Xymon WinPSclient central config examples
For example this does not work:
PROC "SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs" 1 1 red "TEXT=Terminal Services"
But it is found in the procs output... I have determined that much simpler SVC checks do work though, so thanks Dave.
In client-local.cfg, should this work: [host=SQL-CLU-N[12]] as an alternative to: [SQL-CLU-N1] and repeating everything in: [SQL-CLU-N2]
What should I do if I want to match the latest log file like this (on WinPSclient) log:C:\Temp\myServiceLog15-09-16.6.log:10240 where the date is the date the service was last restarted and the number before the .log is incremented when the log file is rotated, which is at least once per day? What kind of wildcards can I use, and can I put commands in backticks? And if I can use backticks, should they be in PowerShell?
Kind regards,
Sebastian
From: Dave Sent: 16 September 2016 19:42 To: SebA Subject: Re: [Xymon] Xymon WinPSclient central config examples
SebA,
I don't think there needs to be anything special in theclient-local.cfg for parsing PROCS (and PORTS).
Here's a few of my rules:
SVC %^Netbackup.Client.Service$
SVC XymonPSClient
PORT "LOCAL=%(0:445)$" state=LISTENING TEXT=smb
PORT "LOCAL=%(0:3389)$ state=LISTENING TEXT=rdp
Note, I had to use the periods in the "Netbackup Client Service" because of the spaces in the service name.
I added the PORTS for additional ref in parsing the data.
Dave
On Thu, Sep 15, 2016 at 9:03 AM, SebA <spah at syntec.co.uk> wrote:
Hi, does anyone have any examples of monitoring logs and procs using Xymon WinPSclient that they can share with me? client-local.cfg and analysis.cfg
Or tell me why this does not match anything when, excluding the %^ and $, this is what is displayed in the procs listing (names changed):
PROC "%^SVC:WindowsServiceName C:\Services\MyLongServerName.exe$" 1 1 red "TEXT=My Service"
This is returning red when the service is running - 0 instances found.
Kind regards,
SebA
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/ <http://lists.xymon.com/mailman/listinfo/xymon> mailman/listinfo/xymon
Hi
Re: PROC, I'm no expert on this but maybe the backslashes are causing the issue? As you can use PCRE here, "%SVC:TermService C:.Windows.System32.svchost\.exe -k termsvcs" may work.
Re:log - see the document: https://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/XymonPSCl ient.doc, which states:
log
log:FILENAME:SIZE:POSITIONS
Same as standard client-local.cfg, except ignore and trigger statements are not supported. Used to return entries from log files from various applications.
FILENAME - filename of the log. Wildcards are supported in the FILENAME field. Backticks are not supported.
SIZE - the maximum amount of data to be returned.
POSITIONS (optional) - the client returns the logfile and then saves the position. This is used to detect growth. By default, 6 positions are saved and the oldest saved position is removed every time the client collects data (by default, every 5 minutes). Therefore, unless new data is appended, nothing will be returned after 30 minutes. This parameter allows you to adjust the number of saved positions to extend this period (e.g. 288 = 24 hours).
Wildcards are standard Windows wildcards (*, ?) and backticks are not supported. In your case:
log:C:\Temp\myServiceLog*.log:10240
Should work (we use very similar config in our environment).
Cheers
Zak
From: SebA [mailto:spah at syntec.co.uk] Sent: 22 September 2016 19:42 To: xymon at xymon.com; Beck, Zak <zak.beck at accenture.com> Subject: RE: [Xymon] Xymon WinPSclient central config examples
For example this does not work:
PROC "SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs" 1 1 red "TEXT=Terminal Services"
But it is found in the procs output... I have determined that much simpler SVC checks do work though, so thanks Dave.
In client-local.cfg, should this work:
[host=SQL-CLU-N[12]]
as an alternative to:
[SQL-CLU-N1] and repeating everything in:
[SQL-CLU-N2]
What should I do if I want to match the latest log file like this (on WinPSclient)
log:C:\Temp\myServiceLog15-09-16.6.log:10240 where the date is the date the service was last restarted and the number before the .log is incremented when the log file is rotated, which is at least once per day? What kind of wildcards can I use, and can I put commands in backticks? And if I can use backticks, should they be in PowerShell?
Kind regards,
Sebastian
From: Dave Sent: 16 September 2016 19:42 To: SebA Subject: Re: [Xymon] Xymon WinPSclient central config examples
SebA,
I don't think there needs to be anything special in theclient-local.cfg for parsing PROCS (and PORTS).
Here's a few of my rules:
SVC %^Netbackup.Client.Service$
SVC XymonPSClient
PORT "LOCAL=%(0:445)$" state=LISTENING TEXT=smb
PORT "LOCAL=%(0:3389)$ state=LISTENING TEXT=rdp
Note, I had to use the periods in the "Netbackup Client Service" because of the spaces in the service name.
I added the PORTS for additional ref in parsing the data.
Dave
On Thu, Sep 15, 2016 at 9:03 AM, SebA <spah at syntec.co.uk <mailto:spah at syntec.co.uk> > wrote:
Hi, does anyone have any examples of monitoring logs and procs using Xymon WinPSclient that they can share with me? client-local.cfg and analysis.cfg
Or tell me why this does not match anything when, excluding the %^ and $, this is what is displayed in the procs listing (names changed):
PROC "%^SVC:WindowsServiceName C:\Services\MyLongServerName.exe$" 1 1 red "TEXT=My Service"
This is returning red when the service is running - 0 instances found.
Kind regards,
SebA
Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman _listinfo_xymon&d=DQMFAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-a Lwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=2-c9QEFeQgc3SyPnkLmYSV-Sv4OjHUbvh 5YVRWho-uU&s=Q-z_JHgUYQO1xaav-9sW7fYHEBmiSt78jW5dSoaEEvw&e=>
participants (2)
-
spah@syntec.co.uk
-
zak.beck@accenture.com