NAME

logfetch - Xymon client data collector

SYNOPSIS

logfetch [options] CONFIGFILE STATUSFILE

DESCRIPTION

logfetch is part of the Xymon client. It is responsible for collecting data from logfiles, and other file-related data, which is then sent to the Xymon server for analysis.

logfetch uses a configuration file, which is automatically retrieved from the Xymon server. There is no configuration done locally. The configuration file is usually stored in the $XYMONHOME/tmp/logfetch.cfg file, but editing this file has no effect since it is re-written with data from the Xymon server each time the client runs.

logfetch stores information about what parts of the monitored logfiles have been processed already in the $XYMONHOME/tmp/logfetch.status file. This file is an internal file used by logfetch, and should not be edited. If deleted, it will be re-created automatically.

OPTIONS

--debug[=stderr]

Enables debug mode. Note that when run by the xymonclient, debug output may be written into the client data report, which can cause false positives and other unintended side effects. Use '=stderr' to cause the output to be written to stderr instead.

--noexec

The client-local.cfg(5) section for this host, class, or OS is automatically retrieved from the server during client submission. Logfetch can be requested to execute arbitrary commands to generate a list of log files to examine dynamically, but this can present a security risk in some environments. Set this option to prevent logfetch from executing requested commands

SECURITY

logfetch needs read access to the logfiles it should monitor. If you configure monitoring of files or directories through the "file:" and "dir:" entries in client-local.cfg(5) then logfetch will require at least read-access to the directory where the file is located. If you request checksum calculation for a file, then it must be readable by the Xymon client user.

Do NOT install logfetch as suid-root. There is no way that logfetch can check whether the configuration file it uses has been tampered with, so installing logfetch with suid-root privileges could allow an attacker to read any file on the system by using a hand-crafted configuration file. In fact, logfetch will attempt to remove its own suid-root setup if it detects that it has been installed suid-root.

ENVIRONMENT VARIABLES

DU

Command used to collect information about the size of directories. By default, this is the command du -k. If the local du-command on the client does not recognize the "-k" option, you should set the DU environment variable in the $XYMONHOME/etc/xymonclient.cfg file to a command that does report directory sizes in kilobytes.

FILES

$XYMONHOME/tmp/logfetch.cfg

$XYMONHOME/tmp/logfetch.status

SEE ALSO

xymon(7), analysis.cfg(5), client-local.cfg(5)