Log monitoring - logmond best practice
Table of contents
Description
The Log Monitor & Dispatcher, known as LOGMOND, is a special program which monitors a guest LOG file produced by Charon and executes a customized script when it detects removal of a license.
It runs in the background (as a program or as a service) and periodically scans a specified LOG file. When it detects a message with the code 0000002A or 00000351 ("Detected removal of a license"), it submits the nolicense.bat
procedure (this BAT file must be created manually).
The Log Monitor & Dispatcher service is installed as EmulatorLogMonitor
. By default it is installed in such a way that requires explicit actions to be started (either through a command line interface or using the standard ways of service management). For unattended execution, change the service’s configuration so that Windows starts the service automatically.
The tool requires a specific file "nolicense.bat
" containing some specific instructions to be taken in situation of license absence. It is recommended you create this file in the folder (presumably) containing the LOG file.
When it is invoked by the “Log Monitor & Dispatcher”, the current directory of the batch process is set to the same folder from which the “Log Monitor & Dispatcher” was previously installed as a service or from which it was started as a background process. This means that the user action file may, in principle, operate with relative paths and relocate (as part of the whole configuration, i.e. together with accompanying LOG file).
The Log Monitor utility will report an alert only when no more license is available. It cannot send an alert when 2 dongles were connected (the main one and a backup one for example) and one is disconnected
Recommendations
- Create a specific folder to hold the Charon configuration and log files, the
nolicense.bat
file and any specific action script you would add. - Use the rotating log files mechanism or use a single log file with "append" mode.
- Install your virtual machines as services (this is the default mode starting with Charon-AXP and Charon-VAX version 4.8), they will then be able to start when the Charon Windows server will boot. This will also allows you to install and start the Charon log monitor service, named "
EmulatorLogMonitor
": doing so you will not have to startlogmond
manually in interactive mode and newly added virtual machines services will be automatically taken into account
Notes
- The log monitor utility will detect the absence of the dongle only at a specified interval, called the license check interval and defined by the license. Its default is set to 1 hour. In case you need to perform tests, you can send us a fresh C2V file and ask for an update to reduce this interval.
. Once started the logmond utility will lock the virtual machine log file, you will not be able to move it, copy it or delete it. You will however be able to open it using the notepad utility or other log editors like
baretail
for example which will allow you to have a continuous view of the log with highlights (see: Charon Log files - Using baretail on Windows for syntax highlighting) orvim
(see: Charon Log files - Using vim for syntax highlighting on Linux and Windows)
.
Service setup example
Example below is based on a Charon-AXP V4.8 B18309 running on a Windows 2012 R2 server and emulating an AlphaServer DS20. All files (configuration, bin, rom and nolicense.bat
) are located in C:\Charon
, rotating log files are located in C:\Charon\logs
The configuration file is defined as follows:
Setup and start your virtual machine
- Start the "Charon Virtual Machines Manager"
- Create your virtual machine and start it
See Running and managing Charon-AXP for Windows or Running and managing Charon-VAX and Charon-PDP for Windows for details.
Install and start the log monitor service
First, prepare a
nolicense.bat
file. See NOLICENSE.BAT considerations chapter further for more information if needed.
The nolicense.bat
file has to be placed in the virtual machine "Home directory". To locate this "Home directory" open the "Charon Virtual Machines manager" utility, select the virtual machine and switch to the "VM Configuration" tab
Example:
.
The example below will append a line in a text file:.
.
- Install the log monitoring service and start it:These command lines must be executed as an administrator in order to manage the services
.
- Notes:
- The "
logmond -r
" command removes the service if any - The "
logmond -i
" command installs the service - The "
logmond -u
" command starts the service - The powershell commands shows 2 logmond processes, one scans for new services, the other is monitoring the log file of the current service (myds20)
- The
EmulatorLogMonitor
service running thelogmond
processes will discover already installed Charon virtual machines services. If a new virtual machine service is added, it's log file will be automatically discovered and monitored. - The logmond.exe file is located by default in the "
C:\Program Files\Charon\Build_18302\x64
" folder
.
- The "
- Remove the dongle to check if the
C:\Charon\logmond.log
file is created:
During the tests the license check interval was set to 5 minutes therefore, when the dongle is disconnected, a message is sent telling there are only 4 minutes remaining before the DS20 stops
.
Running the log monitor from the command line
The "logmond
" utility has several parameters available. Use the "logmond -h
" command to have a complete list.
Starting in background mode
In order to start the Log Monitor & Dispatcher as a background application:
- Open "cmd.exe" from the "Start" menu.
- Change current directory to the folder (presumably) containing the Charon configuration file.
Start the Log Monitor & Dispatcher using the following command line as an example:
For single log file:...> "
C:\Program Files\Charon\Build_18302\x64
\logmond" C:\my_Charon.logFor rotating log file:
...>
"
-l <log-directory> -p <log-prefix>C:\Program Files\Charon\Build_18302\x64
\logmond"where:
- <
log-directory
> is the directory where the rotating log files are stored - <
log-prefix
> is the same as the "configuration_name" value in corresponding Charon configuration file (or "hw_model", if "configuration_name" is not specified).
- <
Example:
|
To stop the Log Monitor & Dispatcher application, open the Task Manager, find the "logmond.exe
" process and terminate it.
Debugging
To diagnose LOGMOND using trace feature:
- Stop LOGMOND service using "
--stop
" (or "-d
" or "--down
"). This is not absolutely necessary though, as multiple running LOGMOND utilities do not affect each other. - Start "almost-as-a-service" LOGMOND with diagnostic trace using two command line switches: "
-e
" and "-t
". This starts master task of LOGMOND which enumerates all Charon services and for each of them invokes slave task of LOGMOND. The master task of LOGMOND looks for installing or removal Charon services.- When Charon service is installed, master creates new slave.
- When Charon service is removed, slave is terminated to. The slave task monitors LOG of particular Charon service.
-t
" switch enables trace windows, so you can see the process of monitoring. - To terminate "almost-as-a-service" LOGMOND master and all its slaves, bring focus to master's trace window, and press "
Ctrl-C
" ([X] button closes master task, but slaves continue to run unmastered).
The LOGMOND still supports backward compatibility mode, when it does NOT monitor ALL Charon services, but only monitors a particular folder or even a particular file. So, if you want to diagnose how it monitors a file, you can use the same "-t
" option:
C:\...>logmond.exe -t -l <path to Charon log file> |
If you want to diagnose monitoring rotating log:
C:\...>logmond.exe -t -l <path to Charon log directory> -p <log prefix> |
If you want to diagnose monitoring particular service:
C:\...>logmond.exe -t -s <service name> |
When you install LOGMOND to run as a service it implicitly runs with "-e
" option but without "-t
". Alternatively you may install LOGMOND as a service with explicitly specified name of log file (for backward compatibility)
You better use "-e
" together with "-t
" to diagnose monitoring Charon services. Unless you run instances with Launcher, in which case you will have to invoke LOGMOND with "-l
" with "-t
" options.
nolicense.bat considerations
LOGMOND always looks for nolicense.bat
in the current working directory. What is current working directory for LOGMOND depends on how it is invoked.
If you run LOGMOND with just path to log file, the LOGMOND inherits current working directory from command prompt it is invoked from. So, before you run LOGMOND this way, change prompt's working directory to where you keep your NOLICENSE.BAT file.
If you run LOGMOND with name of Charon service, the LOGMOND changes its current working directory to the Charon service's Home directory. So, keep the nolicense.bat
file in the service's home directory.
If you run LOGMOND with "-e
" option, each slave receives a particular name of Charon service, and therefore changes to the service's Home directory. So, keep the nolicense.bat
file in the service's home directory.
Stromasys highly recommends to use logmond as a service, installing it with the "-i
" option then starting it with "-u
".
Alerts customization examples
You will find below some examples of alerts that can be sent from the nolicense.bat
file
Reminder: Interactive applications are not allowed
Creating a Windows Event
powershell -command "New-Eventlog -Logname application -Source Charon -Erroraction silentlycontinue;Write-Eventlog -Logname application -Source Charon -Entrytype Error -Eventid 314 -Message 'Charon license dongle disconnected'"
It is recommended to use the powershell command to write events instead of the "eventcreate" command line as some other events are created with powershell scripts. Using the eventcreate command in this case will fail as the source, Charon, will not be accepted.
Example:
The "Event Id" can be set at your convenience. A valid ID is any number from 1 to 65535.
Sending an email via powershell
An alert email can be sent using the "Send-MailMessage
" powershell command however it is important to know no interactive command can be executed (for asking the sender's credentials for example).
You can either ask the nolicense.bat
file to invoke a powershell script or pass the commands from the command line
Examples below are given with Powershell V4.0 installed on a Windows 2012 R2 server, some commands may not be appropriate to your Windows distribution.
To determine which version of Powershell is installed and upgrade if necessary, see Powershell version, upgrade, enabling scripts execution, tips and tricks
To run PowerShell scripts (files that end with .ps1), you must first set the execution policy to Unrestricted (This operation has to be done once).
To do so, open a command line window (cmd.exe) as an Administrator and use the following command:
c:\Charon>powershell -command "Set-ExecutionPolicy Unrestricted"
The ExecutionPolicy can also be set to "RemoteSigned
". In this case the .ps1
script files will have to be unblocked as described below.
If you are still prompted to allow for execution of the script, please run the following command to unblock the .ps1
file you want to execute:
c:\Charon>powershell -command "Unblock-File -path c:\Charon\sendmail.ps1"
Example using an office365 account
Create a powershell script file, named sendmail.ps1
for example and located in "C:\Charon
" folder:
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" # Send the email send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -smtpserver smtp.office365.com -usessl -port 587 -delivery none
If you must specify multiple recipients, you can specify them using an array with comma separated fields.
Example1:
$To = @( "Kirk <Kirk@uss-enterprise.fed>", "Spock <spock@uss-enterprise.fed>"
)
Example2:
$To = @( "Kirk@uss-enterprise.fed", "Spock@uss-enterprise.fed", "McCoy
@uss-enterprise.fed"
)
Update the nolicense.bat
file as follows:
powershell -NonInteractive -File C:\Charon\sendmail.ps1
The problem here is the email account mentioned in the $Myemail
variable must be able to send anonymous emails otherwise the following error can occur:
"Client was not authenticated to send anonymous mail during MAIL FROM
"
If the account cannot send anonymous emails, you can perform an interactive test by asking for the credentials:
The "<monitoring-account>@<somewhere>" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" # The command below will open a window for you to store the password $Creds=(get-credential -credential "$From") # Send the email (credentials are then required each time) send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -smtpserver smtp.office365.com -usessl -port 587 -delivery none -credential $Creds
This method cannot be used when executed within a service due to the popup window that will be opened to ask for the email account password.
To be able to send an email, we can then store the credentials in an encrypted and protected file. This is done using the Export-CliXML
powershell command. As this file will be bound to the server where the command is issued and to the user account who created the file, we need to perform the operations as "system
" user account because this user is the one running the logmond
processes that will invoke the nolicense.bat
file.
It is necessary then to use psexec
from the Windows Sysinternals kit. It can be downloaded here: https://technet.microsoft.com/en-us/sysinternals/psexec.aspx
Once extracted from the zip file, to the "C:\Charon
" folder for example, run the following command from the command line running as Administrator:
C:\...> C:\Charon\psexec -i -s cmd.exe |
and generate the CliXML file as described below:
|
If it is no more needed, remove the "psexec.exe
" file.
If the sender's email address or its password has to be changed, the .clixml
file will have to be recreated.
Now update the powershell script as follows:
The "<monitoring-account>@<somewhere>" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" $Creds = Import-CliXml C:\Charon\creds.clixml send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -credential $Creds -smtpserver smtp.office365.com -usessl -port 587 -delivery none
Once updated, the script will only work when executed by the "system
" account and on the server where the Export-CliXML
powershell command was issued.
Example using a gmail account
To send an email using a gmail account, perform the same operations as described in the Example using an office365 account chapter above and replace the smtpserver
value by smtp.gmail.com
as shown below:
The "<monitoring-account>@gmail.com" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@gmail.com" $To = "<someone>@<somewhere>" $Creds = Import-CliXml C:\Charon\creds.clixml send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -credential $Creds -smtpserver smtp.gmail.com -usessl -port 587 -delivery none
Only the smtpserver
value must be changed
Google may block sign-in attempts when using powershell and send-mailmessage. In this case the sender will receive a "Sign in attempt prevented" alert email. To allow emails to be sent:
- Create a dedicated gmail account
Allow less secure apps to access your account. See this article: https://support.google.com/accounts/answer/6010255?hl=en
Related articles
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.