You're not going to believe this, but the FreeBSD system running Xymon is
listing Windows processes in the proc test. Which is why it can't see
httpd, sshd, etc. processes.
I just set up a new Windows Server 2019 VM yesterday and added the
PowerShell version of the Xymon client. I accidentally put the server's
name in the configuration file where the host's name is supposed to go.
The server must have accepted it at its word, pulled in the process list
after it read its own process list, and overwritten the process list. Thus
the alert is logical, but the sysadmin isn't. :)
Thanks for pointing out the process list and making me realize this.
Jaime Kikpole
Director of Technology & Innovations
Cairo-Durham Central School District
(XXX) XXX-XXXX, x59500
cairodurham.org <http://www.cairodurham.org>;
Technical Support:
user-2eed5d3dd752@xymon.invalid
go.cairodurham.org/techtips
<https://www.credential.net/d24m9rrp>;
On Wed, May 6, 2020 at 4:16 PM Root, Paul T <user-76fdb6883669@xymon.invalid>
wrote:
Look in your xymond test on your server. I?d bet that you are getting
oversized messages coming in from that host, and so processes is getting
truncated.
Or look at processes for that host. And you will see that the process
table isn?t complete.
Ultimately, you?ll need to increase messages in your configuration file.
*From:* Jaime Kikpole <user-c575ba5bb612@xymon.invalid>
*Sent:* Wednesday, May 06, 2020 2:52 PM
*To:* xymon at xymon.com
*Subject:* False alarm on proc
My xymon system has been running well for years and it just started
showing a red alarm on one of my host's processes list. It claims that
there are 0 (zero) instances of every process it is checking for, but I can
still ssh over to that host and see the processes in a ps command.
I'm honestly at a loss. I'm not sure how to troubleshoot this. Any
advice?
*Jaime Kikpole*
*Director of Technology & Innovations*
*Cairo-Durham Central School District*
(XXX) XXX-XXXX, x59500
cairodurham.org
<https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.cairodurham.org&umid=33760788-A500-3905-8BC8-4967B16CB618&auth=19120be9529b25014b618505cb01789c5433dae7-0cd119db5bbfc7260beb80640b84368f5878c1f1>;
*Technical Support:*
user-2eed5d3dd752@xymon.invalid
go.cairodurham.org/techtips
<https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fgo.cairodurham.org%2ftechtips&umid=33760788-A500-3905-8BC8-4967B16CB618&auth=19120be9529b25014b618505cb01789c5433dae7-3f1cdf5014891be60a8d9cfac22252e12e3f30eb>;
<https://imss91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.credential.net%2fd24m9rrp&umid=33760788-A500-3905-8BC8-4967B16CB618&auth=19120be9529b25014b618505cb01789c5433dae7-2141eb3834e531da3de3ee87bf004f2f49b91746>;
This electronic message and any attachment(s) may contain confidential or
legally privileged information protected by law from further disclosure and
is intended only for the individual or entity identified above as the
addressee. If you are not the addressee (or the employee or agency
responsible to deliver it to the addressee), or if this message has been
addressed to you in error, you are hereby notified that you may not copy,
forward, disclose or use any part of this message or any attachment(s).
Please notify the sender immediately by return email or telephone and
permanently delete this message and attachment(s) from your system.
This communication is the property of CenturyLink and may contain
confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please immediately notify the sender
by reply e-mail and destroy all copies of the communication and any
attachments.
--
This electronic message and any attachment(s) may contain confidential or
legally privileged information protected by law from further disclosure and
is intended only for the individual or entity identified above as the
addressee. If you are not the addressee (or the employee or agency
responsible to deliver it to the addressee), or if this message has been
addressed to you in error, you are hereby notified that you may not copy,
forward, disclose or use any part of this message or any attachment(s).
Please notify the sender immediately by return email or telephone and
permanently delete this message and attachment(s) from your system.