[Xymon] Xymon WinPSclient central config examples

zak.beck at accenture.com zak.beck at accenture.com
Fri Sep 23 09:46:13 CEST 2016 

Hi

 

Re: PROC, I'm no expert on this but maybe the backslashes are causing the
issue? As you can use PCRE here, "%SVC:TermService
C:.Windows.System32.svchost\.exe -k termsvcs" may work.

 

Re:log - see the document:
https://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/XymonPSCl
ient.doc, which states:

 


log


log:FILENAME:SIZE:POSITIONS

Same as standard client-local.cfg, except ignore and trigger statements are
not supported. Used to return entries from log files from various
applications.

FILENAME - filename of the log. Wildcards are supported in the FILENAME
field. Backticks are not supported.

SIZE - the maximum amount of data to be returned.

POSITIONS (optional) - the client returns the logfile and then saves the
position. This is used to detect growth. By default, 6 positions are saved
and the oldest saved position is removed every time the client collects data
(by default, every 5 minutes). Therefore, unless new data is appended,
nothing will be returned after 30 minutes. This parameter allows you to
adjust the number of saved positions to extend this period (e.g. 288 = 24
hours).

 

 

Wildcards are standard Windows wildcards (*, ?) and backticks are not
supported. In your case:

 

log:C:\Temp\myServiceLog*.log:10240

 

Should work (we use very similar config in our environment).

 

Cheers

 

Zak 

 

From: SebA [mailto:spah at syntec.co.uk] 
Sent: 22 September 2016 19:42
To: xymon at xymon.com; Beck, Zak <zak.beck at accenture.com>
Subject: RE: [Xymon] Xymon WinPSclient central config examples

 

For example this does not work:

 

 PROC "SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs" 1 1 red
"TEXT=Terminal Services"

But it is found in the procs output...  I have determined that much simpler
SVC checks do work though, so thanks Dave.

 

In client-local.cfg, should this work:

[host=SQL-CLU-N[12]]

as an alternative to:

[SQL-CLU-N1]
and repeating everything in:

[SQL-CLU-N2]

What should I do if I want to match the latest log file like this (on
WinPSclient)

log:C:\Temp\myServiceLog15-09-16.6.log:10240
where the date is the date the service was last restarted and the number
before the .log is incremented when the log file is rotated, which is at
least once per day?  What kind of wildcards can I use, and can I put
commands in backticks?  And if I can use backticks, should they be in
PowerShell?

Kind regards, 

Sebastian  

 

 


  _____  


From: Dave 
Sent: 16 September 2016 19:42
To: SebA
Subject: Re: [Xymon] Xymon WinPSclient central config examples

SebA,

      I don't think there needs to be anything special in the
client-local.cfg for parsing PROCS  (and PORTS).

Here's a few of my rules:

SVC %^Netbackup.Client.Service$

SVC XymonPSClient

PORT "LOCAL=%(0:445)$" state=LISTENING TEXT=smb

PORT "LOCAL=%(0:3389)$ state=LISTENING TEXT=rdp



Note, I had to use the periods in the "Netbackup Client Service" because of
the spaces in the service name.

I added the PORTS for additional ref in parsing the data.

 

Dave

 

 

On Thu, Sep 15, 2016 at 9:03 AM, SebA <spah at syntec.co.uk
<mailto:spah at syntec.co.uk> > wrote:

Hi, does anyone have any examples of monitoring logs and procs using Xymon
WinPSclient that they can share with me?  client-local.cfg and analysis.cfg

 

Or tell me why this does not match anything when, excluding the %^ and $,
this is what is displayed in the procs listing (names changed):

 

 PROC "%^SVC:WindowsServiceName C:\Services\MyLongServerName.exe$" 1 1 red
"TEXT=My Service"

This is returning red when the service is running - 0 instances found.


Kind regards,

SebA


_______________________________________________
Xymon mailing list
Xymon at xymon.com <mailto:Xymon at xymon.com> 
http://lists.xymon.com/mailman/listinfo/xymon
<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman
_listinfo_xymon&d=DQMFAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-a
Lwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=2-c9QEFeQgc3SyPnkLmYSV-Sv4OjHUbvh
5YVRWho-uU&s=Q-z_JHgUYQO1xaav-9sW7fYHEBmiSt78jW5dSoaEEvw&e=> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160923/e647c247/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6831 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160923/e647c247/attachment.bin>

More information about the Xymon mailing list