[Xymon] Postfix queue monitor - no graphs

Jeremy Laidman jlaidman at rebel-it.com.au
Wed Mar 11 01:41:09 CET 2015


On 11 March 2015 at 10:49, Shawn Heisey <hobbit at elyograg.org> wrote:

> I ran into a number of issues, and I've fixed all but one of them.  The
> graphs aren't working.  I followed all the instructions on that page,
> except that the config files I edited did not have "hobbit" in the name
> because I'm running 4.3.14 on the server and 4.3.7 on the client.
>
> What troubleshooting steps do I need to follow to figure out if I did
> something wrong with the graphing config and what to change?
>

Look for the RRD files.


> I solved this with these changes to
> the client system:
>
> In /etc/sudoers.d/xymon:
> xymon ALL=(postfix : xymon) SETENV:NOPASSWD:
> /usr/lib/xymon/client/ext/postfix.sh
>
> In /etc/xymon/clientlaunch.d/xymon/postfix.cfg:
> CMD /usr/bin/sudo -E -u postfix -g xymon $XYMONCLIENTHOME/ext/postfix.sh
>
> In /var/lib/xymon/tmp:
> chmod g+w -R .
>
> Is that a reasonable permission fix, or should I have done it a
> different way?
>

That's a common solution to this problem.  I'm not sure I like the idea of
altering the perms on /var/lib/xymon/tmp/, but I can't see a particularly
nasty exploit being made available by this.

A better option might be to add the "sudo" command into the script (before
each "find" command) rather than running the whole script under sudo, and
in this way, most of the script runs as the xymon user, meaning no
permissions problems.

Three other options come to mind:

1) add the xymon user to the postfix group
2) have the postfix user periodically dump the "find" command output to
temp files, and adjust the xymon script to use the files (essntially
commenting out the lines that run "find" and update the ".old" files
3) have the postfix user run the postfix.sh script (eg via her cron), such
as making /etc/cron.d/xymon-postfix:

  */5 * * * * postfix ( /usr/lib/xymon/client/xymoncmd /bin/sh -c
'XYMONTMP=/tmp $XYMONCLIENTHOME/ext/postfix.sh' ) >/tmp/somelogfile 2>&1

I've used all of these to good effect.  I think the last of these options
is my preferred option.  A variation on the last one is to change the
script to use /tmp instead of $BBTMP, and then the crontab line is much
simpler.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150311/42502c4a/attachment.html>


More information about the Xymon mailing list