Xymon Mailing List Archive search

Test page and alert message might specify different / wrong colour

1 message in this thread

list Wim Nelis · Sat, 23 Apr 2022 20:55:45 +0200 ·

Hello,

Using xymon 4.3.28 ( on a Raspberry Pi 3B running Raspbian GNU/Linux 10 (buster) (32 bit) ) file /var/log/syslog is scanned for various error messages. The syslog is checked on two Raspberry Pi 0W devices, called rpi01 and rpi02, which both run the aforementioned version of Raspbian (raspberry OS) too. On rpi01 and rpi02 a proxy xymon is running, which forward all messages to the xymon server at the Raspberry Pi 3B, called rpi30.

The relevant part of analysis.cfg on hosts rpi01 and rpi02 is:

HOST=*
    PROC   /usr/sbin/sshd 1 1
    LOG    /var/log/syslog %(?-i)Under-voltage
    LOG    /var/log/syslog %disabled\sby\shub\.+re-enabling
    LOG    /var/log/syslog %wlan0:\scarrier\slost EXTIME=*:0650:0745
    LOG    /var/log/syslog %wlan0:\scarrier\sacquired EXTIME=*:0650:0745 COLOR=yellow

The associated part of analysis.cfg on host rpi30 is:

HOST=rpi01
    PROC    /usr/sbin/sshd 1
    LOG    /var/log/syslog %(?-i)Under-voltage
    LOG    /var/log/syslog %I\/O\serror
    LOG    /var/log/syslog %EXT4-fs\serror
    LOG    /var/log/syslog %disabled\sby\shub\.+re-enabling
    LOG    /var/log/syslog %wlan0:\scarrier\slost EXTIME=*:0650:0745
    LOG    /var/log/syslog %wlan0:\scarrier\sacquired COLOR=yellow EXTIME=*:0650:0745

HOST=rpi02
    PROC    /usr/sbin/sshd 1
    LOG    /var/log/syslog %(?-i)Under-voltage
    LOG    /var/log/syslog %I\/O\serror
    LOG    /var/log/syslog %EXT4-fs\serror
    LOG    /var/log/syslog %disabled\sby\shub\.+re-enabling
    LOG    /var/log/syslog %wlan0:\scarrier\slost EXTIME=*:0650:0745
    LOG    /var/log/syslog %wlan0:\scarrier\sacquired COLOR=yellow EXTIME=*:0650:0745

The alerts resulting from this configuration are all sent by e-mail, which contain the content of variable BBALPHAMSG at the time the script to sent the e-mail is invoked.


The problem seems to be twofold. (A) The 'carrier acquired' message is sometimes displayed with a red status indicator, but once entered in the history, and viewed via the history page, this problem is gone. (B) the page of test 'msgs' might show something different from BBALPHAMSG.


An example of the error (B) is found at host rpi01. The relevant part of the HTML source of the page showing test msgs, taken from the history page, is:


Mon Apr 18 19:08:38 CEST 2022 - System logs NOT ok




Critical entries in /var/log/syslog


         Apr 18 19:08:39 rpi01 dhcpcd[413]:

        wlan0: carrier lost


         Apr 18 19:08:40 rpi01

        dhcpcd[413]: wlan0: carrier acquired

Full log /var/log/syslog


        Apr 18 18:53:31 rpi01 rngd[269]: stats: bits received from HRNG

        source: 28360064


        Apr 18 18:53:31 rpi01 rngd[269]: stats: bits sent to kernel

        pool: 28299456


        Apr 18 18:53:31 rpi01 rngd[269]: stats: entropy added to kernel

        pool: 28299456

The associated message in the e-mail contains:

rpi01:msgs red [56896]
red Mon Apr 18 19:08:38 CEST 2022 - System logs NOT ok

&red Critical entries in /var/log/syslog
&red Apr 18 19:08:39 rpi01 dhcpcd[413]: wlan0: carrier lost
&red Apr 18 19:08:40 rpi01 dhcpcd[413]: wlan0: carrier acquired

Full log /var/log/syslog
Apr 18 18:53:31 rpi01 rngd[269]: stats: bits received from HRNG source: 28360064
Apr 18 18:53:31 rpi01 rngd[269]: stats: bits sent to kernel pool: 28299456
Apr 18 18:53:31 rpi01 rngd[269]: stats: entropy added to kernel pool: 28299456

Thus BBALPHAMSG shows the wrong status (colour) for the line 'wlan0: carrier acquired'.


This problem is not always reproducible, as shown by the following example at host rpi02. The relevant part of the HTML source of the page showing test msgs, taken from the history page, is:

<CENTER><TABLE ALIGN=CENTER BORDER=0 SUMMARY="Detail Status">

<TR><TD ALIGN=LEFT><H3> Mon Apr 18 19:11:29 CEST 2022 - System logs NOT okH3>

<PRE>



<IMG SRC="/xymon/gifs/static/red.gif" ALT="red" HEIGHT="16" WIDTH="16" BORDER=0> Critical entries in <a href="/cgi-bin/svcstatus.sh?CLIENT=rpi02&amp;SECTION=msgs:/var/log/syslog">/var/log/sysloga>

<IMG SRC="/xymon/gifs/static/red.gif" ALT="red" HEIGHT="16" WIDTH="16" BORDER=0> Apr 18 19:08:41 rpi02 dhcpcd[395]: wlan0: carrier lost

<IMG SRC="/xymon/gifs/static/yellow.gif" ALT="yellow" HEIGHT="16" WIDTH="16" BORDER=0> Apr 18 19:08:42 rpi02 dhcpcd[395]: wlan0: carrier acquired





Full log <a href="/cgi-bin/svcstatus.sh?CLIENT=rpi02&amp;SECTION=msgs:/var/log/syslog">/var/log/sysloga>

Apr 18 18:45:23 rpi02 rngd[273]: stats: bits received from HRNG source: 28700064

Apr 18 18:45:23 rpi02 rngd[273]: stats: bits sent to kernel pool: 28653824

Apr 18 18:45:23 rpi02 rngd[273]: stats: entropy added to kernel pool: 28653824

The associated message in the e-mail contains:

rpi02:msgs red [574766]

red Mon Apr 18 19:11:29 CEST 2022 - System logs NOT ok



&red Critical entries in /var/log/syslog

&red Apr 18 19:08:41 rpi02 dhcpcd[395]: wlan0: carrier lost

&yellow Apr 18 19:08:42 rpi02 dhcpcd[395]: wlan0: carrier acquired





Full log /var/log/syslog

Apr 18 18:45:23 rpi02 rngd[273]: stats: bits received from HRNG source: 28700064

Apr 18 18:45:23 rpi02 rngd[273]: stats: bits sent to kernel pool: 28653824

Apr 18 18:45:23 rpi02 rngd[273]: stats: entropy added to kernel pool: 28653824

In this case the two reports on the same alert show the same status information.


The following extractions of messages show both problems. The first extraction is taken from the message as displayed on website a few minutes after detection of the error condition:

Sat Apr 23 19:10:09 CEST 2022 - System logs NOT ok




Critical entries in /var/log/syslog


         Apr 23 19:07:12 rpi01 dhcpcd[413]:

        wlan0: carrier lost


         Apr 23 19:07:12 rpi01 dhcpcd[413]:

        wlan0: carrier acquired

Full log /var/log/syslog


        Apr 23 18:53:32 rpi01 rngd[269]: stats: bits received from HRNG

        source: 31960064


        Apr 23 18:53:32 rpi01 rngd[269]: stats: bits sent to kernel

        pool: 31895872


        Apr 23 18:53:32 rpi01 rngd[269]: stats: entropy added to kernel

        pool: 31895872


        Apr 23 18:53:32 rpi01 rngd[269]: stats: FIPS 140-2 successes:

        1597

The corresponding alert via e-mail contains:

rpi01:msgs red [515388]
red Sat Apr 23 19:10:09 CEST 2022 - System logs NOT ok

&red Critical entries in /var/log/syslog
&red Apr 23 19:07:12 rpi01 dhcpcd[413]: wlan0: carrier lost
&yellow Apr 23 19:07:12 rpi01 dhcpcd[413]: wlan0: carrier acquired

Full log /var/log/syslog
Apr 23 18:53:32 rpi01 rngd[269]: stats: bits received from HRNG source: 31960064
Apr 23 18:53:32 rpi01 rngd[269]: stats: bits sent to kernel pool: 31895872
Apr 23 18:53:32 rpi01 rngd[269]: stats: entropy added to kernel pool: 31895872
Apr 23 18:53:32 rpi01 rngd[269]: stats: FIPS 140-2 successes: 1597

The same message retrieved some time later from the historical status:

Sat Apr 23 19:10:09 CEST 2022 - System logs NOT ok




Critical entries in /var/log/syslog


         Apr 23 19:07:12 rpi01 dhcpcd[413]:

        wlan0: carrier lost


         Apr 23 19:07:12 rpi01

        dhcpcd[413]: wlan0: carrier acquired

Full log /var/log/syslog


        Apr 23 18:53:32 rpi01 rngd[269]: stats: bits received from HRNG

        source: 31960064


        Apr 23 18:53:32 rpi01 rngd[269]: stats: bits sent to kernel

        pool: 31895872


        Apr 23 18:53:32 rpi01 rngd[269]: stats: entropy added to kernel

        pool: 31895872


        Apr 23 18:53:32 rpi01 rngd[269]: stats: FIPS 140-2 successes:

        1597


Thus sometimes the currently shown message contains the wrong colour for the 'carrier acquired' message (but not the same page in the history) and sometimes the message as passed in BBALPHAMSG contains the wrong colour.


Regards,

  Wim Nelis.