I added "--loadhostsfromxymond" to xymond_alert and that made no difference.

These are just directory includes in the hosts.cfg file.

FWIW, these clients can also NOT be found using the find host script from the browser - this is annoying for the time being but what if all of our hosts were with directory includes?

Thanks, John

-----Original Message----- From: Japheth Cleaver <cleaver at terabithia.org> Sent: Wednesday, September 4, 2019 2:58 PM To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; xymon at xymon.com Subject: [External] Re: Errors after upgrade to 4.3.29

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

Hi,

This warning (used to be just a debug message) was added in a few

versions ago (https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_xymon... ) to call out

when rules were presented for a host not visible yet. It could be a sign

that xymond is not following the 'include' files and thus not presenting

it to xymond_alert.

Are these regular directory includes or 'netinclude's?

Also, can you try adding the --loadhostsfromxymond option to your

xymond_alert CMD line and see if the warnings go away?

HTH,

-jc

On 9/4/2019 9:03 AM, Rothlisberger, John R. wrote:

Ubuntu 16.04LTS

Hosts.cfg entry:

directory /home/xymon/server/etc/include_ssl/a/

File /home/Xymon/server/etc/include_ssl/a/abcdef.acc.com contains:

0.0.0.0abcdef.acc.com # noconn NOPROPYELLOW:* NOPROPPURPLE:*

NOCOLUMNS:http,info,trends ssldays=30:15 https://urldefense.proofpoint.com/v2/url?u=https-3A__abcdef.acc.com&d=DwID-g...

0.0.1.0

I am seeing these errors in my alert.log - these particular clients

(URL's actually as they are for sslcert tests reside in an include

directory):

Checking criteria for host 'abcdef.acc.com', which is not yet defined;

some alerts may not immediately fire

The errors are popping for every file that is in the include_directory.

These errors were not present in 4.3.21 - 4.3.28. Ideas?

Thanks,

John

Upcoming PTO:

John Rothlisberger

IT Strategy, Infrastructure & Security - Technology Growth Platform

TGP for Business Process Outsourcing

Accenture

312.693.3136 office**

This message is for the designated recipient only and may contain

privileged, proprietary, or otherwise confidential information. If you

have received it in error, please notify the sender immediately and

delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and

its affiliates, including e-mail and instant messaging (including

content), may be scanned by our systems for the purposes of information

security and assessment of internal compliance with Accenture policy.

Your privacy is important to us. Accenture uses your personal data only

in compliance with data protection laws. For further information on how

Accenture processes your personal data, please see our privacy statement

at https://www.accenture.com/us-en/privacy-policy.

http://www.accenture.com

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.

www.accenture.com

For the first part of your question - whether they can be seen from query from command line - I assume this is sufficient: xymon 0 xymondboard|grep test.acc.com test.acc.com|trends|green||0|0|0|0|0||| test.acc.com|info|green||0|0|0|0|0||| test.acc.com|sslcert|green||1561426921|1567772582|1567774382|0|0|127.0.0.1||green Fri Sep 6 13:21:49 2019 test.acc.com|http|green||1566753294|1567772582|1567774382|0|0|127.0.0.1||green Fri Sep 6 13:21:49 2019: OK

There are a few other tests but in general we suppress some tests we just don't need to see on the page. These are all being picked up from the include directories as they do show up fine in the generated webpages. The only odd behavior is the errors. I will have to do some testing with the debug.

Thanks, John

-----Original Message----- From: Japheth Cleaver <cleaver at terabithia.org> Sent: Thursday, September 5, 2019 1:49 PM To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; xymon at xymon.com Subject: Re: [External] Re: Errors after upgrade to 4.3.29

Hmm. This seems very strange. Are these hosts visible like normal in generated status pages, and via query to xymond from the command line? Based on your exclusions there, I believe the only test you wanted to have present was the resulting 'sslcert'?

I just tested a descending directory structure and confirmed that something like "directory /etc/xymon/hosts.d/" should read into subdirectories properly.

Would you mind providing some xymond debug (-USR2) output during a hostfile reload or startup? It should list each file as it's reading it in.

-jc

On 9/5/2019 4:56 AM, Rothlisberger, John R. wrote:

I added "--loadhostsfromxymond" to xymond_alert and that made no difference.

These are just directory includes in the hosts.cfg file.

FWIW, these clients can also NOT be found using the find host script from the browser - this is annoying for the time being but what if all of our hosts were with directory includes?

Thanks, John

-----Original Message----- From: Japheth Cleaver <cleaver at terabithia.org> Sent: Wednesday, September 4, 2019 2:58 PM To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; xymon at xymon.com Subject: [External] Re: Errors after upgrade to 4.3.29

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

Hi,

This warning (used to be just a debug message) was added in a few

versions ago (https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_ p_xymon_code_7888_&d=DwID-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOt kVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq &m=RK9M5u1KGPmJEBNLLre2D9-Esck80LjKSd4WB3cXoyk&s=ErUxIseIPx2kqKT4GWGEN m-LlkHZcfx71WooCgTu3rI&e= ) to call out

when rules were presented for a host not visible yet. It could be a sign

that xymond is not following the 'include' files and thus not presenting

it to xymond_alert.

Are these regular directory includes or 'netinclude's?

Also, can you try adding the --loadhostsfromxymond option to your

xymond_alert CMD line and see if the warnings go away?

HTH,

-jc

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.

www.accenture.com