[Top] [All Lists]

RE: [nv-l] ? about monitoring event logs on Windows 200x

To: <nv-l@lists.us.ibm.com>
Subject: RE: [nv-l] ? about monitoring event logs on Windows 200x
From: "John Sobrinho" <john_sobrinho@sympatico.ca>
Date: Thu, 28 Jul 2005 19:46:37 -0400
Delivery-date: Fri, 29 Jul 2005 00:47:17 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Importance: Normal
In-reply-to: <42E92D6B.9080508@skills-1st.co.uk>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
I realize this is a non netview solution but as an alternative suggestion is
to use TecWin adapter to scrape the NTEVENT log, and post the message to
TEC. This bypasses netview polling and provides a close to real time alert,
and less burden on the netview server.


-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]On
Behalf Of Jane Curry
Sent: Thursday, July 28, 2005 3:10 PM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] ? about monitoring event logs on Windows 200x

This is getting a little off the original topic, but I have used servmon
successfully to monitor by means other than port sniffing.

Don't forget that servmon can either be told to "sniff" a port or ports,
OR, you can provide him with a script that discovers a "service" and a
script that does status checking on a "service".  So, if you are trying
to detect whether application xyz exists and is running, you can write a
script that does something like:
  ps -ef | grep xyz | grep -v grep                  (the grep -v grep
just avoids getting a match for your grep process).

So far, so good - but the glitch is that the discovery and status
scripts that servmon runs, run on the NetView server itself, not on
boxes out in the network.

The solution I built was based on the fact that the boxes to be
monitored for the xyz process, had ssh installed and setup, as did the
NetView system.  I created a userid on the systems, called servmon, and
made sure that ssh worked between the NetView system and my target
systems.  Then, the script that servmon runs is similar to my one-liner
above but you run it as a parameter to ssh.  Here's my sample code (I
will put it on the NetView TUG site):

# Script to be run from servmon to check for a particular process
# Script uses ssh to check remote systems - it is assumed that ssh works
# The first parameter should be node to check for a particular process
# The second parameter is the process to check for
# Return codes are 2 = Normal  4 = Critical  0 = test cannot be run
#set -x
#echo start `date` >> /tmp/set
#set >> /tmp/set

COMMAND="ps -ef | grep $PROCESS | grep -v grep"

# Parameters for ssh command - -f puts ssh in background; -n redirects
stdin from /dev/null
#echo "/usr/bin/ssh -f -n -F /home/$USERID/.ssh/config -i
/home/$USERID/.ssh/identity -i #/home/$USERID/.ssh/id_rsa -i
/home/$USERID/.ssh/id_dsa $USERID@$HOST $COMMAND" >> /tmp/set

# Note next 2 lines should be all on one line
RESULT=`/usr/bin/ssh -f -n -F /home/$USERID/.ssh/config -i
/home/$USERID/.ssh/identity -i /home/$USERID/.ssh/id_rsa -i
/home/$USERID/.ssh/id_dsa $USERID@$HOST $COMMAND`

#echo result is $RESULT >> /tmp/set

if [ "$RESULT" = "" ]
then echo $RESULT; exit 4
else echo $RESULT; exit 2

The hard part is ensuring your ssh is good.  Once that works, the rest
is a doddle.  Of cource, if you are not so security conscious, you might
just use rexec if you have that, rather than ssh.


J Shanks wrote:

>I believe that eventwin is only supported on Windows 2000 Server  and
>Windows 2000 Advanced Server.  I don't think workstations are supported.
>From :  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318464
>It certainly is not installed on my XP Pro Workstation by default.
>As for Glen's question about how to monitor a service that doesn't listen
>to a port, I'm completely  baffled.
>If you take a look at /usr/OV/conf/servmon.conf you'll see why I'm asking.
>servmon is all about  trying to connect to a designated port on a remote
>box to find out whether there is anything listening on it.  That's port
>sniffing, which is how an outside agent would determine that box such-and
>such has something running on it which is listening on that port.  I don't
>have any idea how an external agent would determine that a service which
>did not use a port was active, unless there is a MIB you could query, such
>as the HOST-RESOURCES MIB or something more vendor-specific.  In fact, I
>don't even understand what kind  of a service that would be exactly.  How
>would another user access it if not by port?
>So far as I can see if it doesn't use a port, then you cannot use servmon
>to monitor it, and you would need some other tool running on the box to do
>it for you, which might very well mean that you cannot do it  without
>purchasing additional software.
>James Shanks
>Level 3 Support  for Tivoli NetView for UNIX and Windows
>Tivoli Software / IBM Software Group

Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2005 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 7/28/2005

No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 7/28/2005

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web