That's close to what I am doing using curl to post to a secure web server. Secure http over port 443 is already blessed by management and security. Opening another port requires paperwork...
Ralph Mitchell On Oct 10, 2011 5:34 PM, "Roland Soderstrom" <rolands at logicaltech.com.au> wrote:
This feature would please my managers a lot, getting all traffic encrypted. To me it seems like all the stones are there like SSL, xymond isn't that just an RPC? Just need to put it together. (sounds easy doesn't it)
I had another thought that I haven't played around with yet. Could you create an ssh tunnel and just pipe all xymon traffic through it?
client % ssh -N -g -f -L 1984:xymonserver.local:1984 xymonserver.local -l roland And let XYMSRV be localhost:1984 or something similar...
I don't have a test rig to test it out right now.
- Roland
On 11/10/11 08:07 AM, Ralph Mitchell wrote:
On Mon, Oct 10, 2011 at 4:53 PM, Rob Munsch <Munsch at phillycarshare.org>wrote:
At present, I have a work-around. Instead of using bin/xymon to send
messages, I'm using curl to post the message file to https://server.domain.com/xymon/upload.php. On the server side, the upload.php script simply drops the message file into xymon's incoming stream, just as if it were delivered over the net by bin/xymon.
Good idea. I almost can copy this approach.
The client side has the server's CA cert to validate the connection and the data flow is encrypted in transit. I could use client certificates as well.
But I think this approach only works for Linux xymon client, since curl is readily available. Preparing curl for other Unix(say HP-UX) and Windows will be a big challenge.
Actually....
http://curl.haxx.se/download.html
Wanna run it on Haiku? How about an Amiga? :)
Beat me to it... :-) We've got the script running on some IBM AIX boxes here. I think the curl version is something ridiculous, like curl-7.9, but it still delivers. That particular version is not built with SSL, so it won't do secure connections. We have HP-UX as well, but no Xymon client on that (yet).
I've lost *some* functionality, because I'm only installing the shell scripts, not any compiled binaries. That way, if I have to, I can show that it's just a script using utilities supplied along with the OS, same as anyone can type in to discover machine status. Plus it's easier for other people to maintain.
Ralph Mitchell
Xymon mailing listXymon at xymon.comhttp://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon