I think direct SSL wrapping is what I need, thanks.
Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon.
The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds...
Ralph Mitchell
On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <cleaver at terabithia.org> wrote:
Hi Ralph,
For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no.
For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale.
Regards, -jc
On 8/14/2020 7:30 PM, Ralph M wrote:
Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly.
Thanks,
Ralph Mitchell
On Fri, Jul 31, 2020 at 11:33 AM James Louis <jglouisjr at gmail.com> wrote:
Thanks for the update Japheth!
On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <cleaver at terabithia.org> wrote:
Hi Jim,
I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate.
-jc
On 7/31/2020 7:15 AM, James Louis wrote:
Japheth,
Will 4.3.31 be out soon or will it jump to 4.4?
Thanks, Jim
On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <cleaver at terabithia.org> wrote:
Xymon 4.3.30 has been released and is now available for download.
4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down.
Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available.
Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/
As always, thank you to all who have contributed code, ideas, and features to the project!
Regards, Japheth "J.C." Cleaver
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--
*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *
*--oOo---(_)---oOo-- *
?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson
--
*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *
*--oOo---(_)---oOo-- *
?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon