Hello,
I'm finding that on occasion Xymon issues false positives for PORTS or
PROCS.
On closer inspection, it's possible to identify in those alerts that the
recorded client data is correct, containing the netstat and ps listings
with the expected ports and processes.
However, Xymon will still alert. When this happens, it will happen for a
bunch of hosts at the same time. There's no specific pattern. It's not very
frequent (maybe twice a week), but enough to be annoying, as it can affect
a few dozens of hosts.
Given that the client data seems complete, it doesn't seem to be a buffer
issue (at least not a configurable one), so I'm at a loss at what may be
the issue here. Also, there's been no version change, (still) running
4.3.27, or any other major change to the system (it's a CentOS 7 VM).
I welcome any hints/speculations about what could be causing this!
Thanks everyone.