Hi Grant
The xymonnet process needs to be able to send probe packets (eg ping, web requests, and whatever you're trying to monitor) to the clients. If the firewall is blocking the probe traffic, then it's not going to work. The xymon proxy only proxies xymon messages, such as the ones sent by the xymonnet process to the xymond process when reporting the status of the probes (success or failure, and round-trip times).
It seems to me that you need a xymonnet process running on the client side of the firewall. For example, if you can run xymonnet on one of the clients, then the firewall only needs to allow xymon traffic from the client to the Xymon server, so that xymonnet can report the status of its probes.
You can run xymonnet stand-alone, and set environment variables to tell it where to send its messages. If you already have a xymon client installed on the client host, you can execute xymonnet from clientlaunch.cfg and it should then know where to send packets due to the environment that is setup.
The only thing I'm not certain of, is how xymonnet knows which hosts to probe and what probes to send to them. When xymonnet is running on the Xymon server, it has access to the hosts.cfg file that's there. When running elsewhere, I'm not sure. I know that there's a way to fetch the hosts.cfg contents using xymon messages, so my guess is that xymonnet can do that too, but might need to be told to do so. And if so, you would only want that xymonnet instance to probe devices inside the client network, so you might need to make use of the "NET:" tags in hosts.cfg.
J
On Tue, 17 Oct 2023 at 02:51, Grant Taylor via Xymon <xymon at xymon.com> wrote:
---------- Forwarded message ---------- From: Grant Taylor <gtaylor at tnetconsulting.net> To: xymon at xymon.com Cc: Bcc: Date: Mon, 16 Oct 2023 10:49:42 -0500 Subject: Looking for clarification on Xymon client / server hierarchy. Hi,
Would someone help me understand the Xymon client / server / proxy hierarchy a little bit better?
My scenario is I have two locations separated by a firewall wherein clients inside can send things out to the larger network, but the xymonnet can't reach in to probe clients in the private LAN.
I had thought that an Xymon proxy might be the answer for this. -- I did get internal clients to relay updates out through the xymonproxy to the Xymon (display) server. However xymonnet seems to not utilize the xymonproxy to initiate tests therefrom.
What is the recommended way to have Xymon monitor internal clients that can't be directly reached from the Xymon (display) server?
Aside: It seems as if the xymonproxy might be for the other way around, to have clients in the wild get messages into a protected Xymon server which can reach out and touch the clients.
Thank you and have a good day.
-- Grant. . . . unix || die
---------- Forwarded message ---------- From: Grant Taylor via Xymon <xymon at xymon.com> To: xymon at xymon.com Cc: Bcc: Date: Mon, 16 Oct 2023 10:49:42 -0500 Subject: [Xymon] Looking for clarification on Xymon client / server hierarchy.
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon