I think direct SSL wrapping is what I need, thanks.

Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon.

The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds...

Ralph Mitchell

On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <cleaver at terabithia.org> wrote:

Hi Ralph,

For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no.

For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale.

Regards, -jc

On 8/14/2020 7:30 PM, Ralph M wrote:

Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly.

Thanks,

Ralph Mitchell

On Fri, Jul 31, 2020 at 11:33 AM James Louis <jglouisjr at gmail.com> wrote:

...

Thanks for the update Japheth!

On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <cleaver at terabithia.org> wrote:

...

Hi Jim,

I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate.

-jc

On 7/31/2020 7:15 AM, James Louis wrote:

Japheth,

Will 4.3.31 be out soon or will it jump to 4.4?

Thanks, Jim

On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <cleaver at terabithia.org> wrote:

...

Xymon 4.3.30 has been released and is now available for download.

4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down.

Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available.

Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/

As always, thank you to all who have contributed code, ideas, and features to the project!

Regards, Japheth "J.C." Cleaver

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon

--

*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *

*--oOo---(_)---oOo-- *

?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?

~ Thomas Jefferson

--

*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *

*--oOo---(_)---oOo-- *

?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?

~ Thomas Jefferson

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon

I think I saw something in one of the patches to fix the client report munging. I'm currently in the Dark Ages, with 4.3.12, on hardware that should have been life-cycled about 10 years ago... I'm supposed to be getting new hardware sometime soon. When I get that, I'll pick up the latest release.

One problem I have with upgrading is making sure I carry over a few patches I've made, some of which have already been rolled into mainstream Xymon. I may just let the other changes go and run with vanilla 4.3.31.

Ralph Mitchell

On Tue, Aug 18, 2020 at 10:40 AM SebA <spah at syntec.co.uk> wrote:

That's interesting Ralph. We sometimes get the same issue with client's status reports getting assigned to the wrong host in the Xymon server too (and this is just using the normal xymond receiver). I thought it might be related to one or two very big message senders though. It's difficult to track down and can happen briefly, trigger an alert and vanish into the mist within a minute when the next report comes in (though some evidence is left behind in the history). But perhaps you are getting big message senders are a reboot as it's sending quite a lot of data in the msg column?

Kind regards,

SebA

On Sat, 15 Aug 2020 at 05:21, Ralph M <ralphmitchell at gmail.com> wrote:

...

I think direct SSL wrapping is what I need, thanks.

Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon.

The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds...

Ralph Mitchell

On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <cleaver at terabithia.org> wrote:

...

Hi Ralph,

For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no.

For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale.

Regards, -jc

On 8/14/2020 7:30 PM, Ralph M wrote:

Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly.

Thanks,

Ralph Mitchell

On Fri, Jul 31, 2020 at 11:33 AM James Louis <jglouisjr at gmail.com> wrote:

...

Thanks for the update Japheth!

On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <cleaver at terabithia.org> wrote:

...

Hi Jim,

I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate.

-jc

On 7/31/2020 7:15 AM, James Louis wrote:

Japheth,

Will 4.3.31 be out soon or will it jump to 4.4?

Thanks, Jim

On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <cleaver at terabithia.org> wrote:

...

Xymon 4.3.30 has been released and is now available for download.

4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down.

Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available.

Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/

As always, thank you to all who have contributed code, ideas, and features to the project!

Regards, Japheth "J.C." Cleaver

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon

--

*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *

*--oOo---(_)---oOo-- *

?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?

~ Thomas Jefferson

--

*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *

*--oOo---(_)---oOo-- *

?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?

~ Thomas Jefferson

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon