nv-l
[Top] [All Lists]

Re: [nv-l] ? about monitoring event logs on Windows 200x

To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] ? about monitoring event logs on Windows 200x
From: Jane Curry <jane.curry@skills-1st.co.uk>
Date: Thu, 28 Jul 2005 20:09:31 +0100
Delivery-date: Thu, 28 Jul 2005 20:10:24 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <OF733FAA62.6DE87E5B-ON8525704A.004F5907-8525704A.005076AC@us.ibm.com>
References: <OF733FAA62.6DE87E5B-ON8525704A.004F5907-8525704A.005076AC@us.ibm.com>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
User-agent: Mozilla Thunderbird 0.5 (X11/20040208)
This is getting a little off the original topic, but I have used servmon successfully to monitor by means other than port sniffing.

Don't forget that servmon can either be told to "sniff" a port or ports, OR, you can provide him with a script that discovers a "service" and a script that does status checking on a "service". So, if you are trying to detect whether application xyz exists and is running, you can write a script that does something like: ps -ef | grep xyz | grep -v grep (the grep -v grep just avoids getting a match for your grep process).

So far, so good - but the glitch is that the discovery and status scripts that servmon runs, run on the NetView server itself, not on boxes out in the network.

The solution I built was based on the fact that the boxes to be monitored for the xyz process, had ssh installed and setup, as did the NetView system. I created a userid on the systems, called servmon, and made sure that ssh worked between the NetView system and my target systems. Then, the script that servmon runs is similar to my one-liner above but you run it as a parameter to ssh. Here's my sample code (I will put it on the NetView TUG site):

#!/bin/bash
# Script to be run from servmon to check for a particular process
# Script uses ssh to check remote systems - it is assumed that ssh works
#
# The first parameter should be node to check for a particular process
# The second parameter is the process to check for
#
# Return codes are 2 = Normal  4 = Critical  0 = test cannot be run
#
#set -x
#echo start `date` >> /tmp/set
#set >> /tmp/set

RET_CODE=4
USERID="servmon"
HOST="$1"
PROCESS="$2"
COMMAND="ps -ef | grep $PROCESS | grep -v grep"

# Parameters for ssh command - -f puts ssh in background; -n redirects stdin from /dev/null #echo "/usr/bin/ssh -f -n -F /home/$USERID/.ssh/config -i /home/$USERID/.ssh/identity -i #/home/$USERID/.ssh/id_rsa -i /home/$USERID/.ssh/id_dsa $USERID@$HOST $COMMAND" >> /tmp/set

# Note next 2 lines should be all on one line
RESULT=`/usr/bin/ssh -f -n -F /home/$USERID/.ssh/config -i /home/$USERID/.ssh/identity -i /home/$USERID/.ssh/id_rsa -i /home/$USERID/.ssh/id_dsa $USERID@$HOST $COMMAND`

#echo result is $RESULT >> /tmp/set

if [ "$RESULT" = "" ]
then echo $RESULT; exit 4
else echo $RESULT; exit 2
fi

The hard part is ensuring your ssh is good. Once that works, the rest is a doddle. Of cource, if you are not so security conscious, you might just use rexec if you have that, rather than ssh.
Cheers,
Jane


J Shanks wrote:

I believe that eventwin is only supported on Windows 2000 Server  and
Windows 2000 Advanced Server.  I don't think workstations are supported.

From :  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318464

It certainly is not installed on my XP Pro Workstation by default.


As for Glen's question about how to monitor a service that doesn't listen
to a port, I'm completely  baffled.
If you take a look at /usr/OV/conf/servmon.conf you'll see why I'm asking.
servmon is all about  trying to connect to a designated port on a remote
box to find out whether there is anything listening on it.  That's port
sniffing, which is how an outside agent would determine that box such-and
such has something running on it which is listening on that port.  I don't
have any idea how an external agent would determine that a service which
did not use a port was active, unless there is a MIB you could query, such
as the HOST-RESOURCES MIB or something more vendor-specific.  In fact, I
don't even understand what kind  of a service that would be exactly.  How
would another user access it if not by port?

So far as I can see if it doesn't use a port, then you cannot use servmon
to monitor it, and you would need some other tool running on the box to do
it for you, which might very well mean that you cannot do it  without
purchasing additional software.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group



--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2005 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights 
reserved.


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web