 Vladislavs Tatarincevs | Vladislav Tatarincev 15 April 2026 09:06:36We all know that Domino run our business. Each customer may have many Domino applications, each of these applications can have multiple agents, that does some automation. Import of document, API calls, reminders, notification, document update and data synchronization. Question is how to monitor them? Definitely not with Print "We have a problem. Exit. " in Domino server console. CYMON monitoring https://cyone.eu/CYMON has a Notes Integration Database, "statistic Publisher" that allows any Notes application to create a custom statistic. With 1(!!!) one line of LotusScript , we can create statistic and publish particular application information, number of records imported/exported. We can monitor if agents has started and has finished with no ErrorHandler involved. Even more we can see how number of documents impact View Response time for Notes users. And of course this is not only for Notes, it is for Web as well. As result, we can monitor Domino Application response time for users, SaveConflicts, or any other problematic things, but also agents that started, but not finished after 30 min (while normal run time is 5min). For example, Requests arrive , but for more than 1 hour they stay in status "New" and not assigned, not processed by anyone. We also can see how Application response time grows depending on number of documents in view. If we do Application Performance tuning, then we can see if this improved response time. These numbers allow us also to create a triggers, IF there is no new documents imported during last X hours during working hours, then may be we need to check source system, or if agent is properly signed. Early problem detection is very important and cheaper, than solving issues after 1 month. Monitoring has another very important side benefit - it allows junior admins/developers, to solve Expert level issues, detect immediately issues, thus avoid business disruption. Also onboarding of new admin, turn Domino from large black box, into transparent and monitored system. During ENGAGE conference you can get practical knowledge of CYMON, Workshop will be focused on practical knowledge of creating new items, triggers, grafana dashboards. It will be fun! sign here. Dont forget to register, number of space is limited Developers and Admins are expected. https://engage.ug/volt-apps/anon/org/app/ebf4b1f2-dc03-4477-84b0-1ec6c4983577/launch/index.html?form=F_RegistrationWorkshop And most important, CYMON has not only commercial license but free license also, that does security alerting, Mail Monitoring, Domino Directory monitoring. Upcoming version much more including Sametime Advanced monitoring.
More information about CYMON Domino/Sametime/Monitoring here https://cyone.eu/CYMON    Built on top of ZABBIX. 
Vladislav Tatarincev 14 April 2026 11:24:45On the first day of Engage (workshop day), You can participate in practical Domino monitoring workshop. You will learn how to monitor agents, interfaces, Domino applications and of course HCL Domino platform.
This allows to find problems in seconds, and turn from firefighter mode to relaxed and planned administration.
Limited number of seats available, book your seat today. See You soon, Join workshop and get knowledge how to automate and ease your Domino Administration.
Dont forget to register. https://engage.ug/volt-apps/anon/org/app/ebf4b1f2-dc03-4477-84b0-1ec6c4983577/launch/index.html?form=F_RegistrationWorkshop
 +  😍🆒 Vladislav Tatarincev 8 April 2026 09:01:20When you see something like CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N in an HCL Domino security bulletin, don’t treat it like random cryptic text. It’s actually a compact way to answer two very important questions: 1. How can the vulnerability be exploited? 2. What damage can it cause? This specific vector means: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N AV:N — attackable over the network AC:L — low complexity, not hard to exploit AT:P — some additional conditions must exist PR:N — no privileges required UI:N — no user action required VC:N / VI:N — no impact on confidentiality or integrity VA:H — high impact on availability SC:N / SI:N / SA:N — no impact on connected downstream systems In plain English: This looks like a vulnerability that can be triggered remotely, without login, and without user interaction. That already deserves attention.The main risk here is not data theft or data manipulation — the real danger is service disruption. Quick CVSS v4 cheat sheet AV — Attack Vector N = Network A = Adjacent L = Local P = Physical AC — Attack Complexity L = Low H = High AT — Attack Requirements N = None P = Present PR — Privileges Required N = None L = Low H = High UI — User Interaction N = None P = Passive A = Active VC / VI / VA Impact on the vulnerable system: Confidentiality Integrity Availability Values: N = None L = Low H = High SC / SI / SA Impact on subsequent systems: Confidentiality Integrity Availability Lesson learned for Domino people: If you see AV:N + PR:N + UI:N, pay attention immediately.
For any Sametime,Domino, Connections environment, that usually means a potentially dangerous remote scenario — especially if the server is exposed or business-critical, UI:N says that user even not involved, should not click some bad link. Security bulletins are not just for security teams. Admins should be able to read the vector and instantly understand the risk.
Get a free account on HCL Support, subscribe to products you use: https://support.hcl-software.com/community?id=community_forum&sys_id=038a2b921b7bb34c77761fc58d4bcb0d get alerts from HCL or from our Monitoring solution. See my previous post about CYMON. Vladislav Tatarincev 7 April 2026 15:52:10HCL has an official security channel where it regularly publishes security bulletins, vulnerability information, product advisories, and critical alerts. The information is there https://support.hcl-software.com/community?id=community_forum&sys_id=038a2b921b7bb34c77761fc58d4bcb0d . The problem is that too few people actually see it in time.
Even important HCL security content often gets very limited attention, despite the fact that it can affect production environments directly.
And that is the real risk. Because in security, “published” does not mean “noticed.” And “noticed later” can already be too late. We have seen this before. A serious issue like the December 13 Domino mail-routing defect was exactly the kind of problem that should trigger an immediate response, not wait until the next working morning. HCL published a critical alert for it, but if your team depends on someone manually checking portals, blogs, or vendor pages, there is always a delay.
Another story, that HCL or Partners might not have all admin contact information, because sometimes these are procurement emails , not real admin emails.
Now add one more reality: attackers move fast. Very fast. Recent threat intelligence shows that the time between public disclosure and active exploitation has collapsed from weeks to days, and in some cases threat actors weaponize newly disclosed vulnerabilities almost immediately. Just recently after CVE was published on another vendor software, after 10 minutes hackers tried to use this vulnerability. 10 minutes only!
That is why staying informed manually is no longer enough.
How do you stay up to date without living on vendor portals?
One practical answer is CYMON monitoring https://cyone.eu/CYMON . Instead of hoping that someone will notice a new HCL bulletin, a new critical fix, or a newly disclosed vulnerability, CYMON can notify you immediately. Not just during office hours, but also outside the working day, when many of the most unpleasant surprises actually happen.
CYMON can send alerts by:
* Emails and SMS
* HCL Sametime chat,
* and, if needed, other channels such as Teams, TelegramWhile Teams is possible, HCL environments which may be air-gapped, Sametime is often the better place: faster, closer to operations, and more natural for the people who actually support the platform, and no information leaves your network perimeter.
Why this matters in real life. A good monitoring system should not just tell you that “something was published.”
It should help you answer the operational questions:
* Does this affect us?
* Which product or version is involved?
* Is this just informational, or does it require action now?
* Do we need to patch, restart, investigate, or escalate?
CYMON helps close that gap. It can also show you which versions the vendor has released and which versions you are actually running, making it much easier to understand exposure and prioritise action.
So instead of scattered manual checks, low-visibility vendor posts, and delayed reactions, you get an operational flow:
the right information reaches the right people at the right time.
Monitoring is not about dashboards. It is about reaction time. It also brings valuable information to make right decisions.
Security bulletins with low view counts are a warning sign by themselves. Not because the information is unavailable, but because too many teams still rely on chance.
CYMON turns passive information into active notification.
That means:
* no waiting until someone checks the site
* no dependence on memory
* no “we saw it the next day,”
* and no silence just because the issue appeared after business hours.When the next critical bulletin, vulnerability, or vendor alert appears, the goal is simple: you should know immediately.
Want to see how this works in practice?
If you want to stay aware of HCL security news, critical bugs, version changes, and emerging risks without manually checking vendor portals every day, CYMON is worth trying.
Because in security, the most dangerous update is not the one that was published.
It is the one you saw too late. CYMON Monitoring homepage is here https://cyone.eu/CYMON
Screens below are from upcoming version, that we will show at Engage. Welcome to our CYMON Workshop at Engage https://engage.ug/pages/sessionagenda2026
 Real time alerting
 List of security issues
 Vladislav Tatarincev 19 March 2026 09:26:33 Hi, Domino / Notes 14.5.1 is available for Download from My HCL site. https://my.hcltechsw.com/downloads/domino/domino/14.5.1  Vladislav Tatarincev 2 March 2026 12:22:38
While ago I came across Daniel Nashed Blog post about Domino Backup central Logging. https://blog.nashcom.de/nashcomblog.nsf/dx/domino-backup-notifications-and-central-logging.htm?opendocument
Domino backup has smart design, and Domino Backup reports errors to specific Domino document as well as every databases has date and time of last backup.
Can we monitor these errors? Of course we can and should monitor these errors when they appear.
Is monitoring only errors is sufficient to monitor? Errors in Domino Backup logs is one part of story, but if the databases has been really copied by backup, that is another story.
CYONE CYMON monitoring can monitor not only Domino platform but also any Domino application. Since filename of Domino backup is know "dominobackup.nsf" I created 3 checks for monitoring.
First check we will read how many databases are in Domino backup inventory. For that we will use simple
Select Form="DatabaseBackup" formula. This will return number of databases. CYMON understands same syntax as Domino Designer.
Second check will be a bit more advanced, it will show us number of databases, that has been backuped last 24 hours.
Everytime Domino dabase is under backup with Domino Backup process, it updates LastBackupTime.
This allows us to create @Formula, that can track if this value in not too old, not more than 24h. Non of us, when we need a backup, would like to realise that they took place last time year ago.
CYMON monitoring uses OpenSource ZABBIX, so many of you are familiar with Interface. CYMON is basically a small Notes client that any monitoring can talk to over HTTP. Give me this statistic, or give me this formula.
When everything works, number databases on server(total), and databases in backup should be same. Numbers should match.
If they differ for 1% this should be investigated, if more than X something is not good.
3rd Check.
And one more, we need to analyse if there are errors in Domino backup log files.
In CYMON www.cyone.eu/CYMON there are close to 1000 checks and these checks and charts are split across different dashboards, like Performance, Users, Traveler, Security, Mail, Databases, HTTP and others.
In "04.Databases and Space" Grafana dashboard there is now new backup charts. Since backups occur once per day, it is normal to check this information also once per day, for example 6am, so the load on server will be minimal.
Again, since CYMON acts as a Notes client, so nothing need to be installed on top of Domino server. This gives ability to monitor Domino on any existing supported platform (Linux, Windows, AIX, AS400).
On top of 3 statistics that we created (Total, NumberBackupedLast24H, and ErrorsCount) we should create a trigger, that will alert admin. But this is another story. Trigger can be different, If there are Errors in Logs >0, or if number databases on server, does not match number in backup.
With these simple but efficient @Formulas we can detect issues in system databases like backup. Same approach can be used for any other business applications. For example, New claim from customer older than 1 hour and not assigned to anyone.
CYMON Domino monitoring turns thousands of statistics in valuable information, and Alert when needed. There is no sense to check it manually on server by human. In average Domino has 6000 statistics that change every moment, this will give us 8 millions statistics per day.
This is why it make sense to automate key statistic monitoring with CYMON.
Domino run your business, with same approach like we check backup, we can check logs of synchronisation agents or any other integrations.
CYMON is docker based, requires a Linux machine and initial setup is around 10 min. Free and commercial Versions are available https://www.cyone.eu/CYMON/
 Vladislav Tatarincev 10 April 2025 15:44:07 If you are using Domino Managed Replica, you should be aware, that HCL Notes clients are impacted by 13 Dec bug. HCL Clients start to pull whole mailfile again and again. Which in my case was several terrabytes of data. But since I use CYMON monitoring I was able to notice this anomaly quite fast. CYMON info is here, probably the best monitoring for HCL Domino. https://www.cyone.eu/CYMON HCL Notes fix exists for Notes 14. While version 12 is also affected. HCL Technote attached: Mail Managed replica (MMR) are replicating mails from the beginning of the documents https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118714 Safe administration and have a good monitoring tool always at your service. V. Vladislav Tatarincev 13 November 2024 08:51:37
Domino products offer a wealth of statistical data that play a crucial role in predicting and preventing issues in production environments. As a mature product, Domino has been delivering these valuable insights for many years, helping to maintain high-quality service for clients.
What Do These Statistics Tell Us?
Looking at the code 200 histogram, we see that 96% of requests are fulfilled in under 2 seconds, with the majority processed in under 1 second. But what does this mean for our server's current state?
Without knowing the uptime—whether it's been 10 minutes or 2 weeks—this data is limited.
High response times could have occurred just now, or they might be skewed by a user with slow internet in a remote location week ago.
How Do We Know if the Server is Healthy Right Now?
Simply waiting and watching isn’t effective. We need a “wait and compare” approach. For example, in the image, only the 000-001 statistic has increased, giving us confidence that response times are stable. However, manually checking for changes isn’t practical.
This is Where CYMON from CYONE Steps In!
CYMON www.cyone.eu/cymon simplifies monitoring by automatically calculating deltas over time, showing trends without the need for manual comparison. This dynamic view of server health makes it easy to spot issues immediately.
CYMON monitoring has also alerting on SMS, Telegram, email or even MS Teams(Forgive me). Based on Zabbix www.zabbix.com CYMON can be installed under <5 min. Providing valuable insights immediately.
Isn’t that great? There are more than 1000 important statistics checked in realtime, calculating right values for you. CYMON can monitor also NSF applications, View Open Times,
This one histogram is top of the iceberg. It is important to monitor also histogram how quickly Traveler connects to Mail server. To Database where all subscriptions are stored. Also
Do I need to defragment my Database (Derby). If you are in HADR mode, then it is even more interesting.
For example MySQL be default has only 151 Connections that are allowed. If you run 8 or more HTMO/Traveler servers you will hit this limit.
In CYMON we see immediately how quickly we can connect to MySQL (1), how much time it takes to lookup users subscribed folders/last sync times (2). On PieChart 2 we see 100% is done under 1 second.
This will tell you instantly if RDBMS is a bottle neck. No it is not, all times are perfect. Of course now we see nice picture, while CYMON will highlight you dirty place and make your Domino SHINE!
Everything synchronised under 1 second. We also see (2) instruction what to do if Bad buckets will grow (like 005-10, or slowed buckets).
And finally we see also what type of problem we got so far during server uptime(3).
If you find this interesting in more please comment, I have a lot of cool stuff about Traveler and Domino monitoring as such.
P.S. Thank you Martin from (http://www.sidra400.com), fixed CSS, it is better now. |
|