[Xymon] question about analysis.cfg and central mode for windows clients

Timothy Williams tlwilliams4 at vcu.edu
Wed Jun 2 20:58:24 CEST 2021 

David, the cleaner way is to list exceptions on Hosts first, then the
default for all Powershell clients. I believe your behaviour is due by
Xymon stops parsing on the host name once it matches, then adds the (first)
default. In the example below, I have the location of the Xymon
client_config identified (has to be in the Client_config file downloaded or
local), the WinLogon for PROC, and the RDP port so that the columns are
normally Green. The servicecheck for WinCollect is ignored on the server if
it doesn't exist. It's purpose is to restart a service if found to be
stopped. I believe your SVC " status=started startup=automatic" is legacy
in BBWin but doesn't work in PSXymon that way.

Here is an Analysis example:

HOST=CCSWSUS
SVC WsusService status=started
SVC WinCollect status=started

HOST=CCSSophos
SVC Sophos_Management_Service status=started
SVC SophosPatchEndpointCommunicator status=started

HOST=CCS###
SVC MSSQL$SUPERCHARGER status=started
SVC WinCollect status=started

CLASS=powershell
UP      30m
Load    90 95
DISK     * 85 95
MEMPHYS 70 95
MEMSWAP 60 85
PROC    winlogon
SVC  XymonPSClient status=started
SVC CSFalconService status=started
SVC SAVService status=started
SVC SAVAdminService status=started
SVC Sophos_Agent status=started
SVC Sophos_AutoUpdate_Service status=started
PORT    "LOCAL=%([\.:]3389)$" STATE=LISTENING COLOR=YELLOW text=RDP
FILE C:\Utils\Xymonclient_config.xml
LOG eventlog_application Error|Warning
LOG eventlog_application Error
IGNORE=[1008],[2004],[1018],[1022],[11],[1524],[1008],[2003],[4099],[8005],[12289],[4879],SAVOnAccessFilter
LOG eventlog_system Error
IGNORE=[36874],[36871],[1002],[513],[4879],[36888],[157],[140],[50],[58],[137],[6037],[1],DCOM,Print,TermServDevices,SAVOnAccessFilter
LOG eventlog_system Warning COLOR=yellow

Here is a Client_Config example:
clientversion:2.42:http://webserver/pub/XymonPS
maxloop:720
xymonlogsend
file:c:\utils\Xymonclient_config.xml
servicecheck:WinCollect:5

Keep the questions coming,

Tim

On Wed, Jun 2, 2021 at 11:08 AM David Smith via Xymon <xymon at xymon.com>
wrote:

>
>
>
> ---------- Forwarded message ----------
> From: David Smith <david.smith at renfrewshire.gov.uk>
> To: "xymon at xymon.com" <xymon at xymon.com>
> Cc:
> Bcc:
> Date: Wed, 2 Jun 2021 15:08:18 +0000
> Subject: question about analysis.cfg and central mode for windows clients
>
> Hi
>
>
>
> I am running Xymon server 4.3.30, and the vast majority of windows clients
> using BBwin, and trying xymonpsclient on a couple.
>
>
>
> After advise from another users, I could successfully use central mode for
> services, which is ok for a couple of clients but then gets quite wieldy
> when it is going to be dozens.
>
>
>
> I tried the following in analysis.cfg file
>
>
>
> I created a regular expression for one pattern of hostnames, and then for
> the extra services that differ on certain servers, I added a specific
> host/service entry. This works fantastically well.
>
>
>
> I then tried to add another regular expression for another pattern of
> hostnames, and would similarly try to add in exceptions.
>
>
>
> This does not work, the machines with the new pattern are still being
> given the services list for the first pattern. What I also tried was
> removing the second regular expression and just have a specific
> host/service entry. That also does not work, as it still gets the original
> services list even though the hostname does not fit the pattern.
>
>
>
> See below for excerpt from analysis.cfg
>
>
>
> Does anyone have any idea how/if I can do what I am trying?
>
>
>
> Regards
>
>
>
> David Smith
>
>
>
> ##A regular expression here for all the generic stuff on one pattern of
> servers
>
> HOSTS=s[cgjprst][abghlrm]as01
>
> ##stuff that is on all old app servers
>
> #backupexec stuff
>
> SVC BackupExecAgentAccelerator status=started startup=automatic
>
> SVC BackupExecAgentBrowser status=started startup=automatic
>
> SVC BackupExecDeviceMediaService  status=started startup=automatic
>
> SVC BackupExecJobEngine    status=started startup=automatic
>
>
>
> ##a bit more refined here, to add extra services for specific hosts
>
> HOST=schas01
>
> SVC  SibeliusLicenceServerV6 status=started startup=automatic
>
>
>
> HOST=sjhas01
>
> SVC  SibeliusLicenceServerV7 status=started startup=automatic
>
>
>
> ######STUFF below here doesnt obey the pattern
>
>
>
> ##A regular expression here for generic stuff on another pattern of servers
>
> HOSTS=[cgjprst][abghlrm]-as1
>
> ##stuff that is on all new servers
>
> SVC BrokerInfrastructure status=started startup=automatic
>
> SVC IISADMIN status=started startup=automatic
>
> SVC UALSVC status=started startup=automatic
>
> SVC W3SVC status=started startup=automatic
>
> SVC VeeamDeploySvc status=started startup=automatic
>
> SVC VeeamEndpointBackupSvc status=started startup=automatic
>
> SVC VeeamTransportSvc status=started startup=automatic
>
>
>
> HOST=ndo-as1
>
> SVC  SibeliusLicenceServerV7 status=started startup=automatic
>
>
>
>
>
> Renfrewshire Council Website -http://www.renfrewshire.gov.uk
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> Renfrewshire Council may, in accordance with the Telecommunications(Lawful
> Business Practice) (Interception of Communications) Regulations 2000,
> intercept e-mail messages for the purpose of monitoring or keeping a record
> of communications on the Council's system. If a message contains
> inappropriate dialogue it will automatically be intercepted by the
> Council's Internal Audit section who will decide whether or not the e-mail
> should be onwardly transmitted to the intended recipient(s).
>
>
>
> ---------- Forwarded message ----------
> From: David Smith via Xymon <xymon at xymon.com>
> To: "xymon at xymon.com" <xymon at xymon.com>
> Cc:
> Bcc:
> Date: Wed, 2 Jun 2021 15:08:18 +0000
> Subject: [Xymon] question about analysis.cfg and central mode for windows
> clients
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20210602/d3c3420b/attachment.htm>

More information about the Xymon mailing list