[Xymon] Possible BUG in how Xymon interprets data for monitoring "FILE" and "MSGS"

Bill Arlofski waa-hobbitml at revpol.com
Wed Apr 9 16:11:04 CEST 2014


Hi everyone!

We have a random issue with a Samba server where it core dumps each new smbd
process as users log in. Generally the server functions 24/7/365, but once
something (we don't know what yet) triggers this, each new smbd process
spawned core dumps and no new logins are possible.

Simple way to monitor with Xymon is by looking for the non-existance (NOEXIST)
of one of these core files:

/var/log/samba/cores/smbd/core

The Xymon issue I am reporting here is that by default, the directories above
this file were created with 600 root:root permissions, and as such, Xymon can
not see/access this file even when it exists and will report GREEN for the
'files' test.

Interesting thing is that if I remove the NOEXIST parameter from the
analysis.cfg line for this file - meaning that this file needs to exist - and
the file does exist, Xymon also reports it GREEN.

Clicking on the files test and then the /var/log/samba/cores/smbd/core link on
the test's page brings you to a white web page with the following:

[file:/var/log/samba/cores/smbd/core]
ERROR: Permission denied


At the bare minimum, I would think that Xymon would report this test as
yellow, not green because "something is wrong"  that an admin monitoring, or
configuring Xymon needs to address.

For now, I have modified the permissions in the directory tree to allow for
Xymon to access the dir that this file gets created in, but if for some
reason, perhaps on syslog-ng startup or some other reason these permissions
are reverted, Xymon will always think this test is GREEN, and no one will ever
be notified when the file does appear.

Of course, I can add additional tests for this host to monitor each
directory's ownership and permissions down to the file, but that becomes more
cumbersome and opens things up to more places where an admin can make mistakes.

I have noticed a similar thing with regards to monitoring MSGS.  By default
(on Gentoo systems with syslog-ng, at least) /var/log/messages is created
root:root 640, and as such, the Xymon user can not read this file to parse it.
 The MSGS test however shows GREEN. But on its page shows:

--[snip]--
No entries in /var/log/messages

Full log /var/log/messages
Cannot open logfile /var/log/messages : Permission denied
--[snip]--


I generally fix this by greating a group 'log', adding the xymon user to it
and configuring syslog-ng to create the /var/log/messages file with root:log
640 perms..

But again, if my monitoring server is (default) set to monitor a log file and
is told "permission denied"  I would consider that to be at least a yellow
status that an admin needs to investigate and address.


Thanks for listening

-- 
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
-- Not responsible for anything below this line --



More information about the Xymon mailing list