[Xymon] Couple of questions on client data

Novosielski, Ryan novosirj at ca.rutgers.edu
Sun Jan 10 21:35:20 CET 2016


I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful).

____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS      |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Senior Technologist
|| \\ and Health | novosirj at rutgers.edu<mailto:novosirj at rutgers.edu>- 973/972.0922 (2x0922)
||  \\  Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark
    `'

On Jan 10, 2016, at 06:48, J.C. Cleaver <cleaver at terabithia.org<mailto:cleaver at terabithia.org>> wrote:

Hi David,


On Sat, January 9, 2016 3:15 pm, David Boyer wrote:
I see that there is data in the client data that is not turned into
columns?  Can I turn this data into columns to report?  I'm using xymon
4.3.20 on both the client/server.

On linux, I see that this data is not turned into any columns:
[who]
[route]
[netstat]
[ifstat]

Not that I'd use all of them, just wondering what the reasoning is behind
it.

This is correct. The client data is a full raw text of various bits of
information that can be used to create status messages out of, but there
isn't a mandated 1:1 correspondence between each section and each test. By
keeping them independent (raw data and central processing), you have the
flexibility to write up new tests based off of already-existing incoming
data, and/or add new "raw" data without having a specific test in mind.

For the 'who' data in particular, there's a sample processor in the source
tarball that can demonstrate how easy it is to add simple new tests at
https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.pl

You can easily add new sections to the client data by adding files to a
"/local/" directory on the client machine, or editing the
xymonclient-${OS}.sh shell script by hand, and running any command that
the unprivileged 'xymon' user can execute.

What's the benefit to all this additional data if it's not used? Primarily
forensics and triage. As the xymon(7) man page puts it:

The Xymon user-interface is simple, but engineers will also find lots of
relevant information. E.g. the data that clients report to Xymon contain
the raw output from a number of system commands. That information is
available directly in Xymon, so an administrator no longer needs to
login to a server to get an overview of how it is behaving - the very
commands they would normally run have already been performed, and the
results are on-line in Xymon.

https://www.xymon.com/help/manpages/man7/xymon.7.html


This becomes even more relevant when you consider snapshoting. When a
status goes "red", a snapshot of the client data at that time is kept. So
if you went back later to try to figure out why (e.g.) CPU was rising, the
output of the '[who]' section tells you who might have been doing
something then, even if the data wasn't used for making a test out of at
that time.




Also, I notice that getting the data via xymondboard is not 100% either...

[xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who"
*snip*

As you can see below, requesting a status on all the tests, there is no
"who" being reported.
But just a moment ago, asking for just that data it works.

[xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist"
*snip*


Correct. The "clientlog" command retrieves the most recent raw client
data, while the "xymondboard" command retrieves just the status messages
(the tests that you see on the webpages).

The "clientlog" column on the web page, much like the "info" and "trends"
columns, isn't a real test... it's just present to provide easy access to
the most recent data. You can also access it from the "Client data" link
on the bottom of any of that host's status pages.


Hope that helps!

-jc

_______________________________________________
Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>
http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160110/6593356a/attachment.html>


More information about the Xymon mailing list