[Xymon] Serial alarm feeds

Jeremy Laidman jlaidman at rebel-it.com.au
Tue Aug 27 06:13:53 CEST 2013


On 27 August 2013 13:31, KING, KEVIN <KK1051 at att.com> wrote:

> No no snmp. It is a very closed system. The messages we get are out of a
> serial port to a term server.


:-(


> I guess I do not know the client tool then. How can I save the files on my
> xymon server and use entries  in the client config and alert rules to make
> if show up under the correct server?  Maybe I am getting myself stuck in
> the mud, but if the file is on the xymon host how can I process it like it
> was on the client?


A server is almost always also a client.  You should have the Xymon server
name in hosts.cfg, yes?  Also, the Xymon server can be listed in
client-local.cfg and analysis.cfg.  Just create appropriate entries in
those two files for the server and the logfile, and it will report the
errors as they appear.

The down-side to this is that the errors are assigned to the Xymon server.
 If you want them assigned to the device name instead, then you will
probably have to do something a bit more complex, such as writing a custom
script on the Xymon server to do the log analysis and reporting.  I don't
see a way that you can do this with the built-in log monitoring features.

Hmm, here's an idea.  You could create a script that simply replicates the
log file into a client message, which would be a substitute for the
client-local.cfg entry.  So then you'd be able to use the standard "LOG"
definitions in analysis.cfg to match whatever you want.

The easiest way to do this, I think, would be to run a second copy of
logfetch on the Xymon server (the standard one is usually run from
xymonclient.sh, from the [xymonclient] section of tasks.cfg).  The logfetch
tool requires a configuration file and a state file as parameters.
 Normally the config file is simply extracted from client-local.cfg and
pushed to the client during the client message interaction, but you can
simply create your own.  For example (untested), create in $XYMONTMP the
file logfetch-special.cfg, containing the following:

log:/var/log/mylogfile:10240
    ignore THIS
    ignore THAT

Then add the following into tasks.cfg or a new file in tasks.d:

[xymonclient-special]
    NEEDS xymond
    ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
    LOGFILE $XYMONCLIENTLOGS/xymonclient-special.log
    INTERVAL 5m
    CMD sh -c '( printf "eagle.example.com.eagle
eagle\n[msgs:/var/log/mylogfile]\n"; $XYMONCLIENTHOME/bin/logfetch
$XYMONTMP/logfetch-special.cfg $XYMONTMP/logfetch-special.status ) | $XYMON
$XYMSRV "@"'

This creates a header, using the device's hostname, and a [msgs:] section
for the logfile being monitored.  Then it uses logfetch to get the latest
bunch of lines from the logfile, and filter out any "ignore" entries from
the config file logfetch-special.cfg.  Finally, all of this is piped into
an instance of xymon that creates a client message and sends it to the
server.

The end result is a client message that should start to generate a "msgs"
dot against the device name (assuming you added the device name into
hosts.cfg - probably with a "noping" tag).  If this works, you can then
start using analysis.cfg to have the Xymon server parse the log file from
the client data.

This is all a bit kludgy.  You might prefer to extract the CMD bit into a
separate script, and just put the script name after the CMD keyword.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130827/4c6f1cb4/attachment.html>


More information about the Xymon mailing list