8 Replies Latest reply: Mar 17, 2009 11:36 AM by fcbsmarts

Can Hyperic send alerts if a user logs in/out monitored servers?

Noman0118 May 9, 2008 9:06 AM

Currently Being Moderated

Hello,

I am new to hyperic, i am wondering how i can solve the below problem?

problem: If someone logs in a server that hyperic server is monitoring, can the Hyperic server generate a alert saying that user X has logged into server Y?

Is this possible to do without scripting/ built-in functionality?

1. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

excowboy May 12, 2008 10:31 PM (in response to Noman0118)

Currently Being Moderated

Hi,

yes I think this is possible with HQs built in features. The idea is to enable log tracking and create an alert based on your requirements.
Please read how to use Log Tracking:
http://support.hyperic.com/confluence/display/DOC/Log+Tracking

This is a log entry, created by Hyperic HQ on one of my Linux boxes:

[05/08/2008 06:27:39 AM] Log Message (system): system: login: mirko pts/0 (bla.net.com)

So you got the keywords "login" , "mirko" (=username).

Cheers,
Mirko
Report Abuse

Like (0)
2. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

Noman0118 May 13, 2008 10:19 AM (in response to excowboy)
Currently Being Moderated

Hello Mirko,

I am new to this, how can i use the MULTIPLE keywords to trigger alerts? It has be for ANY user not a particular. We do not have the enterprise edition yet. I looked at the alert rule, i think i have to do the following:

"Events/Log Level" ANY and match substring "sshd session opened"

I do not understand where i would use "(=username)" ? I have attached screenshot, to give you visual. Please, comment

Thanks in advance Mirko!

Picture 1.png 45.0 K
Report Abuse

Like (0)
3. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

staceyeschneider May 14, 2008 9:16 AM (in response to Noman0118)

Currently Being Moderated

I don't think you can do multiple keywords with an AND statement without actually doing multiple conditions (yep, enterprise...) but if there is a string that shows up regularly such as login or sshd session opened you could create TWO separate alerts. HTH, -Stacey
Report Abuse

Like (0)
4. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

Noman0118 May 20, 2008 12:01 PM (in response to staceyeschneider)

Currently Being Moderated

Stacey,

I am lost. I followed instructions and i am still not getting alerts when a user logs in.
I first made sure the hyperic agent is communicating with the HQ server.

what i did so far:
1. i changed the file permission on /va/log/message on the monitored server where the hyperic agent is running so that the hyperic user ID can read it.

2. Selected a server. Went to Inventory> Configuration properties> did:
platform.log_track.enable      true
platform.log_track.include
platform.log_track.files      /var/log/messages
platform.config_track.files      /etc/hosts
platform.log_track.level      Warn
platform.log_track.exclude
platform.config_track.enable      true

3. Click on Alert and defined it as follows:
if-condition is : i choose the "Events/Logs Level:" ANY and match substring (optional, 25 chars max): USER_A
enable action: Each time conditions are met

What am i missing here? please help.

Thanks
Report Abuse

Like (0)
5. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

staceyeschneider May 20, 2008 2:59 PM (in response to Noman0118)

Currently Being Moderated

Hmmm, not sure but I think you need to select the Info level, and not just Warn.
Report Abuse

Like (0)
6. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

Noman0118 May 20, 2008 3:09 PM (in response to staceyeschneider)

Currently Being Moderated

Hi,

I changed step 2 from WARN to info : "platform.log_track.level Warn" > "platform.log_track.level Info" but that still did not do the trick. I am really puzzled how else i can go about it. I am sure i am not the only one trying to do this. If you have this implemented, what are your exact settings (please be as detailed as possible).

Thanks,
Report Abuse

Like (0)
7. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

john_hyperic May 21, 2008 10:30 AM (in response to Noman0118)

Currently Being Moderated

First thing you should be aware of is that this is not instant. The log event checks are every 5 minutes, so you may have to wait up to 5 minutes to get a "user logged in" event in HQ.

Second thing to know is the "user login" events you are looking for are not gotten via looking in any log. So you do not have to do any log configuration past turning it on to get these events.

Third, is that this does not always work on Windows. It does not sound like you are on Windows, but just in case.

Are you seeing events that look like the one mirko posted in the second post?

Try these settings just to see if we can get it working:
- platform.log_track.enable = true
- platform.log_track.level = Error
- All other log_track properties leave empty. Make sure there is nothing in the text fields for platform.log_track.include, platform.log_track.exclude and platform.log_track.files

Next, edit your alert definition and remove the substring. Just make it empty. This will mean you are setting up an alert to alert on ALL log track events. Since you did not specify any log track files, I would only expect to see login events. Try logging in a new user on the system and keep that user logged in for at least 5 minutes. If you still do not get an event or the alert notification for the event... not sure, would need to get details about what OS, etc. you are running on.
Report Abuse

Like (0)
8. Re: Can Hyperic send alerts if a user logs in/out monitored servers?

fcbsmarts Mar 17, 2009 11:36 AM (in response to Noman0118)

Currently Being Moderated

We just came across the same problem. Change your platform.log_track.level to Debug and see if that works.
Report Abuse

Like (0)