Provided by: hobbit-client_4.2.0.dfsg-12_i386
logfetch - Hobbit client data collector
logfetch CONFIGFILE STATUSFILE
logfetch is part of the Hobbit client. It is responsible for collecting
data from logfiles, and other file-related data, which is then sent to
the Hobbit server for analysis.
logfetch uses a configuration file, which is automatically retrieved
from the Hobbit server. There is no configuration done locally. The
configuration file is usually stored in the $BBHOME/tmp/logfetch.cfg
file, but editing this file has no effect since it is re-written with
data from the Hobbit server each time the client runs.
logfetch stores information about what parts of the monitored logfiles
have been processed already in the $BBHOME/tmp/logfetch.status file.
This file is an internal file used by logfetch, and should not be
edited. If deleted, it will be re-created automatically.
logfetch needs read access to the logfiles it should monitor. If you
configure monitoring of files or directories through the "file:" and
"dir:" entries in client-local.cfg(5) then logfetch will require at
least read-acces to the directory where the file is located. If you
request checksum calculation for a file, then it must be readable by
the hobbit client user.
Do NOT install logfetch as suid-root. There is no way that logfetch can
check whether the configuration file it uses has been tampered with, so
installing logfetch with suid-root privileges could allow an attacker
to read any file on the system by using a hand-crafted configuration
file. In fact, logfetch will attempt to remove its own suid-root setup
if it detects that it has been installed suid-root.
DU Command used to collect information about the size of
directories. By default, this is the command du -k. If the
local du-command on the client does not recognize the "-k"
option, you should set the DU environment variable in the
$BBHOME/etc/hobbitclient.cfg file to a command that does report
directory sizes in kilobytes.