{bb} SSH checks not written to $BBVAR/logs

[Eric Christian Berg <eric@holly.acsu.buffalo.edu>]

We have a Big Brother installation monitoring 250 machines with a 
primary and a failover server (both RHEL 3 boxen with openssh). Today, 
the server started kicking out purple alerts for two of the machines on 
the ssh check. There is nothing unique about them. They are Solaris 9, 
like half of our systems. They run SSH.com, like most of our systems. 
They were monitoring fine for a week. The only changes I made today were 
to add bbwarnrules.cfg entries for both servers.

I set up tcpdump to confirm that the server was checking every five 
minutes. It is. I checked that ssh is working. It is. I removed the 
files with bbrm for ssh on those systems and have been watching for an 
hour. I see tcpdump talk to both machines on port 22, yet no file is 
written to $BBVAR/logs to replace the ones bbrm took out.

So my question is this, why would Big Brother be doing a network check 
but not writing the results to the logs directory?

For reference, here are the relevant bb-hosts lines:
128.205.7.27 libmgt2.acsu.buffalo.edu # ssh
128.205.7.26 libmgt1.acsu.buffalo.edu # ssh

Here are the lines from bbwarnrules.cfg:
libmgt2.acsu.buffalo.edu*;; conn ssh cpu disk msgs 
procs;;*;0500-1700;library-support@gory.acsu.buffalo.edu:15 
ext-epagesvc-University_libraries:15 
ext-epagesvcsec-University_libraries:~15-30
libmgt1.acsu.buffalo.edu*;; conn ssh cpu disk msgs 
procs;;*;0500-1700;library-support@gory.acsu.buffalo.edu:15 
ext-epagesvc-University_libraries:15 
ext-epagesvcsec-University_libraries:~15-30

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.