Techno Ladder: 2025-03-02

Scraping Xymon for Timestamp & Specific Keywords and Sending Logs to Splunk

1. Install Required Python Libraries

pip install requests beautifulsoup4 splunk-sdk

2. Python Script to Extract Timestamp & File Names and Send to Splunk

import requests

from bs4 import BeautifulSoup

import json

import splunklib.client as client

import splunklib.helpers as helpers

import logging

import re

# Setup logging

logging.basicConfig(filename="xymon_scraper.log", level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")

# Xymon Web Interface URL

XYMON_URL = "http://<xymon-server>/xymon-cgi/bb-hostsvc.sh?HOST=all"

# Xymon Authentication (if required)

XYMON_USERNAME = "your_xymon_user"

XYMON_PASSWORD = "your_xymon_password"

# Splunk Credentials

SPLUNK_HOST = "your-splunk-server"

SPLUNK_PORT = 8089

SPLUNK_USERNAME = "admin"

SPLUNK_PASSWORD = "yourpassword"

SPLUNK_INDEX = "xymon_logs"

# Define filename pattern to extract (modify as needed)

FILENAME_PATTERN = r"([a-zA-Z0-9_-]+\.log)"

# Function to fetch Xymon data

def fetch_xymon_data():

try:

session = requests.Session()

auth = (XYMON_USERNAME, XYMON_PASSWORD) if XYMON_USERNAME else None

response = session.get(XYMON_URL, auth=auth, timeout=10)

if response.status_code == 200:

logging.info("Successfully fetched Xymon data")

return response.text, response.headers.get("Date")

else:

logging.error(f"Failed to fetch Xymon data. Status code: {response.status_code}")

return None, None

except Exception as e:

logging.error(f"Error fetching Xymon data: {str(e)}")

return None, None

# Function to extract timestamps & specific filenames from Xymon

def parse_xymon_data(html_data, timestamp):

soup = BeautifulSoup(html_data, "html.parser")

logs = []

for link in soup.find_all("a"):

service_text = link.text.strip()

# Extract file names based on pattern

filename_match = re.search(FILENAME_PATTERN, service_text)

if filename_match:

log_entry = {

"filename": filename_match.group(0),

"timestamp": timestamp

}

logs.append(log_entry)

logging.info(f"Extracted {len(logs)} logs with filenames from Xymon")

return logs

# Function to send logs to Splunk

def send_to_splunk(logs):

try:

service = client.connect(

host=SPLUNK_HOST,

port=SPLUNK_PORT,

username=SPLUNK_USERNAME,

password=SPLUNK_PASSWORD

)

for log in logs:

event = json.dumps(log)

helpers.send_data(service, event, host=SPLUNK_HOST, index=SPLUNK_INDEX)

logging.info(f"Successfully sent {len(logs)} logs to Splunk")

except Exception as e:

logging.error(f"Error sending logs to Splunk: {str(e)}")

# Main function

def main():

html_data, timestamp = fetch_xymon_data()

if html_data and timestamp:

logs = parse_xymon_data(html_data, timestamp)

if logs:

send_to_splunk(logs)

else:

logging.warning("No relevant logs extracted from Xymon")

else:

logging.warning("No data fetched from Xymon")

if __name__ == "__main__":

main()

Big Brother Server in the context of xymon

In the context of the Xymon monitoring tool, the Big Brother Server refers to the central monitoring server that collects and displays status updates from monitored systems. Xymon itself is a fork of the Big Brother monitoring system, which was one of the earliest network and system monitoring tools.

Role of the Big Brother Server in Xymon

1. Data Collection:

The server receives health and performance data from Xymon clients installed on different machines.

2. Status Processing:

It processes incoming status messages and logs events for alerting or reporting.

3. Web-Based Dashboard:

It provides a web-based interface displaying real-time system statuses using color-coded indicators (green, yellow, red, etc.).

4. Alerting System:

It can send notifications via email, SMS, or other methods when a system is experiencing issues.

5. Historical Data & Trends:

The Big Brother server stores historical data to analyze trends and detect anomalies.

Connection to Big Brother (BB) Tool

Xymon evolved from the Big Brother monitoring system, which had a similar architecture. The term Big Brother Server was used in Big Brother and carried over to Xymon to describe the central server managing the monitoring process.

Xymon Monitoring System - Overview & Setup Guide

1. Understanding Xymon Architecture

Xymon consists of three main components:

1. Xymon Server (Big Brother Server) – The central monitoring system that collects and displays data.

2. Xymon Clients – Agents installed on monitored machines to send health and performance data.

3. Web Interface – A dashboard that provides a color-coded status overview.

2. Setting Up Xymon

A. Install Xymon Server (on Linux)

1. Update System Packages

sudo apt update && sudo apt upgrade -y # For Debian/Ubuntu

sudo yum update -y # For RHEL/CentOS

2. Install Required Dependencies

sudo apt install -y xymon apache2 rrdtool librrd-dev libpcre3-dev libssl-dev

3. Download and Install Xymon

wget https://sourceforge.net/projects/xymon/files/latest/download -O xymon.tar.gz

tar -xzf xymon.tar.gz

cd xymon-*

./configure --prefix=/opt/xymon

make && sudo make install

4. Start Xymon Server

sudo /opt/xymon/server/bin/xymon.sh start

5. Access Web Dashboard

Open a browser and go to http://<server-ip>/xymon

B. Install Xymon Client (on Monitored Machines)

1. Install Required Packages

sudo apt install -y xymon-client

2. Configure Client to Send Data to Xymon Server

Edit the configuration file:

sudo nano /etc/default/xymon-client

Set the XYMONSERVERS variable to point to the Xymon server’s IP:

XYMONSERVERS="192.168.1.100"

3. Restart the Client

sudo systemctl restart xymon-client

3. Understanding the Web Dashboard

Green = OK

Yellow = Warning

Red = Critical

Blue = Test disabled

Purple = No report received

Tuesday, March 4, 2025

Scraping Xymon for Timestamp & Specific Keywords and Sending Logs to Splunk

Big Brother Server in the context of xymon

Xymon Monitoring System - Overview & Setup Guide