<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
margin-top:2.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
line-height:106%;
page-break-after:avoid;
font-size:13.0pt;
font-family:"Calibri Light",sans-serif;
color:#2E74B5;
mso-fareast-language:EN-US;
font-weight:normal;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri Light",sans-serif;
color:#2E74B5;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Hi<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Re: PROC, I'm no expert on this but maybe the backslashes are causing the issue? As you can use PCRE here, </span><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>"%SVC:TermService C:.Windows.System32.svchost\.exe -k termsvcs</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>" may work.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Re:log – see the document: <a href="https://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/XymonPSClient.doc">https://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/XymonPSClient.doc</a></span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:EN-US'>, <span style='color:blue'>which states:<o:p></o:p></span></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><h2>log<o:p></o:p></h2><p class=MsoNormal>log:FILENAME:SIZE:POSITIONS<o:p></o:p></p><p class=MsoNormal>Same as standard client-local.cfg, except ignore and trigger statements are not supported. Used to return entries from log files from various applications.<o:p></o:p></p><p class=MsoNormal>FILENAME – filename of the log. Wildcards are supported in the FILENAME field. Backticks are not supported.<o:p></o:p></p><p class=MsoNormal>SIZE – the maximum amount of data to be returned.<o:p></o:p></p><p class=MsoNormal>POSITIONS (optional) – the client returns the logfile and then saves the position. This is used to detect growth. By default, 6 positions are saved and the oldest saved position is removed every time the client collects data (by default, every 5 minutes). Therefore, unless new data is appended, nothing will be returned after 30 minutes. This parameter allows you to adjust the number of saved positions to extend this period (e.g. 288 = 24 hours).<o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Wildcards are standard Windows wildcards (*, ?) and backticks are not supported. In your case:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>log:C:\Temp\myServiceLog*.log:10240<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Should work (we use very similar config in our environment).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Cheers<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue'>Zak </span><span style='font-size:9.0pt;font-family:"Arial",sans-serif;color:blue'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> SebA [mailto:spah@syntec.co.uk] <br><b>Sent:</b> 22 September 2016 19:42<br><b>To:</b> xymon@xymon.com; Beck, Zak <zak.beck@accenture.com><br><b>Subject:</b> RE: [Xymon] Xymon WinPSclient central config examples<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>For example this does not work:</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> PROC "SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs" 1 1 red "TEXT=Terminal Services"</span><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>But it is found in the procs output... I have determined that much simpler SVC checks do work though, so thanks Dave.</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>In client-local.cfg, should this work:</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>[host=SQL-CLU-N[12]]</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>as an alternative to:</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>[SQL-CLU-N1]<br>and repeating everything in:</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>[SQL-CLU-N2]</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>What should I do if I want to match the latest log file like this (on WinPSclient)</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>log:C:\Temp\myServiceLog15-09-16.6.log:10240<br>where the date is the date the service was last restarted and the number before the .log is incremented when the log file is rotated, which is at least once per day? What kind of wildcards can I use, and can I put commands in backticks? And if I can use backticks, should they be in PowerShell?<o:p></o:p></span></p></div><p><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Kind regards,</span> <o:p></o:p></p><p><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sebastian </span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><blockquote style='border:none;border-left:solid black 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'><div class=MsoNormal align=center style='text-align:center'><span lang=EN-US><hr size=2 width="100%" align=center></span></div><p class=MsoNormal style='margin-bottom:12.0pt'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> Dav</span><span lang=EN-US style='font-size:10.0pt;font-family:"Arial",sans-serif'>e </span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'><br><b>Sent:</b> 16 September 2016 19:42<br><b>To:</b> SebA<br><b>Subject:</b> Re: [Xymon] Xymon WinPSclient central config examples</span><span lang=EN-US><o:p></o:p></span></p><div><div><div><p class=MsoNormal style='margin-bottom:12.0pt'>SebA,<o:p></o:p></p></div><p class=MsoNormal> I don't think there needs to be anything special in the client-local.cfg for parsing PROCS (and PORTS).<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>Here's a few of my rules:<o:p></o:p></p></div><div><p class=MsoNormal>SVC %^Netbackup.Client.Service$<o:p></o:p></p></div><div><p class=MsoNormal>SVC XymonPSClient<o:p></o:p></p></div><div><p class=MsoNormal>PORT "LOCAL=%(0:445)$" state=LISTENING TEXT=smb<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>PORT "LOCAL=%(0:3389)$ state=LISTENING TEXT=rdp<br><br><o:p></o:p></p></div><div><p class=MsoNormal>Note, I had to use the periods in the "Netbackup Client Service" because of the spaces in the service name.<o:p></o:p></p></div><div><p class=MsoNormal>I added the PORTS for additional ref in parsing the data.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p></div><div><p class=MsoNormal>Dave<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Thu, Sep 15, 2016 at 9:03 AM, SebA <<a href="mailto:spah@syntec.co.uk" target="_blank">spah@syntec.co.uk</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Hi, does anyone have any examples of monitoring logs and procs using Xymon WinPSclient that they can share with me?</span> client-local.cfg and analysis.cfg<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Or tell me why this does not match anything when, excluding the %^ and $, this is what is displayed in the procs listing (names changed):</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> PROC "%^SVC:WindowsServiceName C:\Services\MyLongServerName.exe$" 1 1 red "TEXT=My Service"</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>This is returning red when the service is running - 0 instances found.</span><o:p></o:p></p></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial",sans-serif'><br>Kind regards,<br><br>SebA</span><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>Xymon mailing list<br><a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DQMFAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=2-c9QEFeQgc3SyPnkLmYSV-Sv4OjHUbvh5YVRWho-uU&s=Q-z_JHgUYQO1xaav-9sW7fYHEBmiSt78jW5dSoaEEvw&e=" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></blockquote></div></body></html>