False procs alert
list Yadvendra Kushwaha
Hi Guys I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them It says process missing but both processes are up in the host What I am missing here? Please help Thanks
list Damien Martins
Hello Yadvendra, Can you share the PROC line in your $XYMONSERVER/etc/analysis.cfg and the "ps auxww" output ?
▸
Le 21/03/2019 à 12:15, Yadvendra kushwaha a écrit :Hi Guys I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them It says process missing but both processes are up in the host What I am missing here? Please help Thanks
--
Cordialement,
Damien Martins
list Scot Kreienkamp
If you want any help with that you’re going to need to share the relevant part of your config. Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Yadvendra kushwaha Sent: Thursday, March 21, 2019 7:15 AM To: xymon at xymon.com Subject: [Xymon] False procs alert ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.
▸
Hi Guys
I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them
It says process missing but both processes are up in the host
What I am missing here? Please help
Thanks
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
list Yadvendra Kushwaha
In analysis.cfg
HOST=*
PROC sshd
PROC sssd
Xymon reports this
[image: image.png]
But I can clearly see both the prosses are present in the server
Thanks
Yadvendra
On Thu, Mar 21, 2019 at 8:42 AM Scot Kreienkamp <
▸
user-9678697f1438@xymon.invalid> wrote:
If you want any help with that you’re going to need to share the relevant part of your config. *Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate* One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid *From:* Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Yadvendra kushwaha *Sent:* Thursday, March 21, 2019 7:15 AM *To:* xymon at xymon.com *Subject:* [Xymon] False procs alert *ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.* Hi Guys I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them It says process missing but both processes are up in the host What I am missing here? Please help Thanks This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
list Damien Martins
can you please execute on your clients "ps auxww" and share the output ?
▸
Le 21/03/2019 à 14:15, Yadvendra kushwaha a écrit :In analysis.cfg HOST=* PROC sshd PROC sssd Xymon reports this image.png But I can clearly see both the prosses are present in the server Thanks Yadvendra On Thu, Mar 21, 2019 at 8:42 AM Scot Kreienkamp
<user-9678697f1438@xymon.invalid <mailto:user-9678697f1438@xymon.invalid>>
▸
wrote:
If you want any help with that you’re going to need to share the
relevant part of your config.
*Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate*
One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX
| | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid
*From:*Xymon [mailto:xymon-bounces at xymon.com
▸
<mailto:xymon-bounces at xymon.com>] *On Behalf Of *Yadvendra kushwaha
*Sent:* Thursday, March 21, 2019 7:15 AM
*To:* xymon at xymon.com <mailto:xymon at xymon.com>
▸
*Subject:* [Xymon] False procs alert
*_ATTENTION: This email was sent to La-Z-Boy from an external
source. Be vigilant when opening attachments or clicking links._*
Hi Guys
I am monitoring sshd and sssd procs, somehow xymon is falsely
reporting them
It says process missing but both processes are up in the host
What I am missing here? Please help
Thanks
This messageis intended onlyfor the individual or entity to which
▸
it is addressed. It may contain privileged, confidential
information which is exempt from disclosure under applicable
laws. If you are not the intended recipient, you are strictly
prohibited from disseminating or distributing this information
(other than to the intended recipient) or copying this
information. If you have received this communication in error,
please notify usimmediately by e-mail or by telephone at the above
number.Thank you.
-- Cordialement, Damien Martins
list Scot Kreienkamp
Try: PROC /usr/sbin/sshd 1 -1 red That’s working on mine. May need to change the path to fit your installation.
▸
Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate
One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid
▸
From: Yadvendra kushwaha [mailto:user-c1aa0b7f48b5@xymon.invalid]
Sent: Thursday, March 21, 2019 9:15 AM
To: Scot Kreienkamp <user-9678697f1438@xymon.invalid>; xymon at xymon.com
Subject: Re: [Xymon] False procs alert
ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.
In analysis.cfg
HOST=*
PROC sshd
PROC sssd
Xymon reports this
[image.png]
But I can clearly see both the prosses are present in the server
Thanks
Yadvendra
On Thu, Mar 21, 2019 at 8:42 AM Scot Kreienkamp <user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid>> wrote:
If you want any help with that you’re going to need to share the relevant part of your config.
From: Xymon [mailto:xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>] On Behalf Of Yadvendra kushwaha
Sent: Thursday, March 21, 2019 7:15 AM
To:xymon at xymon.com<mailto:xymon at xymon.com>
▸
Subject: [Xymon] False procs alert
ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.
Hi Guys
I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them
It says process missing but both processes are up in the host
What I am missing here? Please help
Thanks
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
list Walter Rutherford
This reminds me of an opposite problem we've been seeing. We have a Windows box we're monitoring which is almost always in the non-green alerts because the CONN check flutters between green/red. The cycles are always short, sometimes a few minutes but often just a matter of seconds between the reported failure and recovery. The last was 10 seconds between reported problem and recovery. Since that's even quicker than the system checks its status I'm sure the problems are false but I'm not sure why that system, and only that system, is reporting bogus problems. It's not a critical issue, it happens so fast that it seldom shows up on the main page. But it does clutter the non-green report when we just want to see if the systems have been healthy overnight. Benign annoyance. So now it's mostly a curiosity. Has anyone else seen a system report flapping like this? On Thu, Mar 21, 2019 at 6:40 AM Scot Kreienkamp <
▸
user-9678697f1438@xymon.invalid> wrote:
Try:
PROC /usr/sbin/sshd 1 -1 red
That’s working on mine. May need to change the path to fit your
installation.
*Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate*
One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | |
Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid
*From:* Yadvendra kushwaha [mailto:user-c1aa0b7f48b5@xymon.invalid]
*Sent:* Thursday, March 21, 2019 9:15 AM
*To:* Scot Kreienkamp <user-9678697f1438@xymon.invalid>; xymon at xymon.com
*Subject:* Re: [Xymon] False procs alert
*ATTENTION: This email was sent to La-Z-Boy from an external source.
Be vigilant when opening attachments or clicking links.*
In analysis.cfg
HOST=*
PROC sshd
PROC sssd
Xymon reports this
[image: image.png]
But I can clearly see both the prosses are present in the server
Thanks
Yadvendra
On Thu, Mar 21, 2019 at 8:42 AM Scot Kreienkamp <
user-9678697f1438@xymon.invalid> wrote:
If you want any help with that you’re going to need to share the relevant
part of your config.
*From:* Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Yadvendra
kushwaha
*Sent:* Thursday, March 21, 2019 7:15 AM
*To:*xymon at xymon.com
*Subject:* [Xymon] False procs alert
*ATTENTION: This email was sent to La-Z-Boy from an external source.
Be vigilant when opening attachments or clicking links.*
Hi Guys
I am monitoring sshd and sssd procs, somehow xymon is falsely reporting
them
It says process missing but both processes are up in the host
What I am missing here? Please help
Thanks
This message is intended only for the individual or entity to which it is
addressed. It may contain privileged, confidential information which is
exempt from disclosure under applicable laws. If you are not the intended
recipient, you are strictly prohibited from disseminating or distributing
this information (other than to the intended recipient) or copying this
information. If you have received this communication in error, please
notify us immediately by e-mail or by telephone at the above number. Thank
you.
list John Thurston
Since the 'conn' test is normally populated by a server-side instance of xymonnet, I can think of a few ways this could happen:
A) DNS round-robin (multiple A-records), one of which isn't responding
B) More than one instance of xymonnet running, one of which is on a network which is firewalled from the host
C) An errant client sending a 'status' message with the 'conn' tag
D) Multipathing on your network, one path of which isn't working
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska
▸
On 3/21/2019 10:25 AM, Walter Rutherford wrote:So now it's mostly a curiosity. Has anyone else seen a system report flapping like this?
list Paul Root
That’s interesting. Do you have more than one server pinging? Or is it a latency issue?
My default sshd monitor is this:
HOST=* EXHOST=%(loc1|loc2)(380esx|win|hnms).*
PORT "LOCAL=%([.:]22)$" state=LISTEN TRACK=sshd TEXT=SSHD
PROC sshd 1 70 yellow
PROC sshd 1 100 red TRACK=sshd "TEXT=ssh daemon (sshd)"
▸
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Walter Rutherford
Sent: Thursday, March 21, 2019 1:26 PM
To: Scot Kreienkamp <user-9678697f1438@xymon.invalid>
Cc: Yadvendra kushwaha <user-c1aa0b7f48b5@xymon.invalid>; xymon at xymon.com
Subject: Re: [Xymon] False procs alert
This reminds me of an opposite problem we've been seeing. We have a Windows box we're monitoring
which is almost always in the non-green alerts because the CONN check flutters between green/red. The
cycles are always short, sometimes a few minutes but often just a matter of seconds between the reported
failure and recovery. The last was 10 seconds between reported problem and recovery.
Since that's even quicker than the system checks its status I'm sure the problems are false but I'm not sure
why that system, and only that system, is reporting bogus problems.
It's not a critical issue, it happens so fast that it seldom shows up on the main page. But it does clutter the
non-green report when we just want to see if the systems have been healthy overnight. Benign annoyance.
So now it's mostly a curiosity. Has anyone else seen a system report flapping like this?
On Thu, Mar 21, 2019 at 6:40 AM Scot Kreienkamp <user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid>> wrote:
Try:
PROC /usr/sbin/sshd 1 -1 red
That’s working on mine. May need to change the path to fit your installation.
Scot Kreienkamp |Senior Systems Engineer | La-Z-Boy Corporate
One La-Z-Boy Drive| Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid>
▸
From: Yadvendra kushwaha [mailto:user-c1aa0b7f48b5@xymon.invalid<mailto:user-c1aa0b7f48b5@xymon.invalid>]
Sent: Thursday, March 21, 2019 9:15 AM
To: Scot Kreienkamp <user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid>>; xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] False procs alert
ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.
In analysis.cfg
HOST=*
PROC sshd
PROC sssd
Xymon reports this
[image.png]
But I can clearly see both the prosses are present in the server
Thanks
Yadvendra
On Thu, Mar 21, 2019 at 8:42 AM Scot Kreienkamp <user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid>> wrote:
If you want any help with that you’re going to need to share the relevant part of your config.
From: Xymon [mailto:xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>] On Behalf Of Yadvendra kushwaha
Sent: Thursday, March 21, 2019 7:15 AM
To:xymon at xymon.com<mailto:xymon at xymon.com>
Subject: [Xymon] False procs alert
ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links.
Hi Guys
I am monitoring sshd and sssd procs, somehow xymon is falsely reporting them
It says process missing but both processes are up in the host
What I am missing here? Please help
Thanks
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
list Walter Rutherford
Thank you John! That's far more possible causes than I thought of. C seems the most likely culprit since there is a second system with a similar name (a clone) on the same network. I also can't Remote Console that other system so it might be misconfigured. On Thu, Mar 21, 2019 at 10:38 AM John Thurston <user-ce4d79d99bab@xymon.invalid>
▸
wrote:
Since the 'conn' test is normally populated by a server-side instance of xymonnet, I can think of a few ways this could happen: A) DNS round-robin (multiple A-records), one of which isn't responding B) More than one instance of xymonnet running, one of which is on a network which is firewalled from the host C) An errant client sending a 'status' message with the 'conn' tag D) Multipathing on your network, one path of which isn't working -- Do things because you should, not just because you can. John Thurston XXX-XXX-XXXX user-ce4d79d99bab@xymon.invalid Department of Administration State of Alaska On 3/21/2019 10:25 AM, Walter Rutherford wrote:So now it's mostly a curiosity. Has anyone else seen a system report flapping like this?