Alert for WHO column possible?
list Mark Rankin
Hi, Am new to this mailing list, but not new to Xymon. Awesome tool and have been using it for many years! This said, have probably only ever needed to scrape the surface of deeper capabilities and features. Is it possible to monitor for a user being logged in (who column) and go red if that user is not logged in? Unfortunately, we have a few servers that need to be logged in (sigh....) with a certain user and it would be neat to see if they were not. Example under "Who": SESSIONNAME USERNAME STATE
Console svcaccount Active
Test would be that if svcaccount is not present, go red. I have read that I might be able to use DS override in analysis.cfg, have never created an RRD file before, but is that is a feasible approach? Xymon version 4.3.30 CentOS 6.10 Thanks! Kind Regards, Mark Rankin
list John Rothlisberger
Here is a simple script I use for Linux servers run from cron. It goes green when someone logs in and is clear otherwise. It could be easily updated to alert when a particular user logs in.
#!/bin/bash
HOST=`hostname`
XYMONSERVERIP=`grep ^XYMONSERVERIP= /home/xymon/server/etc/xymonserver.cfg|awk -F\" '{print $2}'`
XYMON=/home/xymon/server/bin/xymon
XYTEST="who"
TMPFILE=/home/xymon/tmp/who_login
for x in `/home/xymon/server/bin/xymon $XYMONSERVERIP xymondboard|grep \|inode\||awk -F\| '{print $1}'|sort -u`
do
echo "
Who is logged in:
" >$TMPFILE
/home/xymon/server/bin/xymon $XYMONSERVERIP "clientlog $x section=who"|tail -n +2 >>$TMPFILE
TEST=`/home/xymon/server/bin/xymon $XYMONSERVERIP "clientlog $x section=who"|tail -n +2|wc -l`
echo " " >>$TMPFILE
echo "Data above is retrieved from the script $0 on $HOST." >>$TMPFILE
if [ "$TEST" -gt "0" ];then
$XYMON $XYMONSERVERIP "status+60m ${x}.${XYTEST} green `date` `cat $TMPFILE`"
else
$XYMON $XYMONSERVERIP "status+60m ${x}.${XYTEST} clear `date` `cat $TMPFILE`"
fi
done
Thanks,
John
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Mark Rankin
Sent: Monday, July 20, 2020 12:58 AM
To: xymon at xymon.com
Subject: [External] [Xymon] Alert for WHO column possible?
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
▸
Hi,
Am new to this mailing list, but not new to Xymon. Awesome tool and have been using it for many years! This said, have probably only ever needed to scrape the surface of deeper capabilities and features.
Is it possible to monitor for a user being logged in (who column) and go red if that user is not logged in? Unfortunately, we have a few servers that need to be logged in (sigh....) with a certain user and it would be neat to see if they were not.
Example under "Who":
SESSIONNAME USERNAME STATEConsole svcaccount Active
Test would be that if svcaccount is not present, go red. I have read that I might be able to use DS override in analysis.cfg, have never created an RRD file before, but is that is a feasible approach? Xymon version 4.3.30 CentOS 6.10 Thanks! Kind Regards, Mark Rankin
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Mark Rankin
Hi John, Thanks for the quick reply. I negated to mention I was wanting to monitor this for windows servers reporting back using bbwin. However thanks for the script and info! Kind Regards, Mark.
▸
On 21 Jul 2020, at 01:40, Rothlisberger, John R. <user-7adce57665bb@xymon.invalid> wrote:
?
Here is a simple script I use for Linux servers run from cron. It goes green when someone logs in and is clear otherwise. It could be easily updated to alert when a particular user logs in.
#!/bin/bash
HOST=`hostname`
XYMONSERVERIP=`grep ^XYMONSERVERIP= /home/xymon/server/etc/xymonserver.cfg|awk -F\" '{print $2}'`
XYMON=/home/xymon/server/bin/xymon
XYTEST="who"
TMPFILE=/home/xymon/tmp/who_login
for x in `/home/xymon/server/bin/xymon $XYMONSERVERIP xymondboard|grep \|inode\||awk -F\| '{print $1}'|sort -u`
do
echo "
Who is logged in:
" >$TMPFILE
/home/xymon/server/bin/xymon $XYMONSERVERIP "clientlog $x section=who"|tail -n +2 >>$TMPFILE
TEST=`/home/xymon/server/bin/xymon $XYMONSERVERIP "clientlog $x section=who"|tail -n +2|wc -l`
echo " " >>$TMPFILE
echo "Data above is retrieved from the script $0 on $HOST." >>$TMPFILE
if [ "$TEST" -gt "0" ];then
$XYMON $XYMONSERVERIP "status+60m ${x}.${XYTEST} green `date` `cat $TMPFILE`"
else
$XYMON $XYMONSERVERIP "status+60m ${x}.${XYTEST} clear `date` `cat $TMPFILE`"
fi
done
Thanks,
John
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Mark Rankin
Sent: Monday, July 20, 2020 12:58 AM
To: xymon at xymon.com
Subject: [External] [Xymon] Alert for WHO column possible?
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
Hi,
Am new to this mailing list, but not new to Xymon. Awesome tool and have been using it for many years! This said, have probably only ever needed to scrape the surface of deeper capabilities and features.
Is it possible to monitor for a user being logged in (who column) and go red if that user is not logged in? Unfortunately, we have a few servers that need to be logged in (sigh....) with a certain user and it would be neat to see if they were not.
Example under "Who":
SESSIONNAME USERNAME STATEConsole svcaccount Active
Test would be that if svcaccount is not present, go red. I have read that I might be able to use DS override in analysis.cfg, have never created an RRD file before, but is that is a feasible approach? Xymon version 4.3.30 CentOS 6.10 Thanks! Kind Regards, Mark Rankin This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Steven Carr
I have a script that runs on the server side, checking the clientlog
information for logins, currently this is set to alert when root is
detected, but could easily be modded to negate and look for another
user...
<code>
#!/bin/bash
HOSTTAG=who
COLUMN=$HOSTTAG
$XYMONHOME/bin/xymongrep $HOSTTAG | while read L
do
set $L
HOSTIP="$1"
MACHINEDOTS="$2"
WHO=`$XYMON $XYMSRV "clientlog $MACHINEDOTS section=who"`
if echo "$WHO" | grep "^root" >/dev/null; then
MSG="status $MACHINEDOTS.$COLUMN red root logins detected"
else
MSG="status $MACHINEDOTS.$COLUMN green no root logins detected"
fi
$XYMON $XYMSRV "$MSG
$WHO"
done
exit 0
</code>