JC, I see it takes stdout just fine. Might I add that it might be beneficial if the script would output the heading say [script] vice the name of the the script "script.sh"? I java a bunch of specific info on each host that is 90% there for ref by our security folks, developers, etc... for instance which mode selinux is in, whether auditing is running, backup logs are current, etc. Using the "local" directory feature would gather the info, put a header on it and allow reports to more easily be run against the data.
Also, on the xymond_rootlogin.pl script, where would this be set upto run? In the tasks.cfg?
Dave
On Sun, Jan 10, 2016 at 8:05 PM, J.C. Cleaver <cleaver at terabithia.org> wrote:
Glad it could help :)
There should be a README-local file in the client home directory (or documentation directory, depending on what install method you used). By default, the client will look in $XYMONHOME/local/ for anything executable. If anything is found, it's run (xymonclient.sh:65) and the output is added to the client report near the end, under the heading "[local:<filename>]". This allows a server admin to easily add new things on a one-off basis.
Xymon v4.4 will have a similar directory named /sections/ with does the same thing, except without the "local:" prefix on the output. (It's intended for packaged site or distro/vendor-specific scripts.)
Ryan: Yes, this is one area where it definitely needs more highlighting. A lot of users miss that this happens, but it's really an invaluable resource for forensics.
Remember, though, that this requires xymon to be running in server-config mode, not --local client mode. In --local client mode, this raw data never leaves the original box and so can't be saved.
Regards, -jc
On Sun, January 10, 2016 3:51 pm, David Boyer wrote:
JC, Yes, it does! Thanks for the background.. I've written/modified several tests for my environment while we were still in the "big brother" era. I'm still learning the ins/outs of xymon. I'm intrigued by the use of the "local" directory on the clientside. Where might I find more information about using this feature.
Dave
On Sun, Jan 10, 2016 at 3:35 PM, Novosielski, Ryan <novosirj at ca.rutgers.edu> wrote:
I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful).
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | novosirj at rutgers.edu- 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `'
On Jan 10, 2016, at 06:48, J.C. Cleaver <cleaver at terabithia.org> wrote:
Hi David,
On Sat, January 9, 2016 3:15 pm, David Boyer wrote:
I see that there is data in the client data that is not turned into
columns? Can I turn this data into columns to report? I'm using xymon
4.3.20 on both the client/server.
On linux, I see that this data is not turned into any columns:
[who]
[route]
[netstat]
[ifstat]
Not that I'd use all of them, just wondering what the reasoning is behind
it.
This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind.
For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests at
https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond...
You can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute.
What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it:
The Xymon user-interface is simple, but engineers will also find lots of
relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon.
https://www.xymon.com/help/manpages/man7/xymon.7.html
This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time.
Also, I notice that getting the data via xymondboard is not 100% either...
[xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist
section=who"
*snip*
As you can see below, requesting a status on all the tests, there is no
"who" being reported.
But just a moment ago, asking for just that data it works.
[xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist"
*snip*
Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages).
The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages.
Hope that helps!
-jc
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon