Hi
By default, Powershell writes Unicode files – I think UCS-2 but I may be mistaken. I think that is the reason for all the ^@ characters, i.e. multi-byte characters.
If you open the file in Windows notepad, my guess is it will display correctly.
Re: 'lying', my guess is your command returning 4000+ bytes is returning the entire configuration, whereas the 309 bytes is the section being returned due to the client identifier (clientsoftware / clientclass in xymonclient_config.xml).
Cheers
Zak Beck
From: Colin Coe [mailto:user-5b250cd7a540@xymon.invalid]
Sent: 15 December 2015 23:29
To: Beck, Zak <user-aada0fa38bf8@xymon.invalid>
Cc: Brandon Dale <user-bf8ff8e1cedb@xymon.invalid>; xymon at xymon.com
Subject: Re: [Xymon] clientconfig.cfg not getting updated
Hi all
Where the logs say that it is download the client config from the server and reports the below, it is actually lying:
---
2015-12-15 20:07:00 eventlog:security ignore success ignore Success ignore "The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer" eventlog:system ignore "Contact the administrator to install the driver before you log in again" tssessions adreplicaton
---
This is not what is in /etc/xymon/client-local/cfg (the correct path for the RPMs from JC).
What I have just noticed is that if I run 'xymon xxx.xx.106.11 "config client-local.cfg" | wc -c' I get 4931. (Obviously this is from a RHEL client)
When I source XymonSend.ps1 (from a Windows client running v2.04) and run 'xymonsend "config client-local.cfg" xxx.xx.106.11 > c:\test-client-local.txt' and then "dir" the file, I see that it is 9868 bytes in size.
I've then copied the file to a RHEL host and run "cat -v test-client-local.txt" and the result is (end of file only shown):
^@[^@i^@r^@i^@x^@]^@
^@l^@o^@g^@:^@/^@v^@a^@r^@/^@a^@d^@m^@/^@S^@Y^@S^@L^@O^@G^@:^@1^@0^@2^@4^@0^@0^@0^@
^@
^@[^@d^@a^@r^@w^@i^@n^@]^@
^@l^@o^@g^@:^@/^@v^@a^@r^@/^@l^@o^@g^@/^@s^@y^@s^@t^@e^@m^@.^@l^@o^@g^@:^@1^@0^@2^@4^@0^@0^@0^@ <mailto:%5e at l%5e at o%5e at g%5e@:%5e@/%5e at v%5e at a%5e at r%5e@/%5e at l%5e at o%5e at g%5e@/%5e at s%5e at y%5e at s%5e at t%5e at e%5e at m%5e at .%5e at l%5e at o%5e at g%5e@:%5e at 1%5e at 0%5e at 2%5e at 4%5e at 0%5e at 0%5e at 0%5e@>
^@
^@[^@s^@c^@o^@_^@s^@v^@]^@
^@l^@o^@g^@:^@/^@v^@a^@r^@/^@a^@d^@m^@/^@s^@y^@s^@l^@o^@g^@:^@1^@0^@2^@4^@0^@0^@0^@
^@
^@[^@p^@o^@w^@e^@r^@s^@h^@e^@l^@l^@]^@
^@c^@l^@i^@e^@n^@t^@v^@e^@r^@s^@i^@o^@n^@:^@2^@.^@0^@4^@:^@h^@t^@t^@p^@:^@/^@/^@b^@e^@n^@m^@o^@n^@1^@p^@.^@s^@c^@a^@d^@a^@.^@h^@o^@r^@i^@z^@o^@n^@p^@o^@w^@e^@r^@.^@c^@o^@m^@.^@a^@u^@/^@p^@u^@b^@/^@ <mailto:%5e at c%5e at l%5e at i%5e at e%5e at n%5e at t%5e at v%5e at e%5e at r%5e at s%5e at i%5e at o%5e at n%5e@:%5e at 2%5e at .%5e at 0%5e at 4%5e@:%5e at h%5e at t%5e at t%5e at p%5e@:%5e@/%5e@/%5e at b%5e at e%5e at n%5e at m%5e at o%5e at n%5e at 1%5e at p%5e at .%5e at s%5e at c%5e at a%5e at d%5e at a%5e at .%5e at h%5e at o%5e at r%5e at i%5e at z%5e at o%5e at n%5e at p%5e at o%5e at w%5e at e%5e at r%5e at .%5e at c%5e at o%5e at m%5e at .%5e at a%5e at u%5e@/%5e at p%5e at u%5e at b%5e@/%5e@>
^@a^@d^@r^@e^@p^@l^@i^@c^@a^@t^@o^@n^@c^@h^@e^@c^@k^@
^@^M^@
^@
Every character appears to be preceded by a ^@.
Weird
CC
On Tue, Dec 15, 2015 at 9:45 PM, <user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid> > wrote:
Hi
The key part is this:
2015-12-15 20:06:59 Main and optional tests finished.
2015-12-15 20:06:59 Sending to server
2015-12-15 20:06:59 Connecting to host xxx.xx.106.11
2015-12-15 20:06:59 Sent 104860 bytes to server
2015-12-15 20:07:00 Received 309 bytes from server
2015-12-15 20:07:00 RepeatTests: nothing to do!
2015-12-15 20:07:00 Using new remote config, saving locally
2015-12-15 20:07:00 eventlog:security ignore success ignore Success ignore "The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer" eventlog:system ignore "Contact the administrator to install the driver before you log in again" tssessions adreplicaton
2015-12-15 20:07:00 Found a command: eventlog:security
2015-12-15 20:07:00 Found a command: eventlog:system
2015-12-15 20:07:00 Received 309 bytes from server
This is the client local config received from the server: 309 bytes.
eventlog:security ignore success ignore Success ignore "The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer" eventlog:system ignore "Contact the administrator to install the driver before you log in again" tssessions adreplicaton
This happens to be 309 bytes +/- 1, so this appears to match what Xymon is sending you (differences will be carriage returns).
I would think there must be a section on the server end that is sending this - maybe you have more than one client-local.cfg?
Sorry, I'm not familiar with the redhat layout, is /etc/xymon/client-local.cfg the correct location? The manpage (https://www.xymon.com/help/manpages/man5/client-local.cfg.5.html) says ~xymon/server/etc/client-local.cfg.
Zak Beck
-----Original Message-----
From: Colin Coe [mailto:user-5b250cd7a540@xymon.invalid <mailto:user-5b250cd7a540@xymon.invalid> ]
Sent: 15 December 2015 12:11
To: Beck, Zak <user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid> >
Cc: Brandon Dale <user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >; xymon at xymon.com <mailto:xymon at xymon.com>
Subject: Re: [Xymon] clientconfig.cfg not getting updated
The log file has:
---
benadm02 - : xymonclient.ps1 2.04 2015-12-02 user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid>
2015-12-15 20:06:57 UTC date/time: 2015-12-15 12:06:57
2015-12-15 20:06:57 This is collection number 12, loop count 1
2015-12-15 20:06:57 Next 'slow scan' is when loopcount reaches 5
2015-12-15 20:06:57 Executing XymonCollectInfo
2015-12-15 20:06:57 CleanXymonProcsCpu start
2015-12-15 20:06:57 DEBUG: cached process ids: 0, 4, 160, 224, 532, 536, 596, 604, 632, 684, 696, 704, 728, 760, 788, 892, 908, 916, 940, 964, 972, 1008, 1112, 1124, 1260, 1280, 1304, 1324, 1392, 1412, 1444, 1456, 1504, 1560, 1576, 1616, 1624, 1660, 1676, 1692, 1728, 1736, 1756, 1956, 2116, 2136, 2168, 2180, 2400, 2416, 2424, 2484, 2500, 2580, 2668, 2720, 2724, 2796, 2812, 2852, 2924, 2996, 3092, 3216, 3268, 3372, 3440, 3452, 3532, 3604, 3736, 3740, 3784, 3788, 3816, 3944, 3976, 3980, 3984, 3988, 4072, 4136, 4180, 4200, 4388, 4396, 4404, 4456, 4472, 4632, 4640, 4848, 4960, 4968, 4984, 5276, 5336, 5384, 5460, 5492, 5952, 5964, 6136, 6212, 6256, 6284, 6400, 6428, 6640, 6680, 6696, 6716, 6768, 6832, 6968, 7128, 7144, 7236, 7360, 7368, 7372, 7620, 7876, 7892, 7924, 7928, 8132, 8188, 8308, 8404, 8424, 8452, 8468, 8472, 8528, 8540, 8580, 8752, 8880, 8896, 8968, 9016, 9048, 9112, 9132, 9136, 9448, 9472, 9576, 9768, 9796, 9812, 9864, 9924, 10020, 10132
2015-12-15 20:06:57 CleanXymonProcsCpu finished.
2015-12-15 20:06:57 XymonCollectInfo: Process info
2015-12-15 20:06:57 XymonCollectInfo: calling XymonProcsCPUUtilisation
2015-12-15 20:06:57 New process 9544 detected: GoogleUpdate
2015-12-15 20:06:57 New process 9672 detected: GoogleUpdate
2015-12-15 20:06:57 XymonCollectInfo: CPU info (WMI)
2015-12-15 20:06:58 Found 1 CPUs, total of 1 cores
2015-12-15 20:06:58 XymonCollectInfo: OS info (including memory) (WMI)
2015-12-15 20:06:58 XymonCollectInfo: Service info (WMI)
2015-12-15 20:06:58 XymonCollectInfo: Disk info
2015-12-15 20:06:58 XymonCollectInfo: Building table of service processes (uses WMI data)
2015-12-15 20:06:58 XymonCollectInfo: Date processing (uses WMI data)
2015-12-15 20:06:58 XymonCollectInfo: Adding CPU usage etc to main process data
2015-12-15 20:06:58 XymonProcesses start
2015-12-15 20:06:59 XymonProcesses finished.
2015-12-15 20:06:59 XymonCollectInfo: calling UserSessionCount
2015-12-15 20:06:59 XymonCollectInfo finished
2015-12-15 20:06:59 Performing main and optional tests and building output...
2015-12-15 20:06:59 XymonCpu start
2015-12-15 20:06:59 XymonCpu finished.
2015-12-15 20:06:59 XymonDisk start
2015-12-15 20:06:59 XymonDisk finished.
2015-12-15 20:06:59 XymonMemory start
2015-12-15 20:06:59 XymonMemory finished.
2015-12-15 20:06:59 Event Log processing - max payload: 1024 - wanted
logs: Application System Security
2015-12-15 20:06:59 Event log Application adding to payload
2015-12-15 20:06:59 Processing event log Application
2015-12-15 20:06:59 Log filter <QueryList>
<Query Id="0" Path="Application">
<Select
Path="Application">*[System[TimeCreated[timediff(@SystemTime) <= 3600000] and (Level=1 or Level=3 or Level=2 or Level=4 or Level=0 or Level=5)]]</Select>
</Query>
</QueryList>
2015-12-15 20:06:59 Setting thread/UI culture to en-US
2015-12-15 20:06:59 Resetting thread/UI culture to previous: en-AU / en-US
2015-12-15 20:06:59 Event log Application entries since last scan: 16
2015-12-15 20:06:59 Event log Security adding to payload
2015-12-15 20:06:59 Event log System adding to payload
2015-12-15 20:06:59 Event log processing finished
2015-12-15 20:06:59 XymonProcs start
2015-12-15 20:06:59 XymonProcs finished.
2015-12-15 20:06:59 XymonNetstat start
2015-12-15 20:06:59 XymonNetstat finished.
2015-12-15 20:06:59 XymonPorts start
2015-12-15 20:06:59 XymonPorts finished.
2015-12-15 20:06:59 XymonIpconfig start
2015-12-15 20:06:59 XymonIpconfig finished.
2015-12-15 20:06:59 XymonRoute start
2015-12-15 20:06:59 XymonRoute finished.
2015-12-15 20:06:59 XymonIfstat start
2015-12-15 20:06:59 wanted address families: InterNetwork
2015-12-15 20:06:59 XymonIfstat finished.
2015-12-15 20:06:59 XymonSvcs start
2015-12-15 20:06:59 XymonSvcs finished.
2015-12-15 20:06:59 XymonWho start
2015-12-15 20:06:59 XymonWho finished.
2015-12-15 20:06:59 XymonUsers start
2015-12-15 20:06:59 XymonUsers finished.
2015-12-15 20:06:59 Executing XymonServiceCheck
2015-12-15 20:06:59 Executing XymonDirSize
2015-12-15 20:06:59 Executing XymonDirTime
2015-12-15 20:06:59 Executing XymonTerminalServicesSessionsCheck
2015-12-15 20:06:59 Executing XymonActiveDirectoryReplicationCheck
2015-12-15 20:06:59 Executing XymonProcessRuntimeCheck
2015-12-15 20:06:59 XymonProcessRuntimeCheck finished
2015-12-15 20:06:59 Main and optional tests finished.
2015-12-15 20:06:59 Sending to server
2015-12-15 20:06:59 Connecting to host xxx.xx.106.11
2015-12-15 20:06:59 Sent 104860 bytes to server
2015-12-15 20:07:00 Received 309 bytes from server
2015-12-15 20:07:00 RepeatTests: nothing to do!
2015-12-15 20:07:00 Using new remote config, saving locally
2015-12-15 20:07:00 eventlog:security ignore success ignore Success ignore "The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer" eventlog:system ignore "Contact the administrator to install the driver before you log in again" tssessions adreplicaton
2015-12-15 20:07:00 Found a command: eventlog:security
2015-12-15 20:07:00 Found a command: eventlog:system
2015-12-15 20:07:00 Cached config now contains:
2015-12-15 20:07:00 eventlog:system, eventlog:security
2015-12-15 20:07:00 Delaying until next run: 297.36133 seconds
---
On Tue, Dec 15, 2015 at 8:00 PM, <user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid> > wrote:Hi
By default, XymonSend creates log entries like the following:
2015-12-15 11:55:11 Main and optional tests finished.
2015-12-15 11:55:11 Sending to server
2015-12-15 11:55:11 Connecting to host xxx.xxx.xxx.xxx
2015-12-15 11:55:11 Sent 67442 bytes to server
2015-12-15 11:55:12 Received 1555 bytes from server
2015-12-15 11:55:12 RepeatTests: nothing to do!
You may have more than one call to XymonSend depending on the tests specified, the one that fetches the client local config is the call directly after "Main and optional tests finished."
You can see in the example above, we received 1555 bytes from the server. This is the client local config. Are you getting 0 back from all your calls to the server?
Zak Beck
-----Original Message-----
From: Colin Coe [mailto:user-5b250cd7a540@xymon.invalid <mailto:user-5b250cd7a540@xymon.invalid> ]
Sent: 15 December 2015 11:29
To: Beck, Zak <user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid> >
Cc: Brandon Dale <user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >; xymon at xymon.com <mailto:xymon at xymon.com>
Subject: Re: [Xymon] clientconfig.cfg not getting updated
HI all
Yep, tried single server with the same result. I've confirmed that the client-local.cfg file is the same on both servers.
When I add debugging in "function XymonClientConfig($cfglines)", I see that $cfglines only contains what was already in the file. I think the problem is that the client is not successfully downloading client-local.cfg from the server.
Thanks
On Tue, Dec 15, 2015 at 4:57 PM, <user-aada0fa38bf8@xymon.invalid <mailto:user-aada0fa38bf8@xymon.invalid> > wrote:
Hi
Your syntax for tssessions and adreplicaton is incorrect, but I would
not expect this to stop the file updating.
tssessions should be tssessions:<yellow>:<red> where <yellow> and
<red> are the numbers of sessions free below which you will get the
appropriate alert, e.g. tssessions:10:2
adreplicaton should be adreplicationcheck.
As you have two servers, is the config for client-local.cfg the same
on both – I think we just take the last one connected to.
You could try it with just one server and see what happens.
Zak Beck
From: Xymon [mailto:xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com> ] On Behalf Of Colin Coe
Sent: 15 December 2015 07:17
To: Brandon Dale <user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >
Cc: xymon at xymon.com <mailto:xymon at xymon.com>
Subject: Re: [Xymon] clientconfig.cfg not getting updated
Yep, did this but forgot to include it in the list of things tried.
On Tue, Dec 15, 2015 at 3:15 PM, Brandon Dale
<user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >
wrote:
Might be this <servers>xxx.xx.106.11 xxx.xx.176.11</servers> then
I know you can have more than 1 server here but I don’t know the
syntax just double check this, maybe try with just a single server listed here.
Regards,
Brandon.
From: Colin Coe [mailto:user-5b250cd7a540@xymon.invalid <mailto:user-5b250cd7a540@xymon.invalid> ]
Sent: Tuesday, 15 December 2015 6:04 PM
To: Brandon Dale <user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >
Cc: xymon at xymon.com <mailto:xymon at xymon.com>
Subject: Re: [Xymon] clientconfig.cfg not getting updated
OK, by adding heaps of debug "WriteLog"s, I believe I've found the problem.
Version 2.04 of the script.
2474 function XymonClientConfig($cfglines)
2475 {
2476 if ($cfglines -eq $null -or $cfglines -eq "") { return }
2477 WriteLog "DEBUG - " + $cfglines
The above prints "DEBUG - " and nothing more, which tells me that it
is not successfully talking to the server.
The XymonSend function worked though...
On Tue, Dec 15, 2015 at 2:47 PM, Colin Coe <user-5b250cd7a540@xymon.invalid <mailto:user-5b250cd7a540@xymon.invalid> > wrote:
HI Brandon
I appreciate your help with this.
The log file (c:\xymonclient.log) is being written to and I can see
"Using new remote config, saving locally" however the
clientconfig.cfg while the files time stamp updates, the content
doesn't change. I ended up putting that section of code in a try
catch block but no error was generated.
Doing the XymonSend resulted in the whole file being downloaded being
downloaded from the Xymon server.
I've done the Windows equiv of chmod 777 on the client-local.cfg to
run out permission problems.
It looks
On Tue, Dec 15, 2015 at 1:12 PM, Brandon Dale
<user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >
wrote:It should be writing a log file when it runs c:\xymonclient.log, do
you see that log file being written, does it contain any errors?
And in xymon are you seeing any of the data make it to your xymon
server, you should see all the data in the clientlog column.
One thing I have done in the past when having issues is use
xymonsend from
http://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/xy
m
onsend.ps1 to confirm I can talk to the xymon server. You can dot
source this into powershell and run something like
XymonSend "config client-local.cfg" "xymonservername" >
c:\temp\client-local.cfg
At least then you can see if you can actually pull down the files on
that server or not.
Regards,
Brandon
-----Original Message-----
From: Colin Coe [mailto:user-5b250cd7a540@xymon.invalid <mailto:user-5b250cd7a540@xymon.invalid> ]
Sent: Tuesday, 15 December 2015 12:59 PM
To: Brandon Dale
Cc: xymon at xymon.com <mailto:xymon at xymon.com>
Subject: Re: [Xymon] clientconfig.cfg not getting updated
Hi Brandon
Thanks for the reply.
Yep, read through the doco a couple of times now trying to get this
working.
1. Yep, c:\program files\xymon\xymonclient_config.xml exists (and
xymonclient.ps1 is in this directory) and contains:
---
<XymonSettings>
<servers>xxx.xx.106.11 xxx.xx.176.11</servers>
<clientlogfile>c:\xymonclient.log</clientlogfile>
<clientconfigfile>c:\program
files\xymon\clientconfig.cfg</clientconfigfile>
<clientfqdn>0</clientfqdn>
<clientlower>1</clientlower>
<clientremotecfgexec>1</clientremotecfgexec>
</XymonSettings>
---
2. On the server (RHEL6.7, Teribithia RPM 4.3.24),
/etc/xymon/client-local.cfg contains:
---
[powershell]
clientversion:2.04:http://http.url.to.file/pub/
tssessions
adreplicaton
---
I've changed "[os=powershell]" to just "[powershell]" and removed
all but the above (for the powershell client)
3. I've stopped/started the powershell client and waited for a while
with no joy.
I've confirmed that the clients can manually download the file.
Not sure what I'm missing here...
Thanks
On Mon, Dec 14, 2015 at 12:30 PM, Brandon Dale
<user-bf8ff8e1cedb@xymon.invalid <mailto:user-bf8ff8e1cedb@xymon.invalid> >
wrote:
If you haven't already I would read through
http://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/X
y
monPSClient.doc
it's pretty decent documentation.
Try double checking this stuff:
1. Make sure you have copied the .xml file that contains the
configuration for the client to the local machine into the same
directory where the xymonclient.ps1 script lives
http://sourceforge.net/p/xymon/code/HEAD/tree/sandbox/WinPSClient/x
y mo nclient_config.xml and that this contains a path for the
client-local.cfg file and has clientremotecfgexec set to 1 (this is
already done by default in the .xml file in that link)
2. Put your settings into the client-local.cfg file on your xymon
server, I have put an example below, the valid commands are listed
in XymonPSClient.doc
[powershell]
eventlogswanted:*:250000:warning,critical,error
ifstat:ipv4
clientversion:2.04:\\somepath\goes\here
3. Wait for or manually run the PowerShell client (by restarting
the XymonPSClient Service in windows), you need to do this at least
twice as the first time you run it, it will get the commands you
have in your client-local.cfg file on your xymon server and write
them to the clientconfig.cfg (or whatever you called it in the .xml
file) the second time it runs it will start reading it.
Note: make sure you read the documentation for the eventlog ignore
rules, the syntax is different. You can still use the IGNORE
PATTERN but the way you select which eventlogs to check has changed
in the powershell client compared to bbwin.
Personally I ignore eventlogs in the analysis.cfg on the xymon
server rather the in client-local.cfg as you can use regex to match
on eventid + Source rather than just the description.
Regards,
Brandon
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com> ] On Behalf Of Colin Coe
Sent: Monday, 14 December 2015 2:48 PM
To: xymon at xymon.com <mailto:xymon at xymon.com>
Subject: [Xymon] clientconfig.cfg not getting updated
Hi all
I'm noticing that the Windows Powershell Xymon client isn't being
updated to reflect changes in client-local.cfg. I had thought that
changes on the Xymon server to client-local.cfg would result in
changes on the Windows clients. Am I wrong here, and if so, what's
the correct way to get these changes propagated out?
I'm wanting the following to be pushed out to the clients:
---
tail -n 2 /etc/xymon/client-local.cfg [os=powershell]
clientversion:2.04:http://benmon1p.scada.horizonpower.com.au/pub/
---
clientlocal.cfg contains:
---
eventlog:security
ignore success
ignore Success
ignore "The local computer may not have the necessary registry
information or message DLL files to display messages from a remote computer"
eventlog:system
ignore "Contact the administrator to install the driver before you
log in again"
tssessions
adreplicaton
---
Thanks
CC