Couple of questions on client data
list David Boyer
I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" [who] davieb tty1 May 11 21:01 (:0) davieb pts/1 May 11 21:02 (:0.0) davieb pts/2 May 11 21:40 (:0.0) As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" yumlist|trends|green||0|0|0|0|0||| yumlist|info|green||0|0|0|0|0||| yumlist|uptime|green||1436045636|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 Uptime OK yumlist|memory|green||1431806850|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 - Memory OK yumlist|files|clear||1451081789|1452380534|1452382334|0|0|192.168.1.9||clear Sat Jan 9 18:02:08 EST 2016 - Files ok yumlist|msgs|green||1431807151|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 - System logs ok yumlist|ports|clear||1431806850|1452380534|1452382334|0|0|192.168.1.9||clear Sat Jan 9 18:02:08 EST 2016 - Ports ok yumlist|procs|green||1436043229|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 - Processes ok yumlist|inode|green||1431806850|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 - Filesystems ok yumlist|disk|green||1431806850|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 - Filesystems ok yumlist|cpu|green||1431806850|1452380534|1452382334|0|0|192.168.1.9||green Sat Jan 9 18:02:08 EST 2016 up: 289 days, 3 users, 261 procs, load=0.02 yumlist|hostinfo|clear||1432774838|1452380534|1452382334|0|0|192.168.1.9||clear Sat Jan 9 18:02:14 EST 2016 yumlist|cpu2|green||1431806845|1452380529|1452382329|0|0|192.168.1.9||green Sat Jan 9 18:02:09 EST 2016 yumlist|smart|green||1431806845|1452380528|1452382328|0|0|192.168.1.9||green SMART health check yumlist|fyi|green||1431806845|1452380719|1452382519|0|0|192.168.1.9||green Sat Jan 9 18:05:19 EST 2016 yumlist|rpc|green||1431805465|1452380560|1452382360|0|0|192.168.1.230||green Sat Jan 9 18:02:32 2016 rpc ok, yumlist|conn|green|OrdAsTLe|1431805465|1452380560|1452382360|0|0|192.168.1.230||green <!-- [flags:OrdAsTLe] --> Sat Jan 9 18:02:32 2016 conn ok
list Japheth Cleaver
Hi David,
▸
On Sat, January 9, 2016 3:15 pm, David Boyer wrote:I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it.
This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests at https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.pl You can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it:
The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon.
https://www.xymon.com/help/manpages/man7/xymon.7.html
This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time.
▸
Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who"
*snip*
▸
As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist"
*snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc
list Ryan Novosielski
I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful). ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | user-46c89e614701@xymon.invalid<mailto:user-46c89e614701@xymon.invalid>- 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark
▸
`' On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote: Hi David, On Sat, January 9, 2016 3:15 pm, David Boyer wrote: I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests at https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.pl You can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it: The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon. https://www.xymon.com/help/manpages/man7/xymon.7.html This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" *snip* As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" *snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc
list Ryan Novosielski
Actually: how do you get at this? I can't see a way after hunting around a bit. I thought maybe in a client data link at the bottom of a historical page, but none is present.
▸
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Senior Technologist
|| \\ and Health | user-46c89e614701@xymon.invalid<mailto:user-46c89e614701@xymon.invalid>- 973/972.0922 (2x0922)
|| \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark
`'
▸
On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote:
This becomes even more relevant when you consider snapshoting. When a
status goes "red", a snapshot of the client data at that time is kept. So
if you went back later to try to figure out why (e.g.) CPU was rising, the
output of the '[who]' section tells you who might have been doing
something then, even if the data wasn't used for making a test out of at
that time.
list David Boyer
JC,
Yes, it does! Thanks for the background.. I've written/modified
several tests for my environment while we were still in the "big brother"
era. I'm still
learning the ins/outs of xymon. I'm intrigued by the use of the "local"
directory on the clientside. Where might I find more information about
using this feature.
Dave
On Sun, Jan 10, 2016 at 3:35 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid>
▸
wrote:
I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful). ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist
|| \\ and Health | user-46c89e614701@xymon.invalid- 973/972.0922 (2x0922)
▸
|| \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `' On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid> wrote: Hi David, On Sat, January 9, 2016 3:15 pm, David Boyer wrote: I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests at https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.pl You can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it: The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon. https://www.xymon.com/help/manpages/man7/xymon.7.html This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" *snip* As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" *snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc
list Japheth Cleaver
Glad it could help :) There should be a README-local file in the client home directory (or documentation directory, depending on what install method you used). By default, the client will look in $XYMONHOME/local/ for anything executable. If anything is found, it's run (xymonclient.sh:65) and the output is added to the client report near the end, under the heading "[local:<filename>]". This allows a server admin to easily add new things on a one-off basis. Xymon v4.4 will have a similar directory named /sections/ with does the same thing, except without the "local:" prefix on the output. (It's intended for packaged site or distro/vendor-specific scripts.) Ryan: Yes, this is one area where it definitely needs more highlighting. A lot of users miss that this happens, but it's really an invaluable resource for forensics. Remember, though, that this requires xymon to be running in server-config mode, not --local client mode. In --local client mode, this raw data never leaves the original box and so can't be saved. Regards, -jc
▸
On Sun, January 10, 2016 3:51 pm, David Boyer wrote:JC, Yes, it does! Thanks for the background.. I've written/modified several tests for my environment while we were still in the "big brother" era. I'm still learning the ins/outs of xymon. I'm intrigued by the use of the "local" directory on the clientside. Where might I find more information about using this feature. Dave On Sun, Jan 10, 2016 at 3:35 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid> wrote:I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful). ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | user-46c89e614701@xymon.invalid- 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `' On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid> wrote: Hi David, On Sat, January 9, 2016 3:15 pm, David Boyer wrote: I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests at https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.pl You can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it: The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon. https://www.xymon.com/help/manpages/man7/xymon.7.html This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" *snip* As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" *snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc
list Ryan Novosielski
This is the info I need but it sounded like I can get it from historical periods, which is what I'm after.
▸
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Senior Technologist
|| \\ and Health | user-46c89e614701@xymon.invalid<mailto:user-46c89e614701@xymon.invalid>- 973/972.0922 (2x0922)
|| \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark
`'
On Jan 10, 2016, at 18:56, David Boyer <user-a6c09f28d9d2@xymon.invalid<mailto:user-a6c09f28d9d2@xymon.invalid>> wrote:
Ryan,
What specific data are you looking for? If it's the kernel version, this could pull the info:
[xymon at xytest bin]$ ./xymon localhost "clientlog yumlist section=uname"
[uname]
Linux yumlist 2.6.32-504.12.2.el6.x86_64 x86_64
Or more detailed info:
[xymon at xytest bin]$ ./xymon localhost "clientlog yumlist section=osversion"
[osversion]
CentOS 6.6
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.6 (Final)
Release: 6.6
Codename: Final
and grab what you need...
▸
Dave
On Sun, Jan 10, 2016 at 6:31 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid<mailto:user-6e4f7a3bb37f@xymon.invalid>> wrote:
Actually: how do you get at this? I can't see a way after hunting around a bit. I thought maybe in a client data link at the bottom of a historical page, but none is present.
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Senior Technologist
|| \\ and Health | user-46c89e614701@xymon.invalid<mailto:user-46c89e614701@xymon.invalid>- 973/972.0922<tel:973%2F972.0922> (2x0922)
▸
|| \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark
`'
On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote:
This becomes even more relevant when you consider snapshoting. When a
status goes "red", a snapshot of the client data at that time is kept. So
if you went back later to try to figure out why (e.g.) CPU was rising, the
output of the '[who]' section tells you who might have been doing
something then, even if the data wasn't used for making a test out of at
that time.
list Japheth Cleaver
From a status page: https://xymon.com/xymon-cgi/svcstatus.sh?HOST=claudio.hswn.dk&SERVICE=conn Click the History button, to: https://xymon.com/xymon-cgi/history.sh?HISTFILE=claudio.hswn.dk.conn&ENTRIES=50&IP=192.168.20.1&DISPLAYNAME=claudio.hswn.dk Click a convenient red/yellow dot, to: https://xymon.com/xymon-cgi/historylog.sh?HOST=claudio.hswn.dk&SERVICE=conn&TIMEBUF=Mon_Dec_21_22:56:37_2015 Then scroll down and you should see a "Client Data available" link, to: https://xymon.com/xymon-cgi/historylog.sh?CLIENT=claudio.hswn.dk&TIMEBUF=1450734721 Which should give you what was needed. If there's *no* Client Data available anywhere on any links, make sure the [hostdata] section is not disabled in tasks.cfg and that --store-clientlogs is set properly in the options to xymond (by default, it's "--store-clientlogs=!msgs"). You should see directories under $XYMONVAR/hostdata/ by default. Also, IIRC xymond_hostdata will by default skip storage when there's <5% disk space free on the server it's running on. HTH,
▸
-jc
On Sun, January 10, 2016 5:18 pm, Novosielski, Ryan wrote:This is the info I need but it sounded like I can get it from historical periods, which is what I'm after.
On Jan 10, 2016, at 18:56, David Boyer
<user-a6c09f28d9d2@xymon.invalid<mailto:user-a6c09f28d9d2@xymon.invalid>> wrote:
Ryan,
What specific data are you looking for? If it's the kernel version,
this could pull the info:
On Sun, Jan 10, 2016 at 6:31 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid<mailto:user-6e4f7a3bb37f@xymon.invalid>> wrote: Actually: how do you get at this? I can't see a way after hunting around a bit. I thought maybe in a client data link at the bottom of a historical page, but none is present.
On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote: This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time.
list Ryan Novosielski
Thanks, must have just missed it before, as that's just what I thought of to do. Or maybe not visible from a phone somehow. Great tip!
▸
-- ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | user-46c89e614701@xymon.invalid - 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `' From: J.C. Cleaver [user-87556346d4af@xymon.invalid] Sent: Sunday, January 10, 2016 9:00 PM To: Novosielski, Ryan Cc: Xymon Mailing List Subject: Re: [Xymon] Couple of questions on client data From a status page: https://xymon.com/xymon-cgi/svcstatus.sh?HOST=claudio.hswn.dk&SERVICE=conn Click the History button, to: https://xymon.com/xymon-cgi/history.sh?HISTFILE=claudio.hswn.dk.conn&ENTRIES=50&IP=192.168.20.1&DISPLAYNAME=claudio.hswn.dk Click a convenient red/yellow dot, to: https://xymon.com/xymon-cgi/historylog.sh?HOST=claudio.hswn.dk&SERVICE=conn&TIMEBUF=Mon_Dec_21_22:56:37_2015 Then scroll down and you should see a "Client Data available" link, to: https://xymon.com/xymon-cgi/historylog.sh?CLIENT=claudio.hswn.dk&TIMEBUF=1450734721 Which should give you what was needed. If there's *no* Client Data available anywhere on any links, make sure the [hostdata] section is not disabled in tasks.cfg and that --store-clientlogs is set properly in the options to xymond (by default, it's "--store-clientlogs=!msgs"). You should see directories under $XYMONVAR/hostdata/ by default. Also, IIRC xymond_hostdata will by default skip storage when there's <5% disk space free on the server it's running on. HTH, -jc On Sun, January 10, 2016 5:18 pm, Novosielski, Ryan wrote:
This is the info I need but it sounded like I can get it from historical periods, which is what I'm after.
On Jan 10, 2016, at 18:56, David Boyer
<user-a6c09f28d9d2@xymon.invalid<mailto:user-a6c09f28d9d2@xymon.invalid>> wrote:
Ryan,
What specific data are you looking for? If it's the kernel version,
this could pull the info:
On Sun, Jan 10, 2016 at 6:31 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid<mailto:user-6e4f7a3bb37f@xymon.invalid>> wrote: Actually: how do you get at this? I can't see a way after hunting around a bit. I thought maybe in a client data link at the bottom of a historical page, but none is present.
On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote: This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time.
list David Boyer
Ryan,
JC beat me to the reply! Xymon works a bit differently than Big
Brother. It only archives the "changes in state" verses keeping iteration
by default.
So, in one of my ext scripts, I have it go "clear status (blue)" for 1
iteration thereby it now becomes a historial event.
Dave
On Sun, Jan 10, 2016 at 9:00 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid>
▸
wrote:
From a status page: https://xymon.com/xymon-cgi/svcstatus.sh?HOST=claudio.hswn.dk&SERVICE=conn Click the History button, to: https://xymon.com/xymon-cgi/history.sh?HISTFILE=claudio.hswn.dk.conn&ENTRIES=50&IP=192.168.20.1&DISPLAYNAME=claudio.hswn.dk Click a convenient red/yellow dot, to: https://xymon.com/xymon-cgi/historylog.sh?HOST=claudio.hswn.dk&SERVICE=conn&TIMEBUF=Mon_Dec_21_22:56:37_2015 Then scroll down and you should see a "Client Data available" link, to: https://xymon.com/xymon-cgi/historylog.sh?CLIENT=claudio.hswn.dk&TIMEBUF=1450734721 Which should give you what was needed. If there's *no* Client Data available anywhere on any links, make sure the [hostdata] section is not disabled in tasks.cfg and that --store-clientlogs is set properly in the options to xymond (by default, it's "--store-clientlogs=!msgs"). You should see directories under $XYMONVAR/hostdata/ by default. Also, IIRC xymond_hostdata will by default skip storage when there's <5% disk space free on the server it's running on. HTH, -jc On Sun, January 10, 2016 5:18 pm, Novosielski, Ryan wrote:This is the info I need but it sounded like I can get it from historical periods, which is what I'm after.On Jan 10, 2016, at 18:56, David Boyer <user-a6c09f28d9d2@xymon.invalid<mailto:user-a6c09f28d9d2@xymon.invalid>> wrote: Ryan, What specific data are you looking for? If it's the kernel version, this could pull the info:On Sun, Jan 10, 2016 at 6:31 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid<mailto:user-6e4f7a3bb37f@xymon.invalid>> wrote: Actually: how do you get at this? I can't see a way after hunting around a bit. I thought maybe in a client data link at the bottom of a historical page, but none is present.On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid<mailto:user-87556346d4af@xymon.invalid>> wrote: This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time.
list David Boyer
JC,
I see it takes stdout just fine. Might I add that it might be
beneficial if the script would output the heading
say [script] vice the name of the the script "script.sh"? I java a bunch
of specific info on each host that is 90%
there for ref by our security folks, developers, etc... for instance which
mode selinux is in, whether auditing is running,
backup logs are current, etc. Using the "local" directory feature would
gather the info, put a header on it and allow
reports to more easily be run against the data.
Also, on the xymond_rootlogin.pl script, where would this be set up
to run? In the tasks.cfg?
Dave
On Sun, Jan 10, 2016 at 8:05 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid>
▸
wrote:
Glad it could help :) There should be a README-local file in the client home directory (or documentation directory, depending on what install method you used). By default, the client will look in $XYMONHOME/local/ for anything executable. If anything is found, it's run (xymonclient.sh:65) and the output is added to the client report near the end, under the heading "[local:<filename>]". This allows a server admin to easily add new things on a one-off basis. Xymon v4.4 will have a similar directory named /sections/ with does the same thing, except without the "local:" prefix on the output. (It's intended for packaged site or distro/vendor-specific scripts.) Ryan: Yes, this is one area where it definitely needs more highlighting. A lot of users miss that this happens, but it's really an invaluable resource for forensics. Remember, though, that this requires xymon to be running in server-config mode, not --local client mode. In --local client mode, this raw data never leaves the original box and so can't be saved. Regards, -jc On Sun, January 10, 2016 3:51 pm, David Boyer wrote:JC, Yes, it does! Thanks for the background.. I've written/modified several tests for my environment while we were still in the "big brother" era. I'm still learning the ins/outs of xymon. I'm intrigued by the use of the "local" directory on the clientside. Where might I find more information about using this feature. Dave On Sun, Jan 10, 2016 at 3:35 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid> wrote:I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful). ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | user-46c89e614701@xymon.invalid- 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `' On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid> wrote: Hi David, On Sat, January 9, 2016 3:15 pm, David Boyer wrote: I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests athttps://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.plYou can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it: The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon. https://www.xymon.com/help/manpages/man7/xymon.7.html This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" *snip* As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" *snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc
list Japheth Cleaver
▸
On Sun, January 10, 2016 6:12 pm, David Boyer wrote:
JC,
I see it takes stdout just fine. Might I add that it might be
beneficial if the script would output the heading
say [script] vice the name of the the script "script.sh"?True, but then you could just rename the script to "script" and leave off the ".sh" :) As long as it's chmod +x (executable) and not named README or a .rpm/.dpkg debris file it will be executed and added in.
▸
I java a bunch of specific info on each host that is 90% there for ref by our security folks, developers, etc... for instance which mode selinux is in, whether auditing is running, backup logs are current, etc. Using the "local" directory feature would gather the info, put a header on it and allow reports to more easily be run against the data.
I can definitely see where you're coming from there, but the current /local (and /sections, for Terabithia RPM users) functionality is geared towards xymonclient.sh handling the wrapping of text with the [script] headers itself. Fortunately (or not), though, it's all just plain text once it gets to xymond :) You could easily have your script "myscript" add in the headers for sub-sections however you like... === #!/bin/sh echo "this line get put into the xymonclient.sh-created [myscript] section" echo "[foobar]" /some/command/here --debug cat /proc/some/other/data echo "[snafu]" /some/other/commands ===== etc... It'll look and be treated just like any other [section]. Alternatively, you can have your script execute completely independently of the default "xymonclient.sh" script. All you need to do is copy the output format that xymonclient is generating, but use a custom "collectorid" string: client[/COLLECTORID] HOSTNAME.OSTYPE [HOSTCLASS] and then run it on a regular basis on the host. (This is convenient if you have complex additional scripts or need to run something as root to collect the data.) All of the un-expired client data will be concatenated together when displayed/saved. If it can run as the xymon user, just make a new section in the clientlaunch.cfg file on the client, and xymonlaunch will handle it for you. It's up to you.
▸
Also, on the xymond_rootlogin.pl script, where would this be set up to run? In the tasks.cfg?
Correct. This is server-side and should work pretty much as a drop-in task. Take a look at how "xymond_client" is being run from there via xymond_channel and duplicate that section (changing the name of the header). (There are multiple ways to do this sort of thing, especially at scale, but this can get you started.) -jc
▸
On Sun, Jan 10, 2016 at 8:05 PM, J.C. Cleaver <user-87556346d4af@xymon.invalid> wrote:Glad it could help :) There should be a README-local file in the client home directory (or documentation directory, depending on what install method you used). By default, the client will look in $XYMONHOME/local/ for anything executable. If anything is found, it's run (xymonclient.sh:65) and the output is added to the client report near the end, under the heading "[local:<filename>]". This allows a server admin to easily add new things on a one-off basis. Xymon v4.4 will have a similar directory named /sections/ with does the same thing, except without the "local:" prefix on the output. (It's intended for packaged site or distro/vendor-specific scripts.) Ryan: Yes, this is one area where it definitely needs more highlighting. A lot of users miss that this happens, but it's really an invaluable resource for forensics. Remember, though, that this requires xymon to be running in server-config mode, not --local client mode. In --local client mode, this raw data never leaves the original box and so can't be saved. Regards, -jc On Sun, January 10, 2016 3:51 pm, David Boyer wrote:JC, Yes, it does! Thanks for the background.. I've written/modified several tests for my environment while we were still in the "big brother" era. I'm still learning the ins/outs of xymon. I'm intrigued by the use of the"local"directory on the clientside. Where might I find more information about using this feature. Dave On Sun, Jan 10, 2016 at 3:35 PM, Novosielski, Ryan <user-6e4f7a3bb37f@xymon.invalid> wrote:I just wanted to thank you, JC, for this information. I wanted to know whether it would be possible to check the kernel version back some time even though that is something I did not test. I figured the info might show something, but that isn't kept in history or anything. If I had realized that a client data snapshot is kept when the status changes, I would have had the answer (which I still need, so it's very helpful). ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Senior Technologist || \\ and Health | user-46c89e614701@xymon.invalid- 973/972.0922 (2x0922) || \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark `' On Jan 10, 2016, at 06:48, J.C. Cleaver <user-87556346d4af@xymon.invalid> wrote: Hi David, On Sat, January 9, 2016 3:15 pm, David Boyer wrote: I see that there is data in the client data that is not turned into columns? Can I turn this data into columns to report? I'm using xymon 4.3.20 on both the client/server. On linux, I see that this data is not turned into any columns: [who] [route] [netstat] [ifstat] Not that I'd use all of them, just wondering what the reasoning is behind it. This is correct. The client data is a full raw text of various bits of information that can be used to create status messages out of, but there isn't a mandated 1:1 correspondence between each section and each test. By keeping them independent (raw data and central processing), you have the flexibility to write up new tests based off of already-existing incoming data, and/or add new "raw" data without having a specific test in mind. For the 'who' data in particular, there's a sample processor in the source tarball that can demonstrate how easy it is to add simple new tests athttps://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.24/xymond/xymond_rootlogin.plYou can easily add new sections to the client data by adding files to a "/local/" directory on the client machine, or editing the xymonclient-${OS}.sh shell script by hand, and running any command that the unprivileged 'xymon' user can execute. What's the benefit to all this additional data if it's not used? Primarily forensics and triage. As the xymon(7) man page puts it: The Xymon user-interface is simple, but engineers will also find lots of relevant information. E.g. the data that clients report to Xymon contain the raw output from a number of system commands. That information is available directly in Xymon, so an administrator no longer needs to login to a server to get an overview of how it is behaving - the very commands they would normally run have already been performed, and the results are on-line in Xymon. https://www.xymon.com/help/manpages/man7/xymon.7.html This becomes even more relevant when you consider snapshoting. When a status goes "red", a snapshot of the client data at that time is kept. So if you went back later to try to figure out why (e.g.) CPU was rising, the output of the '[who]' section tells you who might have been doing something then, even if the data wasn't used for making a test out of at that time. Also, I notice that getting the data via xymondboard is not 100% either... [xymon at ztest bin]$ ./xymon 192.168.1.230 "clientlog yumlist section=who" *snip* As you can see below, requesting a status on all the tests, there is no "who" being reported. But just a moment ago, asking for just that data it works. [xymon at ztest bin]$ ./xymon 192.168.1.230 "xymondboard host=yumlist" *snip* Correct. The "clientlog" command retrieves the most recent raw client data, while the "xymondboard" command retrieves just the status messages (the tests that you see on the webpages). The "clientlog" column on the web page, much like the "info" and "trends" columns, isn't a real test... it's just present to provide easy access to the most recent data. You can also access it from the "Client data" link on the bottom of any of that host's status pages. Hope that helps! -jc