This content has been marked as final. Show 8 replies
yes I think this is possible with HQs built in features. The idea is to enable log tracking and create an alert based on your requirements.
Please read how to use Log Tracking:
This is a log entry, created by Hyperic HQ on one of my Linux boxes:
[05/08/2008 06:27:39 AM] Log Message (system): system: login: mirko pts/0 (bla.net.com)
So you got the keywords "login" , "mirko" (=username).
I am new to this, how can i use the MULTIPLE keywords to trigger alerts? It has be for ANY user not a particular. We do not have the enterprise edition yet. I looked at the alert rule, i think i have to do the following:
"Events/Log Level" ANY and match substring "sshd session opened"
I do not understand where i would use "(=username)" ? I have attached screenshot, to give you visual. Please, comment
Thanks in advance Mirko!
Picture 1.png 45.0 K
I am lost. I followed instructions and i am still not getting alerts when a user logs in.
I first made sure the hyperic agent is communicating with the HQ server.
what i did so far:
1. i changed the file permission on /va/log/message on the monitored server where the hyperic agent is running so that the hyperic user ID can read it.
2. Selected a server. Went to Inventory> Configuration properties> did:
3. Click on Alert and defined it as follows:
if-condition is : i choose the "Events/Logs Level:" ANY and match substring (optional, 25 chars max): USER_A
enable action: Each time conditions are met
What am i missing here? please help.
I changed step 2 from WARN to info : "platform.log_track.level Warn" > "platform.log_track.level Info" but that still did not do the trick. I am really puzzled how else i can go about it. I am sure i am not the only one trying to do this. If you have this implemented, what are your exact settings (please be as detailed as possible).
First thing you should be aware of is that this is not instant. The log event checks are every 5 minutes, so you may have to wait up to 5 minutes to get a "user logged in" event in HQ.
Second thing to know is the "user login" events you are looking for are not gotten via looking in any log. So you do not have to do any log configuration past turning it on to get these events.
Third, is that this does not always work on Windows. It does not sound like you are on Windows, but just in case.
Are you seeing events that look like the one mirko posted in the second post?
Try these settings just to see if we can get it working:
- platform.log_track.enable = true
- platform.log_track.level = Error
- All other log_track properties leave empty. Make sure there is nothing in the text fields for platform.log_track.include, platform.log_track.exclude and platform.log_track.files
Next, edit your alert definition and remove the substring. Just make it empty. This will mean you are setting up an alert to alert on ALL log track events. Since you did not specify any log track files, I would only expect to see login events. Try logging in a new user on the system and keep that user logged in for at least 5 minutes. If you still do not get an event or the alert notification for the event... not sure, would need to get details about what OS, etc. you are running on.