[xymon] BB to the latest Xymon - Input Wanted

Henrik Størner henrik at hswn.dk
Tue Dec 7 21:52:30 CET 2010 

In <1291753910.9867.1409147123 at webmail.messagingengine.com> bb at buglecreek.com writes:

>1. Can the 4.3 (future stable version) easily run our existing BB
>scripts.  I know 4.2.3 can, but was curious about 4.3 and the file name
>changes.  Looking at the latest BB to Xymon doc it seems that it should
>be ok.  Just looking for comfirmation.

The intention certainly is to try not to break BB scripts. So if
something breaks I will certainly look at fixing it, unless the
script is so heavily dependant on BB stuff that it will be really
difficult to support (but in that case it probably wouldn't work
with the older Hobbit versions).

So the bottom line is: If it works with 4.2.3, then it should also
work with 4.3.0. Only requirement is that you use the upgrade-script
to setup all of the symlinks so the old filenames are still available.


>2. We like that Xymon has a nice way to monitor log files for certain
>events and unauthorized ports being opened, are there any issues with
>system performance when monitoring log files for a "lot" of events.  I
>know a lot could mean many things, but has anyone run into performance
>issues?

The problem I've seen is that log files can be huge, and even though
the Xymon client only transfers the last 30 minutes of logentries
this can be quite a hefty chunk of data to send across the net every
5 minutes. Not to mention that it is stored in RAM on the Xymon server.
This can usually be remedied with some aggressive filtering in the
client-local.cfg file.


>3. Is Devmon still the recommended way to use SNMP with Xymon?  Are
>there plans to incorporate SNMP into future releases?  Some here want to
>use Cacti.

Devmon is a very capably solution for monitoring of SNMP devices.
It is the recommended solution for this, and probably will be for
quite some time.


>4. In the test 4.2.3 server system I added some hosts in the
>hobbits-clients.cfg file with some PROC, PORT (to look for unauthorized
>listeners), and LOG rules.  With only a few hosts, it became apparent
>that this file will become huge very quickly and somewhat unruly.  Is
>there a better way to handle this?  It seems that a site with 100+ or
>1000+ hosts all having an entry in the hobbits-clients.cfg on  the Xymon
>server the file will be unmanageable.  Maybe I'm not doing this
>correctly, since I set this test up fairly quickly?

You need to look into the "include" and "directory" statements in
hobbit-clients.cfg (now: analysis.cfg). My current setup has about 500
hosts configured in hobbit-clients.cfg, but that file only has a
   directory /etc/hobbit/clients.d
line, and then the actual configuration is kept in a number of files
located in that directory. This makes it easy to manage even a large
number of files, since you can split the configuration into logical
chunks.

The same technique can be used for all of the other Xymon configuration
files, by the way.


Regards,
Henrik

More information about the Xymon mailing list