Re: Some questions about SYSMON

From: Jared Mauch (
Date: Thu May 10 2001 - 11:29:01 EDT

On Thu, May 10, 2001 at 03:46:28PM +0200, Jeroen Heijungs wrote:
> Hello,
> I am fairly new to Sysmon, and I very content with it,
> but I have a few questions, and a few comments:
> - I could not find anything about a history file, it is not possible to
> build one?
> would like to be able to tell people (next day or week) that between ..
> and ..
> the device was down, or was up

        There is some logging that gets written to syslog. It can also
be directed to a file. It's more human parsable than machine parsable.

        I'm trying to come up with how to create a machine parsable file
that would be useful.

> - dependency, I would like to have an OR dependency:
> device A must be polled only if device B OR device C is running or both
> at the moment it is a AND dependency (is it?)

        I'll have to think about this.

> - what exactly means the column "Last Outage"
> it looks like the time elapsed since last time device came up
> is it not better to have the time elapsed since device went down?
> - what exactly means the column "Count"
> it is not incremented after every polling round
> but when is it then?

        The "count" is the number of times it's been detected as
down. it does not increment for each check that it is "up".

> - in the column "Notified" it says YES, but there is no mail sent
> because I have it not yet configured. Does this column say
> YES when it has reached the value of "numfailures"?


> - what is the calculation made for the "Uptime" column?

        it's a percentage based on number of times the device is
checked and the number of times it was up vs down.

        a device that has been checked 100 times and was down for
one of those checks would have an uptime of 99%.

> - what is exactly the text in the column "Status", so far I have seen:
> up, down, conn timed out, not pingable. What is the difference?

        You describe a hostname/ip and this describes the result of the
test. If the object is unpingable it has not responded to ping. If
it reports "conn timed out" (aka connection timed out), it was unable
to connect to the tcp/udp port specified and the remote system did not

> - I have changed the colors, but whatever I enter as the value for
> upcolor, recentcolor or downcolor I always get an error message:
> "sysmond in free(): warning: junk pointer, too low to make sense"
> but the colors are there as I want them.

        Hmm.. this sounds like a pointer bug that I need to work

> - I have one device which is always UP (Hub) and it is also reported
> UP by sysmon (green, 100%), but in the column "Time failed" there
> is a time recorded, how is that possible?

        I believe that is the first time it was checked.. or the time
that you restarted sysmond.

        - Jared

Jared Mauch  | pgp key available via finger from
clue++;      |  My statements are only mine.

From jared@puck.nethu§┼;etReceived: (from jared@localhost) by (8.11.1/8.9.3) id f4GMC7t32208 for sysmonu§┼;p@localhost1/8.9.3) iI (envelope-from jared) Resent-Message-Id: <200105162212.f4GMC7t32208@pucku§┼;heReceived: (from slist@localhost) by (8.11.1/8.9.3) id f4GLDWw31334 for jared; Wed, 16 May 2001 17u§┼;32 (envelope-from Date: Wed, 16 May 2001 17:13:32 -0400 X-From_: Isaac@cometsystu§┼;coReceived: from someone claiming to be ( [u§┼;17 by (8.11.1/8.9.3) with SMTP id f4GLDVK31320 for <>; Wed, 16 May 20u§┼;7: (envelope-from Received-Date: Wed, 16 May 2001 17:13:32 -0400 Received: (qmail 28431 u§┼;keReceived: from unknown (HELO ( by tu§┼;iaReceived: by hale-bopp with Internet Mail Service (5.5.2653.19) u§┼;LBMessage-ID: <EA466191D9C8D31195AC00E0291432C60194DB38@hale-bopp> From: Isaac Chenu§┼;aaTo: "''" <> Subject: Parse tree too big Old-Dateu§┼;d,MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; chau§┼;="X-Diagnostic: Not on the accept list X-Envelope-To: sysmon-help Resent-From: Resent-Dateu§┼;d,Resent-To:


When I was compiling sysmon 0.91 on solaris 8, I gu§┼;/u"parser.l":line 1476: Error: Parse tree too big Try using %e num *** Error code 1 mu§┼; F

According to lex(1), default number of parse tree nodes is 1000.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:14:07 EDT