powershell client data file excessive Port info enhancement request
list Timothy Williams
We are in the process of migrating 300+ servers from BBWin client to
powershell client. All works well, except our anti-virus servers create a
huge data file that gets truncated, causing FILES, SVCS, WHO to go Purple.
We have set the MAXMSG_STATUS AND MAXMSG_CLIENT Xymon server parameters to
1024, but the AV servers still blow past that. The PORTS function reports
all of the TCP ESTABLISHED and TIME_WAIT connections for every AV client on
servers and desktops. We only need to know that the AV server is proper
LISTENING. Using Slimmode and excluding the Ports section doesn't work as
we do need to know the listening ports.
I have modified the Xymonclient.ps1 script as follows to limit the data in
the function XymonPorts
"[ports]" netstat -an
to:
"[ports]"
netstat -an | findstr LISTENING
Rather than manually editing each new version of script released, I would
rather have a client-local.cfg entry that would turn this on per group
similar to what you have for IFSTAT. Less desirable would be a statement in
Xymonclient_config.XML, or as a mode in Slimmode.
Does this sound like a doable enhancement?
*Timothy L. Williams*
*Operating Systems Analyst*
Virginia Commonwealth University Computer Center
list Zak Beck
Hi Yes, sounds very feasible and worthwhile. I’ll look to add this in the next week or two. Thanks Zak
▸
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Timothy Williams
Sent: Monday, 6 August 2018 15:56
To: xymon at xymon.com
Subject: [External] [Xymon] powershell client data file excessive Port info enhancement request
We are in the process of migrating 300+ servers from BBWin client to powershell client. All works well, except our anti-virus servers create a huge data file that gets truncated, causing FILES, SVCS, WHO to go Purple. We have set the MAXMSG_STATUS AND MAXMSG_CLIENT Xymon server parameters to 1024, but the AV servers still blow past that. The PORTS function reports all of the TCP ESTABLISHED and TIME_WAIT connections for every AV client on servers and desktops. We only need to know that the AV server is proper LISTENING. Using Slimmode and excluding the Ports section doesn't work as we do need to know the listening ports.
I have modified the Xymonclient.ps1 script as follows to limit the data in the function XymonPorts
"[ports]" netstat -an
to:
"[ports]"
netstat -an | findstr LISTENING
Rather than manually editing each new version of script released, I would rather have a client-local.cfg entry that would turn this on per group similar to what you have for IFSTAT. Less desirable would be a statement in Xymonclient_config.XML, or as a mode in Slimmode.
Does this sound like a doable enhancement?
Timothy L. Williams
Operating Systems Analyst
Virginia Commonwealth University Computer Center
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Timothy Williams
Great, thanks!
For now, this is what I added to xymonclient.ps1
in the function XymonClientConfig($cfglines) [and have a corresponding
entry "netstat_listening" in clientconfig.cfg]
-or $l -match '^netstat_listening' `
and in the function XymonPorts
if ($script:clientlocalcfg_entries.ContainsKey('netstat_listening'))
{
"[ports]"
netstat -an | findstr LISTENING}
Else{
"[ports]"
netstat -an }
WriteLog "XymonPorts finished."
}
Also, we recently had a CRAC unit go down in a remote location. On the
server team, we were able to see temperature warnings on the Linux boxes,
but Windows is silent on this. Any thoughts on how to monitor salient
temperatures in Windows? (CPU, mainboard, fans, etc?)
*Timothy L. Williams*
*Operating Systems Analyst*
Virginia Commonwealth University Computer Center
XXX East Main St. STE XXXX Richmond VA XXXXX
*XXX-XXX-XXXX <(804)%20828-0556>*
*"Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit **http://phishing.vcu.edu/* <http://phishing.vcu.edu/>*.* *"*
▸
On Mon, Aug 13, 2018 at 7:43 AM Beck, Zak <user-aada0fa38bf8@xymon.invalid> wrote:
Hi
Yes, sounds very feasible and worthwhile. I’ll look to add this in the
next week or two.
Thanks
Zak
*From:* Xymon <xymon-bounces at xymon.com> *On Behalf Of *Timothy Williams
*Sent:* Monday, 6 August 2018 15:56
*To:* xymon at xymon.com
*Subject:* [External] [Xymon] powershell client data file excessive Port
info enhancement request
We are in the process of migrating 300+ servers from BBWin client to
powershell client. All works well, except our anti-virus servers create a
huge data file that gets truncated, causing FILES, SVCS, WHO to go Purple.
We have set the MAXMSG_STATUS AND MAXMSG_CLIENT Xymon server parameters to
1024, but the AV servers still blow past that. The PORTS function reports
all of the TCP ESTABLISHED and TIME_WAIT connections for every AV client
on servers and desktops. We only need to know that the AV server is proper
LISTENING. Using Slimmode and excluding the Ports section doesn't work as
we do need to know the listening ports.
I have modified the Xymonclient.ps1 script as follows to limit the data in
the function XymonPorts
"[ports]" netstat -an
to:
"[ports]"
netstat -an | findstr LISTENING
Rather than manually editing each new version of script released, I would
rather have a client-local.cfg entry that would turn this on per group
similar to what you have for IFSTAT. Less desirable would be a statement in
Xymonclient_config.XML, or as a mode in Slimmode.
Does this sound like a doable enhancement?
*Timothy L. Williams*
*Operating Systems Analyst*
Virginia Commonwealth University Computer Center
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise confidential information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the e-mail by you is prohibited. Where allowed
by local law, electronic communications with Accenture and its affiliates,
including e-mail and instant messaging (including content), may be scanned
by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy. Your privacy is important to us.
Accenture uses your personal data only in compliance with data protection
laws. For further information on how Accenture processes your personal
data, please see our privacy statement at
https://www.accenture.com/us-en/privacy-policy.
www.accenture.com
list Phil Crooker
A number of servers (HP, IBM, Dell) have temperature monitors which may use SNMP, or may have management software you could install on the windows OS. Switches, air conditioners, etc often have temperature sensors. The sensor may be monitoring internal temp but if that is the only option, you could just change the thresholds, so if the ambient temp is say 20 (celsius) and internal is 33, you could trigger alerts on the internal temp over 40. Another option is a USB thermometer - haven't used it myself but may work. hope that helps...
▸
From: Xymon <xymon-bounces at xymon.com> on behalf of Timothy Williams <user-1a5482fb085e@xymon.invalid>
Sent: Thursday, August 30, 2018 1:55:11 AM
To: user-aada0fa38bf8@xymon.invalid
Cc: xymon at xymon.com
Subject: Re: [Xymon] [External] powershell client data file excessive Port info enhancement request
Great, thanks!
For now, this is what I added to xymonclient.ps1
in the function XymonClientConfig($cfglines) [and have a corresponding entry "netstat_listening" in clientconfig.cfg]
-or $l -match '^netstat_listening' `
and in the function XymonPorts
if ($script:clientlocalcfg_entries.ContainsKey('netstat_listening'))
{
"[ports]"
netstat -an | findstr LISTENING}
Else{
"[ports]"
netstat -an }
WriteLog "XymonPorts finished."
}
Also, we recently had a CRAC unit go down in a remote location. On the server team, we were able to see temperature warnings on the Linux boxes, but Windows is silent on this. Any thoughts on how to monitor salient temperatures in Windows? (CPU, mainboard, fans, etc?)
Timothy L. Williams
Operating Systems Analyst
Virginia Commonwealth University Computer Center
XXX East Main St. STE XXXX Richmond VA XXXXXXXX-XXX-XXXX<tel:(804)%20828-0556> [https://docs.google.com/uc?export=download&id=0B2qQ4YudApjzSEtfOGhrMXdLcU0&revid=0B2qQ4YudApjzMnZncGl3bm4yT1E2dkxnZEFzazRvN1dWbFVRPQ] "Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://phishing.vcu.edu/<http://phishing.vcu.edu/>;. "
▸
On Mon, Aug 13, 2018 at 7:43 AM Beck, Zak <user-aada0fa38bf8@xymon.invalid<mailto:user-aada0fa38bf8@xymon.invalid>> wrote:
Hi
Yes, sounds very feasible and worthwhile. I’ll look to add this in the next week or two.
Thanks
Zak
From: Xymon <xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> On Behalf Of Timothy Williams
Sent: Monday, 6 August 2018 15:56
To: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: [External] [Xymon] powershell client data file excessive Port info enhancement request
We are in the process of migrating 300+ servers from BBWin client to powershell client. All works well, except our anti-virus servers create a huge data file that gets truncated, causing FILES, SVCS, WHO to go Purple. We have set the MAXMSG_STATUS AND MAXMSG_CLIENT Xymon server parameters to 1024, but the AV servers still blow past that. The PORTS function reports all of the TCP ESTABLISHED and TIME_WAIT connections for every AV client on servers and desktops. We only need to know that the AV server is proper LISTENING. Using Slimmode and excluding the Ports section doesn't work as we do need to know the listening ports.
I have modified the Xymonclient.ps1 script as follows to limit the data in the function XymonPorts
"[ports]" netstat -an
to:
"[ports]"
netstat -an | findstr LISTENING
Rather than manually editing each new version of script released, I would rather have a client-local.cfg entry that would turn this on per group similar to what you have for IFSTAT. Less desirable would be a statement in Xymonclient_config.XML, or as a mode in Slimmode.
Does this sound like a doable enhancement?
Timothy L. Williams
Operating Systems Analyst
Virginia Commonwealth University Computer Center
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy<https://www.accenture.com/us-en/privacy-policy>;. www.accenture.com<http://www.accenture.com>;