question about analysis.cfg and central mode for windows clients
list David Smith
Hi I am running Xymon server 4.3.30, and the vast majority of windows clients using BBwin, and trying xymonpsclient on a couple. After advise from another users, I could successfully use central mode for services, which is ok for a couple of clients but then gets quite wieldy when it is going to be dozens. I tried the following in analysis.cfg file I created a regular expression for one pattern of hostnames, and then for the extra services that differ on certain servers, I added a specific host/service entry. This works fantastically well. I then tried to add another regular expression for another pattern of hostnames, and would similarly try to add in exceptions. This does not work, the machines with the new pattern are still being given the services list for the first pattern. What I also tried was removing the second regular expression and just have a specific host/service entry. That also does not work, as it still gets the original services list even though the hostname does not fit the pattern. See below for excerpt from analysis.cfg Does anyone have any idea how/if I can do what I am trying? Regards David Smith ##A regular expression here for all the generic stuff on one pattern of servers HOSTS=s[cgjprst][abghlrm]as01 ##stuff that is on all old app servers #backupexec stuff SVC BackupExecAgentAccelerator status=started startup=automatic SVC BackupExecAgentBrowser status=started startup=automatic SVC BackupExecDeviceMediaService status=started startup=automatic SVC BackupExecJobEngine status=started startup=automatic ##a bit more refined here, to add extra services for specific hosts HOST=schas01 SVC SibeliusLicenceServerV6 status=started startup=automatic HOST=sjhas01 SVC SibeliusLicenceServerV7 status=started startup=automatic ######STUFF below here doesnt obey the pattern ##A regular expression here for generic stuff on another pattern of servers HOSTS=[cgjprst][abghlrm]-as1 ##stuff that is on all new servers SVC BrokerInfrastructure status=started startup=automatic SVC IISADMIN status=started startup=automatic SVC UALSVC status=started startup=automatic SVC W3SVC status=started startup=automatic SVC VeeamDeploySvc status=started startup=automatic SVC VeeamEndpointBackupSvc status=started startup=automatic SVC VeeamTransportSvc status=started startup=automatic HOST=ndo-as1 SVC SibeliusLicenceServerV7 status=started startup=automatic Renfrewshire Council Website -http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s).
list Jeremy Laidman
David HOSTS=... is incorrect. Try HOST=... I suspect the first list of hosts is being included by default so it looks like they're matching the first regexp but actually aren't. The second group of hosts is also being included by default along with the first. Cheers Jeremy On Thu, 3 Jun 2021 at 01:08, David Smith via Xymon <xymon at xymon.com> wrote:
---------- Forwarded message ---------- From: David Smith <user-52dae6da333f@xymon.invalid> To: "xymon at xymon.com" <xymon at xymon.com> Cc: Bcc: Date: Wed, 2 Jun 2021 15:08:18 +0000 Subject: question about analysis.cfg and central mode for windows clients
▸
Hi I am running Xymon server 4.3.30, and the vast majority of windows clients using BBwin, and trying xymonpsclient on a couple. After advise from another users, I could successfully use central mode for services, which is ok for a couple of clients but then gets quite wieldy when it is going to be dozens. I tried the following in analysis.cfg file I created a regular expression for one pattern of hostnames, and then for the extra services that differ on certain servers, I added a specific host/service entry. This works fantastically well. I then tried to add another regular expression for another pattern of hostnames, and would similarly try to add in exceptions. This does not work, the machines with the new pattern are still being given the services list for the first pattern. What I also tried was removing the second regular expression and just have a specific host/service entry. That also does not work, as it still gets the original services list even though the hostname does not fit the pattern. See below for excerpt from analysis.cfg Does anyone have any idea how/if I can do what I am trying? Regards David Smith ##A regular expression here for all the generic stuff on one pattern of servers HOSTS=s[cgjprst][abghlrm]as01 ##stuff that is on all old app servers #backupexec stuff SVC BackupExecAgentAccelerator status=started startup=automatic SVC BackupExecAgentBrowser status=started startup=automatic SVC BackupExecDeviceMediaService status=started startup=automatic SVC BackupExecJobEngine status=started startup=automatic ##a bit more refined here, to add extra services for specific hosts HOST=schas01 SVC SibeliusLicenceServerV6 status=started startup=automatic HOST=sjhas01 SVC SibeliusLicenceServerV7 status=started startup=automatic ######STUFF below here doesnt obey the pattern ##A regular expression here for generic stuff on another pattern of servers HOSTS=[cgjprst][abghlrm]-as1 ##stuff that is on all new servers SVC BrokerInfrastructure status=started startup=automatic SVC IISADMIN status=started startup=automatic SVC UALSVC status=started startup=automatic SVC W3SVC status=started startup=automatic SVC VeeamDeploySvc status=started startup=automatic SVC VeeamEndpointBackupSvc status=started startup=automatic SVC VeeamTransportSvc status=started startup=automatic HOST=ndo-as1 SVC SibeliusLicenceServerV7 status=started startup=automatic Renfrewshire Council Website -http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s).
---------- Forwarded message ----------
From: David Smith via Xymon <xymon at xymon.com>
To: "xymon at xymon.com" <xymon at xymon.com>
Cc:
Bcc:
Date: Wed, 2 Jun 2021 15:08:18 +0000
Subject: [Xymon] question about analysis.cfg and central mode for windows
clients
list Timothy Williams
David, the cleaner way is to list exceptions on Hosts first, then the default for all Powershell clients. I believe your behaviour is due by Xymon stops parsing on the host name once it matches, then adds the (first) default. In the example below, I have the location of the Xymon client_config identified (has to be in the Client_config file downloaded or local), the WinLogon for PROC, and the RDP port so that the columns are normally Green. The servicecheck for WinCollect is ignored on the server if it doesn't exist. It's purpose is to restart a service if found to be stopped. I believe your SVC " status=started startup=automatic" is legacy in BBWin but doesn't work in PSXymon that way. Here is an Analysis example: HOST=CCSWSUS SVC WsusService status=started SVC WinCollect status=started HOST=CCSSophos SVC Sophos_Management_Service status=started SVC SophosPatchEndpointCommunicator status=started HOST=CCS### SVC MSSQL$SUPERCHARGER status=started SVC WinCollect status=started CLASS=powershell UP 30m Load 90 95 DISK * 85 95 MEMPHYS 70 95 MEMSWAP 60 85 PROC winlogon SVC XymonPSClient status=started SVC CSFalconService status=started SVC SAVService status=started SVC SAVAdminService status=started SVC Sophos_Agent status=started SVC Sophos_AutoUpdate_Service status=started PORT "LOCAL=%([\.:]3389)$" STATE=LISTENING COLOR=YELLOW text=RDP FILE C:\Utils\Xymonclient_config.xml LOG eventlog_application Error|Warning LOG eventlog_application Error IGNORE=[1008],[2004],[1018],[1022],[11],[1524],[1008],[2003],[4099],[8005],[12289],[4879],SAVOnAccessFilter LOG eventlog_system Error IGNORE=[36874],[36871],[1002],[513],[4879],[36888],[157],[140],[50],[58],[137],[6037],[1],DCOM,Print,TermServDevices,SAVOnAccessFilter LOG eventlog_system Warning COLOR=yellow Here is a Client_Config example: clientversion:2.42:http://webserver/pub/XymonPS maxloop:720 xymonlogsend file:c:\utils\Xymonclient_config.xml servicecheck:WinCollect:5 Keep the questions coming, Tim On Wed, Jun 2, 2021 at 11:08 AM David Smith via Xymon <xymon at xymon.com>
▸
wrote:
---------- Forwarded message ---------- From: David Smith <user-52dae6da333f@xymon.invalid> To: "xymon at xymon.com" <xymon at xymon.com> Cc: Bcc: Date: Wed, 2 Jun 2021 15:08:18 +0000 Subject: question about analysis.cfg and central mode for windows clients Hi I am running Xymon server 4.3.30, and the vast majority of windows clients using BBwin, and trying xymonpsclient on a couple. After advise from another users, I could successfully use central mode for services, which is ok for a couple of clients but then gets quite wieldy when it is going to be dozens. I tried the following in analysis.cfg file I created a regular expression for one pattern of hostnames, and then for the extra services that differ on certain servers, I added a specific host/service entry. This works fantastically well. I then tried to add another regular expression for another pattern of hostnames, and would similarly try to add in exceptions. This does not work, the machines with the new pattern are still being given the services list for the first pattern. What I also tried was removing the second regular expression and just have a specific host/service entry. That also does not work, as it still gets the original services list even though the hostname does not fit the pattern. See below for excerpt from analysis.cfg Does anyone have any idea how/if I can do what I am trying? Regards David Smith ##A regular expression here for all the generic stuff on one pattern of servers HOSTS=s[cgjprst][abghlrm]as01 ##stuff that is on all old app servers #backupexec stuff SVC BackupExecAgentAccelerator status=started startup=automatic SVC BackupExecAgentBrowser status=started startup=automatic SVC BackupExecDeviceMediaService status=started startup=automatic SVC BackupExecJobEngine status=started startup=automatic ##a bit more refined here, to add extra services for specific hosts HOST=schas01 SVC SibeliusLicenceServerV6 status=started startup=automatic HOST=sjhas01 SVC SibeliusLicenceServerV7 status=started startup=automatic ######STUFF below here doesnt obey the pattern ##A regular expression here for generic stuff on another pattern of servers HOSTS=[cgjprst][abghlrm]-as1 ##stuff that is on all new servers SVC BrokerInfrastructure status=started startup=automatic SVC IISADMIN status=started startup=automatic SVC UALSVC status=started startup=automatic SVC W3SVC status=started startup=automatic SVC VeeamDeploySvc status=started startup=automatic SVC VeeamEndpointBackupSvc status=started startup=automatic SVC VeeamTransportSvc status=started startup=automatic HOST=ndo-as1 SVC SibeliusLicenceServerV7 status=started startup=automatic Renfrewshire Council Website -http://www.renfrewshire.gov.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Renfrewshire Council may, in accordance with the Telecommunications(Lawful Business Practice) (Interception of Communications) Regulations 2000, intercept e-mail messages for the purpose of monitoring or keeping a record of communications on the Council's system. If a message contains inappropriate dialogue it will automatically be intercepted by the Council's Internal Audit section who will decide whether or not the e-mail should be onwardly transmitted to the intended recipient(s). ---------- Forwarded message ---------- From: David Smith via Xymon <xymon at xymon.com> To: "xymon at xymon.com" <xymon at xymon.com> Cc: Bcc: Date: Wed, 2 Jun 2021 15:08:18 +0000 Subject: [Xymon] question about analysis.cfg and central mode for windows clients