On 3/10/2015 6:41 PM, Jeremy Laidman wrote:
What troubleshooting steps do I need to follow to figure out if I did something wrong with the graphing config and what to change?Look for the RRD files.
Thanks for your reply.
I do not see any RRD files for postfix. I have added postfix to these lines in xymonserver.cfg:
TEST2RRD="cpu=la,disk,inode,qtree,memory,$PINGCOLUMN=tcp,http=tcp,dns=tcp,dig=tcp,time=ntpstat,vmstat,iostat,netstat,temperature,apache,bind,sendmail,mailq,nmailq=mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,files,procs=processes,ports,clock,lines,ops,stats,cifs,JVM,JMS,HitCache,Session,JDBCConn,ExecQueue,JTA,TblSpace,RollBack,MemReq,InvObj,snapmirr,snaplist,snapshot,if_load=devmon,temp=devmon,paging,mdc,mdchitpct,cics,dsa,getvis,maxuser,nparts,xymongen,xymonnet,xymonproxy,xymond,postfix"
GRAPHS="la,disk,inode,qtree,files,processes,memory,users,vmstat,iostat,tcp.http,tcp,ncv,netstat,ifstat,mrtg::1,ports,temperature,ntpstat,apache,bind,sendmail,mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,clock,lines,ops,stats,cifs,JVM,JMS,HitCache,Session,JDBCConn,ExecQueue,JTA,TblSpace,RollBack,MemReq,InvObj,snapmirr,snaplist,snapshot,devmon::1,if_load::1,temp,paging,mdc,mdchitpct,cics,dsa,getvis,maxuser,nparts,xymongen,xymonnet,xymonproxy,xymond,postfix"
I also added this as the last line in xymonserver.cfg:
SPLITNCV_postfix="*:GAUGE"
That's a common solution to this problem. I'm not sure I like the idea of altering the perms on /var/lib/xymon/tmp/, but I can't see a particularly nasty exploit being made available by this.
A better option might be to add the "sudo" command into the script (before each "find" command) rather than running the whole script under sudo, and in this way, most of the script runs as the xymon user, meaning no permissions problems.
Three other options come to mind:
- add the xymon user to the postfix group
- have the postfix user periodically dump the "find" command output to temp files, and adjust the xymon script to use the files (essntially commenting out the lines that run "find" and update the ".old" files
- have the postfix user run the postfix.sh script (eg via her cron), such as making /etc/cron.d/xymon-postfix:
Adding the xymon user to the postfix group won't work, because the postfix queue directories have permission 700. That was the first idea that occurred to me, and it wouldn't work.
I found another permissions solution that I like better. I added "BBTMP=/tmp" to the beginning of the CMD line in the clientlaunch config, removed "-g xymon" from the sudo options, and removed the group allowance from the sudoers config. That allowed me to reverse the permission changes I made to /var/lib/xymon/tmp, and everything still works. There's a small amount of cruft in /tmp now (owned by postfix:postfix), but there will be no problems if those files are removed.
Thanks, Shawn