In <4D374E08.8030908 at makelofine.org> dOCtoR MADneSs <doctor at makelofine.org> writes:
My xymon server has a strange behaviour.I have a host called tata running SSLed services. The tests are all OK. But when I go to sslcert test page, I see the information from another host (called toto). Their SSL certificates are differents, and all my other hosts have their own SSL informations.
Here is the hosts.cfg content :
I've reformatted it slightly ...
127.0.0.1 toto # bbd ftp
https://wikileaks.makelofine.org
https://mailadmin.makelofine.org
https://www.makelofine.org
https://test.makelofine.org
imaps smtps pop3s
http://wikileaks.makelofine.org
http://www.raclo.fr
http://www.pleinphares.fr
http://www.xenon-tuning.fr
http://www.hoodmark.fr
http://www.chasseresse.com
http://www.skapiso.com
http://www.galey-ariege.fr
http://photos.makelofine.org
http://www.warcho.net
apache=http://localhost/server-status?auto
dns=galey-ariege.fr,skapiso.com,loozah.com,manurevah.com,loloack.com,makelofine.org
smtp ssh imap pop3 apt
libs bind postfix mysql hardware ntpq TRENDS:*,!la,vmstat:vmstat1|vmstat2|vmstat3|vmstat4|vmstat5,apache:apache|apache1|apache2|apache3,mysql:mysql|mysqlslow|mysqlqueries|mysqltables|mysqlopens|mysqlflush|mysqlquestions,hardware:hardware|fans|voltages,mailgraph:mailgraph-rejected|mailgraph-local|mailgraph-amavis|mailgraph-spamd|mailgraph-postgrey|mailgraph-postgrey-passed|mailgraph-loglines|mailgraph-runtime
OK, so you have (at least) 7 SSL-enabled services running on one host. The effect of that is rather unpredictable - when doing the "sslcert" status, I didn't think that you would have one line in hosts.cfg with multiple (different) SSL certificates. So which of the 7 certificates will show up in the "sslcert" status is unpredictable.
It shouldn't mix certificates from different servers, though, and I have never heard of it happening. Are you sure that the DNS entries for tata and toto are completely separate ? They don't point to the same IP - or some round-robin DNS entry? (I note that both of them run "imaps", so it could be a possibility).
Xymon by default doesn't care what IP-address you've put into hosts.cfg, it will always do a DNS lookup on the hostname to determine the IP- address. So tests for the "tata" server could easily end up on "toto", if there is a hostname resolution problem. You can of course override this by adding the "testip" tag to both of those hosts in hosts.cfg.
Regards, Henrik