[Xymon] Windows log monitoring

john.r.rothlisberger at accenture.com john.r.rothlisberger at accenture.com
Tue Feb 4 14:13:24 CET 2014


I have a very obfuscated way of doing exactly what you want to do, and do it myself.

I created a directory in etc that will hold different parts of my client-local.cfg file (common win32 entries, a README file, and single file for each individual server that doesn’t use defaults).

For one of my Windows servers that has a log file with a date as part of the file name (which we know doesn’t work with BBWin in central mode) I have a file that looks like this:

Filename: <servername>
Content:
log:D:\Program Files\Apache Software Foundation\TomcatA\logs\stdout_YYYYMMDD.log:10240
log:D:\Program Files\Apache Software Foundation\TomcatB\logs\stdout_YYYYMMDD.log:10240

Then, I have a cronjob run a simple script at 23:45 to change YYYYMMDD or YYMMDD to the next days date and assemble a new client-local.cfg file.

My script is simple:
#!/bin/sh

cd /home/xymon/etc/client-local

cat header >client-local.cfg
echo "[<myxymonserver>]" >>client-local.cfg
cat <myxymonserver> >>client-local.cfg
cat seperator >>client-local.cfg    # separator has warning messages so as to not edit the original client-local.cfg file as it will be over written.

for x in `ls|egrep -v 'header|win32|attmon|README|client-local.cfg'`   # process all files except for these
do
echo "[${x}]" >>client-local.cfg    # this will create the client-local.cfg entry for this particular server
cat $x |sed s/YYYYMMDD/`date --date="tomorrow" +%Y%m%d`/ |sed s/YYMMDD/`date --date="tomorrow" +%y%m%d`/ >>client-local.cfg   # change to new dates
cat win32 >>client-local.cfg     # win32 contains all the default rules to apply
cat seperator >>client-local.cfg
done

echo "[win32]" >>client-local.cfg     # finish off the file with defaults
cat win32 >>client-local.cfg
cat seperator >>client-local.cfg

cp client-local.cfg /home/xymon/server/etc    # replace the current client-local.cfg file

README:
This folder is used to seperate each host that needs specific rules within
the client-local.cfg file.  Each host that needs an entry will have a file
by its own server name.

Current files are:
xymonserver
windowserver2
linuxserver4
etc.

This cron job will process each file and create a new client-local.cfg within
this directory and copy it to /home/xymon/server/etc:
45 23 * * * /home/xymon/bin/update_clientlocalcfg.sh > /dev/null 2>&1

There are a few special files that are processed differently.  The "header"
file is the first to be added to client-local.cfg.  It contains warnings and
usage information.  "win32" is the default specification for all windows
servers and is also appended to each of the seperate host files that are
included.  This allows for a single file to be edited and included for all
of the windows servers.

Example:
Filename = servername
log:D:\Program Files\Apache Software Foundation\TomcatA\logs\stdout_YYYYMMDD.log:10240
log:D:\Program Files\Apache Software Foundation\TomcatB\logs\stdout_YYYYMMDD.log:10240



Seperator (warning messages):
#
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
# EDIT client-local/<hostname> ONLY!!!!!
#


I run this through cron at 23:45 which provides a little time for the file to be disseminated out to the windows servers by midnight.  Hopefully, this is not too confusing.  ☺

Thanks,
John
Upcoming PTO:
(none)

_____________________________________________________________________
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
312.693.3136 office
_____________________________________________________________________

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Neil Simmonds
Sent: Tuesday, February 04, 2014 5:30 AM
To: henrik at hswn.dk; xymon at xymon.com
Subject: Re: [Xymon] Windows log monitoring

I don’t like to correct you Henrik but BBWin 0.13 can monitor log files as long as the log file name is hard coded in the client-local.cfg. What I’m unable to find an answer to is the unix like way of running a command to get the log file name for monitoring.

I suspected WinPSClient might be the option for this so now you have suggested it’s possible in that, it’s worth me investing the time to install it on a server and do some testing.

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of henrik at hswn.dk<mailto:henrik at hswn.dk>
Sent: 04 February 2014 11:19
To: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] Windows log monitoring


Den 2014-02-04 11:53, Neil Simmonds skrev:
I want to monitor some windows logs that are named with a date/time stamp using BBWin in central mode.
I’ve tried putting a command in backticks in client-local.cfg ( log:` dir /B D:\Transact\Transact\Server\Logs\*.tr1`:10240 ) but although that command works perfectly in a windows command prompt, I don’t get anything monitored. If I hard code the name of the file all works as expected.
At the moment I suspect that what I want to do is not possible but I thought I’d check with the mailing list before I go looking in to external scripts to do this.
BBWin cannot monitor log files, only the Windows event-log.
The Powershell-based WinPSClient appears to do logfile-checks like the Unix-based Xymon client.

Regards,
Henrik


Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.
Express Gifts Limited is authorised and regulated by the Financial Conduct Authority
________________________________
NOTE: This email and any information contained within or attached in a separate file is confidential and intended solely for the Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any information or data included with this e-mail remains the property of Findel PLC and the recipient will refrain from utilising the information for any purpose other than that indicated and upon request will destroy the information and remove it from their records. Any views or opinions presented are solely those of the author and do not necessarily represent those of Findel PLC. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this e-mail and any attachments. No liability is accepted for any consequences arising from it. Findel Plc reserves the right to monitor all e-mail communications through its internal and external networks. If you have received this email in error please notify our IT helpdesk on +44(0) 1254 303030


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. .
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140204/a7eefd14/attachment.html>


More information about the Xymon mailing list