[Xymon] Monitoring file sizes

David Baldwin david.baldwin at ausport.gov.au
Mon Apr 18 05:17:58 CEST 2016


Colin,
> Hi David and thanks for the reply
>
> I've corrected the regex but the test is still not going red.
>
Is there anything in the Client Data report?
You should see sections like:

[file:C:\WINDOWS\system.ini]
type:0x00020 (file)
mode:777 (not implemented)
linkcount:1
owner:0 (not implemented)
group:0 (not implemented)
size:219
atime:1247574897 (2009/07/14-12:34:57)
ctime:1247574897 (2009/07/14-12:34:57)
mtime:1244704084 (2009/06/11-07:08:04)


> Could you share your client-local.cfg?
>
I don't have any wildcard matching, only specific named files, so
nothing I can send you.

From client-local.cfg man page:

    FILE CONFIGURATION ENTRIES
           A file monitoring entry is used to watch the meta-data of a
    file: Owner, group, size, permis-
           sions, checksum etc. It looks like this:

               file:/var/log/messages[:HASH]

           The  file:FILENAME  line  defines  the  filename  of the file
    to monitor.  As with the "log:"
           entries, a filename enclosed in backticks means a command
    which will generate  the  filenames
           dynamically.  The optional [:HASH] setting defines what type
    of hash to compute for the file:
           md5, sha1 or rmd160. By default, no hash is calculated.
           NOTE: If you want to check multiple files using a wildcard,
    you must use a command to  gener-
           ate the filenames. Putting wildcards directly into the file:
    entry will not work.

So unless you are dynamically generating the file name client side,
which would at least require PS client since BBWin doesn't support it,
that is the issue to solve, or else monitor the folder if that can be done.

David
> Thanks
>
> CC
>
> On Mon, Apr 18, 2016 at 8:40 AM, David Baldwin
> <david.baldwin at ausport.gov.au <mailto:david.baldwin at ausport.gov.au>>
> wrote:
>
>     On 18/04/2016 9:42 am, Colin Coe wrote:
>>     Hi all
>>
>>     I'm trying to monitor some log files on Windows 7 clients.  I
>>     have this in the analysis.cfg file:
>>     --- 
>>     HOST=%client.*
>>         FILE "C:\users\user\Documents\ClientTiming*log" SIZE<500M
>>     yellow TRACK
>>         FILE "C:\users\user\Documents\ClientTiming*log" SIZE<1G red TRACK
>>         FILE "C:\users\user\Documents\ClientTrace*log"  SIZE<500M
>>     yellow TRACK
>>         FILE "C:\users\user\Documents\ClientTrace*log"  SIZE<1G red TRACK
>>     ---
>>
>>     The files are displayed but regardless of the file size, the test
>>     stays green.
>>
>>     I want the test to go red when the files exceed 1GB and yellow
>>     when greater than 500MB.
>>
>>     Any ideas where I'm going wrong?
>>
>     Is your filename supposed to be a regex? Wildcard matching isn't
>     builtin.
>
>     Try:
>
>     FILE "%C:\users\user\Documents\ClientTiming.*log" SIZE<500M yellow
>     TRACK
>
>     For starters.
>
>     Also, have you checked the file data is in your client data report
>     to match? Note that client-local.cfg only supports explicit
>     filenames unless this is an extension for whatever Windows Xymon
>     client you are using.
>
>     An alternative approach is to monitor the size of the folder
>     containing the log files. OK if only a few designated logs in
>     there. Not so good if you've got unlimited history, etc.
>
>     I have the following for my Windows clients:
>
>     (in /etc/client-local.cfg)
>
>     [win32]
>     dir:C:\inetpub
>     dir:C:\ProgramData\Microsoft\Windows\WER
>     dir:C:\Windows\Logs\CBS
>     dir:C:\Windows\Temp
>
>     (in analysis.cfg)
>             DIR C:\Windows\Logs\CBS yellow SIZE<200000 TRACK=C-CBS
>             DIR C:\Windows\Logs\CBS red SIZE<500000
>             DIR C:\ProgramData\Microsoft\Windows\WER yellow
>     SIZE<200000 TRACK=C-WER
>             DIR C:\ProgramData\Microsoft\Windows\WER red SIZE<500000
>             DIR C:\Windows\Temp yellow SIZE<200000
>     TRACK=C-Windows-Temp EXHOST=%(sccm)
>             DIR C:\Windows\Temp red SIZE<500000 EXHOST=%(sccm)
>
>
>     David.
>
>     -- 
>     David Baldwin - Senior Systems Administrator (Datacentres + Networks)
>     Digital Information Management and Technology
>     Australian Sports Commission          http://ausport.gov.au
>     Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
>     david.baldwin at ausport.gov.au <mailto:david.baldwin at ausport.gov.au>          1 Leverrier Street Bruce ACT 2617
>     Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
>
>
>     ------------------------------------------------------------------------
>     Keep up to date with what's happening in Australian sport visit
>     www.ausport.gov.au <http://www.ausport.gov.au>
>
>     This message is intended for the addressee named and may contain
>     confidential and privileged information. If you are not the
>     intended recipient please note that any form of distribution,
>     copying or use of this communication or the information in it is
>     strictly prohibited and may be unlawful. If you receive this
>     message in error, please delete it and notify the sender.
>     ------------------------------------------------------------------------
>
>


-- 
David Baldwin - Senior Systems Administrator (Datacentres + Networks)
Digital Information Management and Technology
Australian Sports Commission          http://ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au          1 Leverrier Street Bruce ACT 2617
Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160418/c0ec4c58/attachment.html>


More information about the Xymon mailing list