[Xymon] Postfix queue monitor - no graphs

Shawn Heisey hobbit at elyograg.org
Wed Mar 11 16:12:19 CET 2015 

On 3/10/2015 6:41 PM, Jeremy Laidman wrote:
>     What troubleshooting steps do I need to follow to figure out if I did
>     something wrong with the graphing config and what to change?
> 
> 
> Look for the RRD files.

Thanks for your reply.

I do not see any RRD files for postfix.  I have added postfix to these
lines in xymonserver.cfg:

TEST2RRD="cpu=la,disk,inode,qtree,memory,$PINGCOLUMN=tcp,http=tcp,dns=tcp,dig=tcp,time=ntpstat,vmstat,iostat,netstat,temperature,apache,bind,sendmail,mailq,nmailq=mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,files,procs=processes,ports,clock,lines,ops,stats,cifs,JVM,JMS,HitCache,Session,JDBCConn,ExecQueue,JTA,TblSpace,RollBack,MemReq,InvObj,snapmirr,snaplist,snapshot,if_load=devmon,temp=devmon,paging,mdc,mdchitpct,cics,dsa,getvis,maxuser,nparts,xymongen,xymonnet,xymonproxy,xymond,postfix"

GRAPHS="la,disk,inode,qtree,files,processes,memory,users,vmstat,iostat,tcp.http,tcp,ncv,netstat,ifstat,mrtg::1,ports,temperature,ntpstat,apache,bind,sendmail,mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,clock,lines,ops,stats,cifs,JVM,JMS,HitCache,Session,JDBCConn,ExecQueue,JTA,TblSpace,RollBack,MemReq,InvObj,snapmirr,snaplist,snapshot,devmon::1,if_load::1,temp,paging,mdc,mdchitpct,cics,dsa,getvis,maxuser,nparts,xymongen,xymonnet,xymonproxy,xymond,postfix"

I also added this as the last line in xymonserver.cfg:

SPLITNCV_postfix="*:GAUGE"

> That's a common solution to this problem.  I'm not sure I like the idea
> of altering the perms on /var/lib/xymon/tmp/, but I can't see a
> particularly nasty exploit being made available by this.
> 
> A better option might be to add the "sudo" command into the script
> (before each "find" command) rather than running the whole script under
> sudo, and in this way, most of the script runs as the xymon user,
> meaning no permissions problems.
> 
> Three other options come to mind:
> 
> 1) add the xymon user to the postfix group
> 2) have the postfix user periodically dump the "find" command output to
> temp files, and adjust the xymon script to use the files (essntially
> commenting out the lines that run "find" and update the ".old" files
> 3) have the postfix user run the postfix.sh script (eg via her cron),
> such as making /etc/cron.d/xymon-postfix:

Adding the xymon user to the postfix group won't work, because the
postfix queue directories have permission 700.  That was the first idea
that occurred to me, and it wouldn't work.

I found another permissions solution that I like better.  I added
"BBTMP=/tmp" to the beginning of the CMD line in the clientlaunch
config, removed "-g xymon" from the sudo options, and removed the group
allowance from the sudoers config.  That allowed me to reverse the
permission changes I made to /var/lib/xymon/tmp, and everything still
works.  There's a small amount of cruft in /tmp now (owned by
postfix:postfix), but there will be no problems if those files are removed.

Thanks,
Shawn

More information about the Xymon mailing list