Errors after upgrade to 4.3.29
list John Rothlisberger
Ubuntu 16.04LTS Hosts.cfg entry: directory /home/xymon/server/etc/include_ssl/a/ File /home/Xymon/server/etc/include_ssl/a/abcdef.acc.com contains: 0.0.0.0 abcdef.acc.com # noconn NOPROPYELLOW:* NOPROPPURPLE:* NOCOLUMNS:http,info,trends ssldays=30:15 https://abcdef.acc.com 0.0.1.0 I am seeing these errors in my alert.log - these particular clients (URL's actually as they are for sslcert tests reside in an include directory): Checking criteria for host 'abcdef.acc.com', which is not yet defined; some alerts may not immediately fire The errors are popping for every file that is in the include_directory. These errors were not present in 4.3.21 - 4.3.28. Ideas? Thanks, John Upcoming PTO: John Rothlisberger IT Strategy, Infrastructure & Security - Technology Growth Platform TGP for Business Process Outsourcing Accenture XXX.XXX.XXXX office This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Japheth Cleaver
Hi, This warning (used to be just a debug message) was added in a few versions ago (https://sourceforge.net/p/xymon/code/7888/) to call out when rules were presented for a host not visible yet. It could be a sign that xymond is not following the 'include' files and thus not presenting it to xymond_alert. Are these regular directory includes or 'netinclude's? Also, can you try adding the --loadhostsfromxymond option to your xymond_alert CMD line and see if the warnings go away? HTH, -jc On 9/4/2019 9:03 AM, Rothlisberger, John R. wrote:
Ubuntu 16.04LTS Hosts.cfg entry: directory /home/xymon/server/etc/include_ssl/a/ File /home/Xymon/server/etc/include_ssl/a/abcdef.acc.com contains: 0.0.0.0abcdef.acc.com # noconn NOPROPYELLOW:* NOPROPPURPLE:* NOCOLUMNS:http,info,trends ssldays=30:15 https://abcdef.acc.com
▸
0.0.1.0
I am seeing these errors in my alert.log ? these particular clients (URL?s actually as they are for sslcert tests reside in an include directory):
Checking criteria for host 'abcdef.acc.com', which is not yet defined; some alerts may not immediately fire
The errors are popping for every file that is in the include_directory.
These errors were not present in 4.3.21 ? 4.3.28.? Ideas?
Thanks,
John
Upcoming PTO:
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
XXX.XXX.XXXX?office**
▸
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list John Rothlisberger
I added "--loadhostsfromxymond" to xymond_alert and that made no difference. These are just directory includes in the hosts.cfg file. FWIW, these clients can also NOT be found using the find host script from the browser - this is annoying for the time being but what if all of our hosts were with directory includes? Thanks, John -----Original Message----- From: Japheth Cleaver <user-87556346d4af@xymon.invalid> Sent: Wednesday, September 4, 2019 2:58 PM To: Rothlisberger, John R. <user-7adce57665bb@xymon.invalid>; xymon at xymon.com Subject: [External] Re: Errors after upgrade to 4.3.29 This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
▸
Hi,
This warning (used to be just a debug message) was added in a few
versions ago (https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_xymon_code_7888_&d=DwID-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=RK9M5u1KGPmJEBNLLre2D9-Esck80LjKSd4WB3cXoyk&s=ErUxIseIPx2kqKT4GWGENm-LlkHZcfx71WooCgTu3rI&e= ) to call out
▸
when rules were presented for a host not visible yet. It could be a sign
that xymond is not following the 'include' files and thus not presenting
it to xymond_alert.
Are these regular directory includes or 'netinclude's?
Also, can you try adding the --loadhostsfromxymond option to your
xymond_alert CMD line and see if the warnings go away?
HTH,
-jc
On 9/4/2019 9:03 AM, Rothlisberger, John R. wrote:
Ubuntu 16.04LTS
Hosts.cfg entry:
directory /home/xymon/server/etc/include_ssl/a/
File /home/Xymon/server/etc/include_ssl/a/abcdef.acc.com contains:
0.0.0.0abcdef.acc.com # noconn NOPROPYELLOW:* NOPROPPURPLE:*
NOCOLUMNS:http,info,trends ssldays=30:15 https://urldefense.proofpoint.com/v2/url?u=https-3A__abcdef.acc.com&d=DwID-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=RK9M5u1KGPmJEBNLLre2D9-Esck80LjKSd4WB3cXoyk&s=3gW58edAk31HdZ0McGTD-dNqCRmJOT6wmpqmVvcoCIM&e=
▸
0.0.1.0
I am seeing these errors in my alert.log - these particular clients
(URL's actually as they are for sslcert tests reside in an include
directory):
Checking criteria for host 'abcdef.acc.com', which is not yet defined;
some alerts may not immediately fire
The errors are popping for every file that is in the include_directory.
These errors were not present in 4.3.21 - 4.3.28. Ideas?
Thanks,
John
Upcoming PTO:
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
XXX.XXX.XXXX office**
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise confidential information. If you
have received it in error, please notify the sender immediately and
delete the original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and
its affiliates, including e-mail and instant messaging (including
content), may be scanned by our systems for the purposes of information
security and assessment of internal compliance with Accenture policy.
Your privacy is important to us. Accenture uses your personal data only
in compliance with data protection laws. For further information on how
Accenture processes your personal data, please see our privacy statement
at https://www.accenture.com/us-en/privacy-policy.
http://www.accenture.com
▸
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Japheth Cleaver
Hmm. This seems very strange. Are these hosts visible like normal in generated status pages, and via query to xymond from the command line? Based on your exclusions there, I believe the only test you wanted to have present was the resulting 'sslcert'? I just tested a descending directory structure and confirmed that something like "directory /etc/xymon/hosts.d/" should read into subdirectories properly. Would you mind providing some xymond debug (-USR2) output during a hostfile reload or startup? It should list each file as it's reading it in. -jc
▸
On 9/5/2019 4:56 AM, Rothlisberger, John R. wrote:I added "--loadhostsfromxymond" to xymond_alert and that made no difference. These are just directory includes in the hosts.cfg file. FWIW, these clients can also NOT be found using the find host script from the browser - this is annoying for the time being but what if all of our hosts were with directory includes? Thanks, John -----Original Message----- From: Japheth Cleaver <user-87556346d4af@xymon.invalid> Sent: Wednesday, September 4, 2019 2:58 PM To: Rothlisberger, John R. <user-7adce57665bb@xymon.invalid>; xymon at xymon.com Subject: [External] Re: Errors after upgrade to 4.3.29 This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. Hi, This warning (used to be just a debug message) was added in a few versions ago (https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_xymon_code_7888_&d=DwID-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=RK9M5u1KGPmJEBNLLre2D9-Esck80LjKSd4WB3cXoyk&s=ErUxIseIPx2kqKT4GWGENm-LlkHZcfx71WooCgTu3rI&e= ) to call out when rules were presented for a host not visible yet. It could be a sign that xymond is not following the 'include' files and thus not presenting it to xymond_alert. Are these regular directory includes or 'netinclude's? Also, can you try adding the --loadhostsfromxymond option to your xymond_alert CMD line and see if the warnings go away? HTH, -jc
list John Rothlisberger
For the first part of your question - whether they can be seen from query from command line - I assume this is sufficient: xymon 0 xymondboard|grep test.acc.com test.acc.com|trends|green||0|0|0|0|0||| test.acc.com|info|green||0|0|0|0|0||| test.acc.com|sslcert|green||1561426921|1567772582|1567774382|0|0|127.0.0.1||green Fri Sep 6 13:21:49 2019 test.acc.com|http|green||1566753294|1567772582|1567774382|0|0|127.0.0.1||green Fri Sep 6 13:21:49 2019: OK There are a few other tests but in general we suppress some tests we just don't need to see on the page. These are all being picked up from the include directories as they do show up fine in the generated webpages. The only odd behavior is the errors. I will have to do some testing with the debug.
▸
Thanks,
John
-----Original Message-----
From: Japheth Cleaver <user-87556346d4af@xymon.invalid>
Sent: Thursday, September 5, 2019 1:49 PM
To: Rothlisberger, John R. <user-7adce57665bb@xymon.invalid>; xymon at xymon.com
Subject: Re: [External] Re: Errors after upgrade to 4.3.29
Hmm. This seems very strange. Are these hosts visible like normal in generated status pages, and via query to xymond from the command line?
Based on your exclusions there, I believe the only test you wanted to have present was the resulting 'sslcert'?
I just tested a descending directory structure and confirmed that something like "directory /etc/xymon/hosts.d/" should read into subdirectories properly.
Would you mind providing some xymond debug (-USR2) output during a hostfile reload or startup? It should list each file as it's reading it in.
-jc
On 9/5/2019 4:56 AM, Rothlisberger, John R. wrote:I added "--loadhostsfromxymond" to xymond_alert and that made no difference. These are just directory includes in the hosts.cfg file. FWIW, these clients can also NOT be found using the find host script from the browser - this is annoying for the time being but what if all of our hosts were with directory includes? Thanks, John -----Original Message----- From: Japheth Cleaver <user-87556346d4af@xymon.invalid> Sent: Wednesday, September 4, 2019 2:58 PM To: Rothlisberger, John R. <user-7adce57665bb@xymon.invalid>; Subject: [External] Re: Errors after upgrade to 4.3.29 This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. Hi, This warning (used to be just a debug message) was added in a few versions ago
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_ p_xymon_code_7888_&d=DwID-g&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOt kVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq &m=RK9M5u1KGPmJEBNLLre2D9-Esck80LjKSd4WB3cXoyk&s=ErUxIseIPx2kqKT4GWGEN m-LlkHZcfx71WooCgTu3rI&e= ) to call out
▸
when rules were presented for a host not visible yet. It could be a
sign
that xymond is not following the 'include' files and thus not
presenting
it to xymond_alert.
Are these regular directory includes or 'netinclude's?
Also, can you try adding the --loadhostsfromxymond option to your
xymond_alert CMD line and see if the warnings go away?
HTH,
-jc
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Zak Beck
Hi Japheth Thread resurrection, sorry, but some ~18 months later I think I may have got to the bottom of John's issue (as I have a similar issue). To re-cap, this issue is the error "Checking criteria for host 'whatever', which is not yet defined; some alerts may not immediately fire". This happens on startup and also if you run xymond_alert. It happens if you use the directory directive in hosts.cfg. Originally it was reported on Ubuntu 16, but I have it on RHEL 7 so OS is not a factor. I've been trying to get to a minimal test case for this, so I can replicate it with a simple hosts.cfg: page SSL_CERT SSL Certificates title SSL Certificates subparent SSL_CERT SSL_CERT_ALL All SSL Certs on one page directory /home/xymon/server/etc/include_ssl/a directory /home/xymon/server/etc/include_ssl/z That's it, that's the entire content of hosts.cfg (apart from comments). I have a couple of files in /home/xymon/server/etc/include_ssl/z but NOT in /a. If I run xymond_alert --test for a host defined in one of the files in /z, I get the error. If I drop a file in the empty /a directory, and re-run xymond_alert --test for a host defined in /z, it works perfectly. If I remove the file in /a and repeat, the error comes back. The file I drop in can be a file with one line (a comment) - provided there is a file, the error does not occur. On my "proper" hosts file, which has several hundred hosts and 30-40 directory statements, I have this issue. I checked the included directories and put a one-line file containing a comment in the empty ones. The issue is resolved. Therefore it seems likely that this error occurs when you have a directory included but it is empty. Thanks Zak -----Original Message----- From: Xymon <xymon-bounces at xymon.com> On Behalf Of Rothlisberger, John R. via Xymon Sent: 06 September 2019 13:33 To: Japheth Cleaver <user-87556346d4af@xymon.invalid>; xymon at xymon.com Subject: Re: [Xymon] [External] Re: Errors after upgrade to 4.3.29 https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=PljP8iJ6SK442mya2qoRGG7_3DFTOO-37xygU8QBwWc&s=liSziSKHvnix6rUVLadWEHJoozFvTP7Bjs1zjJHjZJg&e=
▸
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com