[Xymon] Two basic questions

Michael Short mshort at corelogic.com
Fri Jul 17 02:10:02 CEST 2015


Thanks J.C. -- I hadn't caught on to the 'client.d' and ONHOST combo. Sounds like what I need.

I had caught the warnings about logfetch, so definitely avoided that. Sounds like opening up group-read perms and adding xymon to the group is the method of choice.

Thanks All!



-----Original Message-----
From: J.C. Cleaver [mailto:cleaver at terabithia.org] 
Sent: Thursday, July 16, 2015 4:20 PM
To: Michael Short
Cc: xymon at xymon.com
Subject: Re: [Xymon] Two basic questions



On Thu, July 16, 2015 2:56 pm, Michael Short wrote:
> Hello All,
>
> I'm a new subscriber, moving from an old BB setup to Xymon. I had two
> questions that I hadn't been able to find the answer to.

Welcome! :)


>
> 1)  How do you setup an external script to run only on certain hosts?  I
> didn't see anything like the bb-bbexttab file.  It seems if a script isn't
> present in the $XYMHOME/ext/ directory, it can't run.  But that's not as
> clean a solution; makes it had to have one set of files to push to all
> clients.  So what's the preferred method?

On the client side, you'll want to modify the clientlaunch.cfg file.
Depending on your distribution/package, this may also automatically
include a directory like /etc/xymon-client/client.d/

Those files (similar to the tasks.cfg file server-side) can contain
'ONHOST' directives within given stanzas (which can be regexes) to control
task running on a per-server basis.

One note is that a non-matching 'onhost' line simply disables the tasks.
xymonlaunch will still need all [tasks] it sees to be unique, even the
disabled ones.

If you have puppet or some other sort of config management, it may be
simplest just to deploy client.d/* files on the servers you want to run
the code on and not on the others.

There's nothing special or automatic about the 'ext' directory itself;
it's simply a useful place to put things.

>
> 2) How do you read system logfiles on Linux hosts, when the files are
> root-only and the monitoring runs as user xymon?  This is for Red Hat
> systems, where things like /var/log/messages are perm 700. I could set the
> perms to 744, but that's likely to get changed back when the logs rotate
> or the systems is patched.  Do you run Xymon as root user on Linux
> systems? I didn't think so, or the install instructions wouldn't have you
> create a xymon user and group. So is there a better way?


xymon runs as an unprivileged user, so log file monitoring should be
considered in that regards. Depending on your OS and release, adding a
read facl for the xymon user might survive a rotation (RHEL6 does this,
EL5 doesn't). You could also chmod it 640, give it a group of 'adm', and
add the xymon user to that group, or provide another means of reading it.

One thing you'll definitely not want to do is make the logfetch program
itself setuid. Its config of what files to look at is returned from the
server, so you don't want to elevate it beyond the normal user account.


HTH,

-jc


****************************************************************************************** 
This message may contain confidential or proprietary information intended only for the use of the 
addressee(s) named above or may contain information that is legally privileged. If you are 
not the intended addressee, or the person responsible for delivering it to the intended addressee, 
you are hereby notified that reading, disseminating, distributing or copying this message is strictly 
prohibited. If you have received this message by mistake, please immediately notify us by  
replying to the message and delete the original message and any copies immediately thereafter. 

Thank you. 
****************************************************************************************** 
CLLD




More information about the Xymon mailing list