On 10/16/23 7:08?PM, Jeremy Laidman wrote:
Hi Grant
Hi Jeremy,
The xymonnet process needs to be able to send probe packets (eg ping, web requests, and whatever you're trying to monitor) to the clients. If the firewall is blocking the probe traffic, then it's not going to work.
ACK
The xymon proxy only proxies xymon messages, such as the ones sent by the xymonnet process to the xymond process when reporting the status of the probes (success or failure, and round-trip times).
That's what I've deduced. I'm hoping this (new) thread helps confirm or clarify my deductions.
It seems to me that you need a xymonnet process running on the client side of the firewall. For example, if you can run xymonnet on one of the clients, then the firewall only needs to allow xymon traffic from the client to the Xymon server,?so that xymonnet can report the status of its probes.
ACK
The scenario that I'm working with can be described as a primary Xymon (display) server in one network with a small lab network behind a NATing / SPI firewall. Clients on the inside side / opposite of the Xymon server are free to send outgoing packets. It's just that xymonnet running on the Xymon server can't send probes into the clients.
You can run xymonnet stand-alone, and set environment variables to tell it where to send its messages. If you already have a xymon client installed on the client host, you can execute xymonnet from clientlaunch.cfg and it should then know where to send packets due to the environment that is setup.
Oh! This is promising.
I misinterpreted comments in the tasks.cfg file to mean that xymonnet depended on xymond. Now it sounds like xymonnet can be satisified by the xymon client.
Running xymonproxy + xymonnet + xymonclient on a system inside of the firewall might do what I'm wanting to do.
The only thing I'm not certain of, is how xymonnet knows which hosts to probe and what probes to send to them. When xymonnet is running on the Xymon server, it has access to the hosts.cfg file that's there. When running elsewhere, I'm not sure. I know that there's a way to fetch the hosts.cfg contents using xymon messages, so my guess is that xymonnet can do that too, but might need to be told to do so.
I currently have a full Xymon (display) server running inside the firewalled network. But I think that having the full server is complicating things.
I'm guessing that running only the three daemons; xymonclient + xymonproxy + xymonnet inside the firewall, would make my life simpler and wouldn't complicate things with multiple Xymon (display) servers that need to share state.
I'm quite okay with '${XYMON} ${XYMSRV} "config hosts.cfg" > hosts.cfg' on the internal system running xymonnet.
And if so, you would only want that xymonnet instance to probe devices inside the client network, so you might need to make use of the "NET:" tags in hosts.cfg.
I currently have NET: tags and XYMONNETWORK parameters on the systems running xymonnet.
It's working. But I'm needing to run a xymonproxy on 1984 and distributing messages to xymond on 1985 on localhost and xymond on 1984 on the main Xymon (display) server.
Hence this thread inquiring about a cleaner method of having a topology.
Thank you again Jeremy.
-- Grant. . . . unix || die