[Xymon] Two basic questions

J.C. Cleaver cleaver at terabithia.org
Fri Jul 17 01:20:19 CEST 2015 


On Thu, July 16, 2015 2:56 pm, Michael Short wrote:
> Hello All,
>
> I'm a new subscriber, moving from an old BB setup to Xymon. I had two
> questions that I hadn't been able to find the answer to.

Welcome! :)


>
> 1)  How do you setup an external script to run only on certain hosts?  I
> didn't see anything like the bb-bbexttab file.  It seems if a script isn't
> present in the $XYMHOME/ext/ directory, it can't run.  But that's not as
> clean a solution; makes it had to have one set of files to push to all
> clients.  So what's the preferred method?

On the client side, you'll want to modify the clientlaunch.cfg file.
Depending on your distribution/package, this may also automatically
include a directory like /etc/xymon-client/client.d/

Those files (similar to the tasks.cfg file server-side) can contain
'ONHOST' directives within given stanzas (which can be regexes) to control
task running on a per-server basis.

One note is that a non-matching 'onhost' line simply disables the tasks.
xymonlaunch will still need all [tasks] it sees to be unique, even the
disabled ones.

If you have puppet or some other sort of config management, it may be
simplest just to deploy client.d/* files on the servers you want to run
the code on and not on the others.

There's nothing special or automatic about the 'ext' directory itself;
it's simply a useful place to put things.

>
> 2) How do you read system logfiles on Linux hosts, when the files are
> root-only and the monitoring runs as user xymon?  This is for Red Hat
> systems, where things like /var/log/messages are perm 700. I could set the
> perms to 744, but that's likely to get changed back when the logs rotate
> or the systems is patched.  Do you run Xymon as root user on Linux
> systems? I didn't think so, or the install instructions wouldn't have you
> create a xymon user and group. So is there a better way?


xymon runs as an unprivileged user, so log file monitoring should be
considered in that regards. Depending on your OS and release, adding a
read facl for the xymon user might survive a rotation (RHEL6 does this,
EL5 doesn't). You could also chmod it 640, give it a group of 'adm', and
add the xymon user to that group, or provide another means of reading it.

One thing you'll definitely not want to do is make the logfetch program
itself setuid. Its config of what files to look at is returned from the
server, so you don't want to elevate it beyond the normal user account.


HTH,

-jc

More information about the Xymon mailing list