[Xymon] Who Column Test
Ray Reuter
ray.reuter at gmail.com
Tue Nov 13 17:41:57 CET 2012
Thank you for the quick turnaround, I will give it a shot and let you know
how it works out, we need it for Citrix and want to make sure no fewer than
5 are logged in to any one machine.
On Tue, Nov 13, 2012 at 11:22 AM, Henrik Størner <henrik at hswn.dk> wrote:
> On 13-11-2012 16:05, Ray Reuter wrote:
>
>> I need to be able to alert off of the "who" column. An example would be
>> if there was less than 5 connections I would like to be alerted. I know
>> way back in Big Brother days there was a perl script to do just that but
>> I am having zero luck of finding it now.
>>
>
> First step is to make the "who" status red - if you do that, then you can
> use the normal alert-rules to send out alerts.
>
> Current Xymon versions allow you to modify the color of an existing
> status, by sending a "modify" command to xymond. So what I would do was to
> run a script on the Xymon server which regularly fetches all of the "who"
> statuses, counts how many users are logged in on each host, and the sends a
> "modify" status if the maximum is exceeded.
>
>
> To get all of the "who" statuses, you can use
> xymon 127.0.0.1 "xymondboard test=who fields=hostname,msg"
> The output from this command is one line per status, with the hostname,
> then a '|' delimiter, and then the status-message with new-line changed
> into '\n'. I'm sure someone with Perl / Python / whatever scripting
> knowledge could easily turn this into something where you could count the
> number of lines (one for each user, minus a couple of header-lines), but
> here's a C program that will do it:
>
> --- cut here ---
> #include <stdio.h>
> #include <string.h>
> #include <stdlib.h>
>
> int main(int argc, char **argv)
> {
> char buf[4096];
> char *hostname, *msg, *l_start, *l_end;
>
> while (fgets(buf, sizeof(buf), stdin)) {
> int loggedin = 0;
>
> hostname = strtok(buf, "|");
> msg = strtok(NULL, "\n");
> if (!msg) continue;
>
> l_start = msg;
> do {
> l_end = strstr(l_start, "\\n");
>
> if ( (strncmp(l_start, "SESSIONNAME", 11) == 0) ||
> (strncmp(l_start, ">", 1) == 0) ||
> (strncmp(l_start, "rdp-tcp", 7) == 0) ||
> (strncmp(l_start, "console", 7) == 0) ) {
> /* Ignore the line */
> }
> else {
> loggedin++;
> }
>
> l_start = l_end ? (l_end + 2) : NULL;
> } while (l_start);
>
> fprintf(stdout, "%s %d\n", hostname, loggedin);
> }
>
> return 0;
> }
> --- cut here ---
>
> Just save this to "whocount.c" and run "gcc -o whocount whocount.c" to
> compile it. It ignores lines beginning with the texts "SESSIONNAME", ">",
> "rdp-tcp" or "console" - I think those lines always appear in the "who"
> status regardless of who is logged in.
>
> When you feed the input from the xymondboard command into this, it should
> output one line for each host with the hostname and the number of users
> logged in.
>
> So putting it all together, this script will change the "who" status to
> red for all hosts where 5 or more users are logged in:
>
> --- cut here ---
> #!/bin/sh
>
> LIMIT=5
>
> xymon 127.0.0.1 "xymondboard test=who fields=hostname,msg" | whocount |
> while read L
> do
> set $L
> HOSTNAME=$1
> LOGINCOUNT=$2
>
> if test $LOGINCOUNT -gt $LIMIT
> then
> echo 127.0.0.1 "modify $HOSTNAME.who red whomon $LOGINCOUNT users
> logged in (max is $LIMIT)"
> fi
> done
>
> exit 0
> --- cut here ---
>
> (assumes the "whocount" utility is in your PATH).
>
> You'd run this as an extra task from tasks.cfg - e.g. every 5 minutes.
>
>
> Now you have the "who" status going red when too many users are logged in,
> so alerting is easy - just add
>
> TEST=who COLOR=red
> MAIL security at example.com
>
> to alerts.cfg .
>
>
> Regards,
> Henrik
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20121113/46958f9e/attachment.html>
More information about the Xymon
mailing list