------- #
> >>>>>>>>>>># This is an example source, you may want to use your own #
> >>>>>>>>>>># ---------------------------------------------------------- #
> >>>>>>>>>>>
> >>>>>>>>>>>source src {
> >>>>>>>>>>> unix-stream("/dev/log");
> >>>>>>>>>>> internal();
> >>>>>>>>>>> pipe("/proc/kmsg");
> >>>>>>>>>>> udp(ip(0.0.0.0) port(514));
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>># ---------------------------------------------------------- # #
> >>>>>
> >>>>>These
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>are
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>the lines you have to add to your syslog-ng.conf # #
> >>>>>>>>>>>---------------------------------------------------------- #
> >>>>>>>>>>>
> >>>>>>>>>>>destination jffnms_processing {
> >>>>>>>>>>> program ("mysql -u jffnms -pjffnms jffnms <
> >>>
> >>>/tmp/mysql.pipe"); };
> >>>
> >>>
> >>>>>>>>>>>destination d_jffnms {
> >>>>>>>>>>> pipe ("/tmp/mysql.pipe"
> >>>>>>>>>>> template("INSERT INTO syslog (date, date_logged, host, message)
> >>>>>>>>>
> >>>>>>>>>VALUES
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\), '$FULLHOST',
> >
> > '$MSG'
> >
> >>>>>>>>>>>);\n")
> >>>>>>>>>>> template-escape(yes));
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>># This is optional
> >>>>>>>>>>>
> >>>>>>>>>>>filter f_jffnms {
> >>>>>>>>>>> facility(local6);
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>log {
> >>>>>>>>>>> source (src);
> >>>>>>>>>>> filter (f_jffnms);
> >>>>>>>>>>> destination (d_jffnms);
> >>>>>>>>>>>};
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>Also, can you show me a ps fax of your box after this is running
> >
> > ?
> >
> >>>>>>>>>>>Javier
> >>>>>>>>>>>
> >>>>>>>>>>>Clayton Dukes wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>I actually did follow those instructions verbatim, but still no
> >>>
> >>>dice
> >>>
> >>>
> >>>>>>>>>>>>-----Original Message-----
> >>>>>>>>>>>>From: [EMAIL PROTECTED]
> >>>>>>>>>>>>[mailto:[EMAIL PROTECTED] On Behalf Of
> >>>>>
> >>>>>Javier
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>>Szyszlican
> >>>>>>>>>>>>Sent: Wednesday, June 30, 2004 12:16 PM
> >>>>>>>>>>>>Cc: [EMAIL PROTECTED]
> >>>>>>>>>>>>Subject: Re: [jffnms-users] Can't get MySQL Pipe working with
> >>>>>>>
> >>>>>>>syslog-ng
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>>Hi Clayton,
> >>>>>>>>>>>>
> >>>>>>>>>>>>You can also try the say suggested in the docs/unix/ folder.
> >>>>>>>>>>>>
> >>>>>>>>>>>>Javier
> >>>>>>>>>>>>
> >>>>>>>>>>>>Clayton Dukes wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>>Howdy folks,
> >>>>>>>>>>>>>I'm having trouble getting the pipe working for syslog-ng.
> >>>>>>>>>>>>>I've read the documentation thoroughly and have the following
> >>>>>
> >>>>>entries
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>>>in /etc/syslog-ng/syslog-ng.conf
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>source s_jffnms { unix-dgram("/dev/log"); internal(); udp(); };
> >>>>>>>>>>>>>destination d_jffnms { pipe("/tmp/mysql.pipe"
> >>>>>>>>>>>>>template("INSERT INTO syslog (date, date_logged, host, message)
> >>>>>>>>>>>>>VALUES ('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\),
> >
> > '$FULLHOST
> >
> >>>',
> >>>
> >>>
> >>>>>>>>>>>>>'$MSG');\n") template-escape(yes));
> >>>>>>>>>>>>>};
> >>>>>>>>>>>>>log { source(s_jffnms); destination(d_jffnms); };
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>and I have a shell script for the pipe:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>#!/bin/sh
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>MYPIPE="/tmp/mysql.pipe"
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>if [ ! -e $MYPIPE ] ; then
> >>>>>>>>>>>>>mkfifo $MYPIPE
> >>>>>>>>>>>>>fi
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>while [ -e $MYPIPE ] ; do
> >>>>>>>>>>>>>mysql -u jffnms --password=jffnms jffnms < $MYPIPE done
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>I run the script, then restart syslog-ng and then tail -f
> >>>>>>>>>>>>>/tmp/mysql.pipe but I get no data. Anyone have any ideas?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Regards,
> >>>>>>>>>>>>>Clayton Dukes
> >>>>>>>>>>>>>CCNA, CCDA, CCNP, CCDP
> >>>>>>>>>>>>>Sr. Network Engineer
> >>>>>>>>>>>>>E Solutions Corp.
> >>>>>>>>>>>>>http://www.esnet.com
> >>>>>>>>>>>>>813.301.2620 (o)
> >>>>>>>>>>>>>813.545.7373 (c)
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>-------------------------------------------------------
> >>>>>>>>>>>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>>>>>>>>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>>
> >>>>>digital
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>>>>>self defense, top technical experts, no vendor pitches,
> >
> > unmatched
> >
> >>>>>>>>>>>>>networking opportunities. Visit www.blackhat.com
> >>>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>>jffnms-users mailing list
> >>>>>>>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>--
> >>>>>>>>>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>>>>>>>>>>>Javier Szyszlican, Project Leader, JFFNMS [EMAIL PROTECTED]
> >>>>>>>>>>>>
> >>>>>>>>>>>>I hope JFFNMS or I were helpful to you, if you can, please
> >
> > donate
> >
> >>>at
> >>>
> >>>
> >>>>>>>>>>>>http://jffnms.org/donate
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>-------------------------------------------------------
> >>>>>>>>>>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>>>>>>>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>>
> >>>>>digital
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>>>self
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>>>defense, top technical experts, no vendor pitches, unmatched
> >>>>>>>
> >>>>>>>networking
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>>>>opportunities. Visit www.blackhat.com
> >>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>jffnms-users mailing list
> >>>>>>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>--
> >>>>>>>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>>>>>>>>>Javier Szyszlican, Project Leader, JFFNMS
> >>>>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>>>
> >>>>>>>>>>I hope JFFNMS or I were helpful to you, if you
> >>>>>>>>>>can, please donate at http://jffnms.org/donate
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>-------------------------------------------------------
> >>>>>>>>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>>>>>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>>>>>>>digital self defense, top technical experts, no vendor pitches,
> >>>>>>>>>>unmatched networking opportunities. Visit www.blackhat.com
> >>>>>>>>>>_______________________________________________
> >>>>>>>>>>jffnms-users mailing list
> >>>>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>--
> >>>>>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>>>>>>>Javier Szyszlican, Project Leader, JFFNMS
> >>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>
> >>>>>>>>I hope JFFNMS or I were helpful to you, if you
> >>>>>>>>can, please donate at http://jffnms.org/donate
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>-------------------------------------------------------
> >>>>>>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>>>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>>>>>digital self defense, top technical experts, no vendor pitches,
> >>>>>>>>unmatched networking opportunities. Visit www.blackhat.com
> >>>>>>>>_______________________________________________
> >>>>>>>>jffnms-users mailing list
> >>>>>>>>[EMAIL PROTECTED]
> >>>>>>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>>>>>
> >>>>>>>
> >>>>>>--
> >>>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>>>>>Javier Szyszlican, Project Leader, JFFNMS
> >>>>>>[EMAIL PROTECTED]
> >>>>>>
> >>>>>>I hope JFFNMS or I were helpful to you, if you
> >>>>>>can, please donate at http://jffnms.org/donate
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>-------------------------------------------------------
> >>>>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>>>digital self defense, top technical experts, no vendor pitches,
> >>>>>>unmatched networking opportunities. Visit www.blackhat.com
> >>>>>>_______________________________________________
> >>>>>>jffnms-users mailing list
> >>>>>>[EMAIL PROTECTED]
> >>>>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>>>
> >>>>>
> >>>>--
> >>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>>>Javier Szyszlican, Project Leader, JFFNMS
> >>>>[EMAIL PROTECTED]
> >>>>
> >>>>I hope JFFNMS or I were helpful to you, if you
> >>>>can, please donate at http://jffnms.org/donate
> >>>>
> >>>>
> >>>>
> >>>>-------------------------------------------------------
> >>>>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>>>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>>>digital self defense, top technical experts, no vendor pitches,
> >>>>unmatched networking opportunities. Visit www.blackhat.com
> >>>>_______________________________________________
> >>>>jffnms-users mailing list
> >>>>[EMAIL PROTECTED]
> >>>>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >>>
> >>>
> >>--
> >>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>Javier Szyszlican, Project Leader, JFFNMS
> >>[EMAIL PROTECTED]
> >>
> >>I hope JFFNMS or I were helpful to you, if you
> >>can, please donate at http://jffnms.org/donate
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>This SF.Net email sponsored by Black Hat Briefings & Training.
> >>Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >>digital self defense, top technical experts, no vendor pitches,
> >>unmatched networking opportunities. Visit www.blackhat.com
> >>_______________________________________________
> >>jffnms-users mailing list
> >>[EMAIL PROTECTED]
> >>https://lists.sourceforge.net/lists/listinfo/jffnms-users
> >
> >
triggers-2004-07-21.rar
Description: application/rar
