[Xymon] How Xymon invokes an SSH connection to the Client?

Adam Goryachev mailinglists at websitemanagers.com.au
Wed Mar 16 23:46:16 CET 2016 

Unless part of your problem is load related, and you are getting false 
alerts because the hobbit/xymon server is overloaded somehow.... (not 
entirely sure about this, but I guess it might happen that way)...

Though yes, why not just fix the monitoring system, and/or upgrade, 
rather than try to re-invent what has already been done...

Regards,
Adam

On 17/03/16 05:35, Agege wrote:
> Well said Galen!
> In addition, we're currently running Hobbit/Xymon 4.3.0.0 beta2.  And 
> there's discussion going on about upgrading Xymon or build a new 
> Server for Xymon or move newer Xymon hosts to Tivoli.
>
> Thanks,
> Agege
>
> On Mar 16, 2016, at 8:27 AM, Galen Johnson <Galen.Johnson at sas.com 
> <mailto:Galen.Johnson at sas.com>> wrote:
>
>> This is just a curiousity on my part but why does upper management 
>> think that moving to Tivoli is going to change the number of alerts 
>> you get (reasoning inferred from the statement below)?  If you 
>> configure Tivoli with the same thresholds, you're going to get the 
>> same alerting.  If it's a volume issue, it seems like it would make 
>> more sense to reconsider the current monitoring thresholds.  Just sayin'.
>>
>>
>> =G=
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Xymon <xymon-bounces at xymon.com 
>> <mailto:xymon-bounces at xymon.com>> on behalf of Agege Information 
>> Systems, Inc. <cs at agege.com <mailto:cs at agege.com>>
>> *Sent:* Tuesday, March 15, 2016 11:15 PM
>> *To:* Jeremy Laidman
>> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
>> *Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the 
>> Client?
>> Thank you Jeremy!
>>
>> Yes, the issues is that I have been asked to figure out is how Xymon 
>> handle monitoring activities with Xymon Clients.
>>
>> And the reason being is that we have one Xymon server with over 3,000 
>> Xymon clients on it.  And  we keep getting thousands of alert emails 
>> every day from Xymon clients.
>>
>> Therefore, the Upper Management would like to move some servers to 
>> Tivoli and they want to understand what Xymon does, and how it 
>> actually communicate with Clients.   So that when we finally move 
>> some servers to Tivoli, we will not be missing anything that Xymon 
>> has been monitoring.
>>
>> Thanks,
>> Agege
>>> On Mar 15, 2016, at 6:08 PM, Jeremy Laidman 
>>> <jlaidman at rebel-it.com.au <mailto:jlaidman at rebel-it.com.au>> wrote:
>>>
>>>     Please what script trigger the SSH tests that are built into the
>>>     services that Xymon uses.
>>>
>>>
>>> The SSH test, and all of the other network-probe tests (ping, http, 
>>> etc) are performed by the xymonnet program.  This is launched by the 
>>> xymonlaunch supervisor process, by default once every 5 minutes. The 
>>> execution parameters are defined in the tasks.cfg file, in the 
>>> [xymonnet] section.
>>>
>>> The way it works is this.  When xymonnet runs, it looks in 
>>> protocols.cfg and builts up its suite of TCP tests from there, such 
>>> as "smtp" and "ssh".  It also has built-in the three special non-TCP 
>>> tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the 
>>> hosts file for any host with a tag matching any of these defined 
>>> test names.  And then it runs through each test for each host having 
>>> that test.
>>>
>>> It's actually slightly more complicated than that, but it's 
>>> functionally equivalent to how I've explained it.  For more of the 
>>> details, refer to the man page for xymonnet, and read the "XYMONNET 
>>> INTERNALS" section.
>>>
>>> The "ssh" test is defined in protocols.cfg as follows:
>>>
>>> [ssh|ssh1|ssh2]
>>>    send "SSH-2.0-OpenSSH_4.1\r\n"
>>>    expect "SSH"
>>>    options banner
>>>    port 22
>>>
>>> This defines the port (which can be overridden per host in 
>>> hosts.cfg) and whether the status page should show the response 
>>> received after sending the "send" string.  The "send" string gets 
>>> sent to the remote server being subjected to the test. The "expect" 
>>> string is matched against the response (banner) and if successful, 
>>> the status goes green, otherwise red.  Or if the TCP socket fails to 
>>> connect, the status goes red.
>>>
>>> Is there a particular problem you're trying to solve?  If you would 
>>> like some more relevant help, perhaps you could explain what you're 
>>> trying to do, and what you are expecting to happen but is not.
>>>
>>> Cheers
>>> Jeremy
>>
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon


-- 
Adam Goryachev Website Managers www.websitemanagers.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160317/9fc6bc70/attachment.html>

More information about the Xymon mailing list