Best way to monitor server in a DMZ ? or remote LAN ?
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I'm thinking to setup a DMZ Hobbit server. The LAN Hobbit server will pull the information from the DMZ Hobbit server. I remember something related using bbproxy or NET. Am I right ? What is your experience in that domain again ? (bis)
Finally, I would like to setup a Hobbit Server in "LAN2", "LAN3" and "LAN4" . Those LAN* Hobbit server will monitor servers around them. Will they send information to LAN Hobbit server or the LAN Hobbit server will pull the information from LAN* Hobbit servers ?
Thanks by advance for any answers or point of view of my ideas. I'm looking for a global view of my issues + tutorial links to setup the right things.
Thanks by advance.
linuxmasterjedi at free.fr a écrit :
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
Hi
to monitor hosts in a DMZ, I use Hobbit in "fetch" mode, which works fine.
--
Frédéric Mangeant
Steria EDC Sophia Antipolis
linuxmasterjedi at free.fr a écrit :
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
Hi
to monitor hosts in a DMZ, I use Hobbit in "fetch" mode, which works fine.
Alright Frédéric, seems the things I need. Any extra information how to get this "fetch" mode working ?
Anyway, thanks for all your answers!
Frédéric Mangeant
Steria EDC Sophia Antipolis
On Wednesday 06 February 2008 13:17:26 L.M.J. wrote:
linuxmasterjedi at free.fr a écrit :
to monitor hosts in a DMZ, I use Hobbit in "fetch" mode, which works fine.
Alright Frédéric, seems the things I need. Any extra information how to get this "fetch" mode working ?
Besides that in the man pages (msgcache(8), hobbitfetch(8), bb-hosts(5)) ?
1)Enable the msgcache task on the clients (in clientlaunch.cfg) in the DMZ, and set BBDISP to 127.0.0.1 in the client configuration 2)Add the pulldata option to bb-hosts for these clients 3)Enable the hobbitfetch task on the server in hobbitlaunch.cfg
This is relatively obvious from the man pages ...
Regards, Buchan
linuxmasterjedi at free.fr a écrit :
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I used bb-central back to bb times. worked quite fine. I suppose it should work with hobbit also. the idea is that an internal host runs the commands via ssh, and the results are sent by the internal host to the hobbit server. It's quite interesting to have only one hobbit server. (I imagine you'll have to create as many hobbit server as you have different DMZ networks).
I'm thinking to setup a DMZ Hobbit server. The LAN Hobbit server will pull the information from the DMZ Hobbit server. I remember something related using bbproxy or NET. Am I right ? What is your experience in that domain again ? (bis)
Finally, I would like to setup a Hobbit Server in "LAN2", "LAN3" and "LAN4" . Those LAN* Hobbit server will monitor servers around them. Will they send information to LAN Hobbit server or the LAN Hobbit server will pull the information from LAN* Hobbit servers ?
Thanks by advance for any answers or point of view of my ideas. I'm looking for a global view of my issues + tutorial links to setup the right things.
Thanks by advance.
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I used bb-central back to bb times. worked quite fine. I suppose it should work with hobbit also.
I have the exact same requirement, but I tunnelled the hobbit communications over ssh.
There is a nice tutorial by Keith Sebesta on the old BB script repository: http://www.deadcat.net/3/BB-ssh.txt Took me about 6 minutes to get it working.
steve
steve mcconnell gsk unix application hosting support 919-282-3052
"pkc_mls" <pkc_mls at yahoo.fr> 05-Feb-2008 09:17 Please respond to hobbit at hswn.dk
To hobbit at hswn.dk cc
Subject Re: [hobbit] Best way to monitor server in a DMZ ? or remote LAN ?
linuxmasterjedi at free.fr a écrit :
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I used bb-central back to bb times. worked quite fine. I suppose it should work with hobbit also. the idea is that an internal host runs the commands via ssh, and the results are sent by the internal host to the hobbit server. It's quite interesting to have only one hobbit server. (I imagine you'll have to create as many hobbit server as you have different DMZ networks).
I'm thinking to setup a DMZ Hobbit server. The LAN Hobbit server will pull the information from the DMZ Hobbit server. I remember something related using bbproxy or NET. Am I right ? What is your experience in that domain again ? (bis)
Finally, I would like to setup a Hobbit Server in "LAN2", "LAN3" and "LAN4" . Those LAN* Hobbit server will monitor servers around them. Will they send information to LAN Hobbit server or the LAN Hobbit server will pull the information from LAN* Hobbit servers ?
Thanks by advance for any answers or point of view of my ideas. I'm looking for a global view of my issues + tutorial links to setup the right things.
Thanks by advance.
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I use msgcache and the pulldata tag, so that the Hobbit server connects to the hosts being monitored ...
I'm thinking to setup a DMZ Hobbit server. The LAN Hobbit server will pull the information from the DMZ Hobbit server. I remember something related using bbproxy or NET. Am I right ? What is your experience in that domain again ? (bis)
bbproxy works fine as well (but I don't use it for a DMZ, however for a 2nd site that forwards all the data (from clients, it's own bbtest-net, and it's own devmon) to the single display that is "monitored" by the monitoring team.
Finally, I would like to setup a Hobbit Server in "LAN2", "LAN3" and "LAN4" . Those LAN* Hobbit server will monitor servers around them. Will they send information to LAN Hobbit server or the LAN Hobbit server will pull the information from LAN* Hobbit servers ?
Either way, depending on how you configure them ... (see above).
Thanks by advance for any answers or point of view of my ideas. I'm looking for a global view of my issues + tutorial links to setup the right things.
Honestly, I don't think this is so complex that a tutorial is required ...
Regards, Buchan
Is this also possible with BBwin Client systems.
Regards,
Bert Klomp
-----Original Message----- From: Buchan Milne [mailto:bgmilne at staff.telkomsa.net] Sent: dinsdag 5 februari 2008 15:20 To: hobbit at hswn.dk Cc: linuxmasterjedi at free.fr Subject: Re: [hobbit] Best way to monitor server in a DMZ ? or remote LAN ?
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I use msgcache and the pulldata tag, so that the Hobbit server connects to the hosts being monitored ...
I'm thinking to setup a DMZ Hobbit server. The LAN Hobbit server will pull the information from the DMZ Hobbit server. I remember something related using bbproxy or NET. Am I right ? What is your experience in that domain again ? (bis)
bbproxy works fine as well (but I don't use it for a DMZ, however for a 2nd site that forwards all the data (from clients, it's own bbtest-net, and it's own devmon) to the single display that is "monitored" by the monitoring team.
Finally, I would like to setup a Hobbit Server in "LAN2", "LAN3" and "LAN4" . Those LAN* Hobbit server will monitor servers around them. Will they send information to LAN Hobbit server or the LAN Hobbit server will pull the information from LAN* Hobbit servers ?
Either way, depending on how you configure them ... (see above).
Thanks by advance for any answers or point of view of my ideas. I'm looking for a global view of my issues + tutorial links to setup the right things.
Honestly, I don't think this is so complex that a tutorial is required ...
Regards, Buchan
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I use msgcache and the pulldata tag, so that the Hobbit server connects to the hosts being monitored ...
Alright, I've added "pulldata" in the bb-hosts from the server. I've removed "DISABLED" msgcache in the clientlaunch.cfg file client.
Is there something else ? I still see my client inside the DMZ trying to reach the server without success (blocked by the Firewall). I also see the server who make the request to the clients which is normal BUT my DMZ hosts switched to purple!
Did I mist something ?
On Monday 11 February 2008 14:05:17 L.M.J. wrote:
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I use msgcache and the pulldata tag, so that the Hobbit server connects to the hosts being monitored ...
Alright, I've added "pulldata" in the bb-hosts from the server. I've removed "DISABLED" msgcache in the clientlaunch.cfg file client.
Is there something else ? I still see my client inside the DMZ trying to reach the server without success (blocked by the Firewall). I also see the server who make the request to the clients which is normal BUT my DMZ hosts switched to purple!
Did I mist something ?
Configure the client to report to itself (the msgcache), by setting BBDISP=127.0.0.1 in hobbitclient.cfg.
Regards, Buchan
On Monday 11 February 2008 14:05:17 L.M.J. wrote:
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Hi,
I would like to monitor servers inside a DMZ. Since the Hobbit-Clients push the information to the server, they are not able reach the LAN Hobbit server : communication from the DMZ to the LAN is forbidden...
What is your experience in that area guys ?
I use msgcache and the pulldata tag, so that the Hobbit server connects to the hosts being monitored ...
Alright, I've added "pulldata" in the bb-hosts from the server. I've removed "DISABLED" msgcache in the clientlaunch.cfg file client.
Is there something else ? I still see my client inside the DMZ trying to reach the server without success (blocked by the Firewall). I also see the server who make the request to the clients which is normal BUT my DMZ hosts switched to purple!
Did I mist something ?
Configure the client to report to itself (the msgcache), by setting BBDISP=127.0.0.1 in hobbitclient.cfg.
BBDISP=127.0.0.1 + "pulldata" in the bb-hosts + removed "DISABLED" msgcache in the clientlaunch.cfg
I see the Hobbit server connection to the DMZ client now. The DMZ clients do not try to reach the Hobbit server anymore. Good point!
I *still* don't have any report from the DMZ host. Help please.
On Tue, 12 Feb 2008, L.M.J. might have said:
On Monday 11 February 2008 14:05:17 L.M.J. wrote:
Alright, I've added "pulldata" in the bb-hosts from the server. I've removed "DISABLED" msgcache in the clientlaunch.cfg file client.
BBDISP=127.0.0.1 + "pulldata" in the bb-hosts + removed "DISABLED" msgcache in the clientlaunch.cfg
I see the Hobbit server connection to the DMZ client now. The DMZ clients do not try to reach the Hobbit server anymore. Good point!
I *still* don't have any report from the DMZ host. Help please.
When this is fixed, please post the changed files showing how you have the 'pulldata' working. No need to post all hosts, just the lines for this configuration.
Mike
Le Tue, 12 Feb 2008 07:58:13 -0600, Mike Eggleston <mikeegg1 at mac.com> a écrit :
On Tue, 12 Feb 2008, L.M.J. might have said:
On Monday 11 February 2008 14:05:17 L.M.J. wrote:
Alright, I've added "pulldata" in the bb-hosts from the server. I've removed "DISABLED" msgcache in the clientlaunch.cfg file client.
BBDISP=127.0.0.1 + "pulldata" in the bb-hosts + removed "DISABLED" msgcache in the clientlaunch.cfg
I see the Hobbit server connection to the DMZ client now. The DMZ clients do not try to reach the Hobbit server anymore. Good point!
I *still* don't have any report from the DMZ host. Help please.
When this is fixed, please post the changed files showing how you have the 'pulldata' working. No need to post all hosts, just the lines for this configuration.
Here we go : HOWTO monitor servers in a DMZ.
CLIENT SIDE
hobbitclient.cfg BBDISP="127.0.0.1" <-- Changed from Hobbit server IP to localhost
clientlaunch.cfg [msgcache] # DISABLED <-- Comment it ENVFILE $HOBBITCLIENTHOME/etc/hobbitclient.cfg CMD $HOBBITCLIENTHOME/bin/msgcache --no-daemon --pidfile=$HOBBITCLIENTHOME/logs/msgcache.pid LOGFILE $HOBBITCLIENTHOME/logs/msgcache.log
[client] ENVFILE $HOBBITCLIENTHOME/etc/hobbitclient.cfg CMD $HOBBITCLIENTHOME/bin/hobbitclient.sh --local <-- Add --local LOGFILE $HOBBITCLIENTHOME/logs/hobbitclient.log INTERVAL 5m
SERVER SIDE
hobbitlaunch.cfg [hobbitfetch] # DISABLED <-- Comment it ENVFILE /home/users/hobbit/application/server/etc/hobbitserver.cfg CMD $BBHOME/bin/hobbitfetch --server=XX.XX.XX.XX --no-daemon --pidfile=$BBSERVERLOGS/hobbitfetch.pid <-- replace the IP by your Hobbit server one LOGFILE $BBSERVERLOGS/hobbitfetch.log
bb-hosts zz.zz.zz.zz fqdn # conn hobbitfetch pulldata <- Add hobbitfetch pulldata, do NOT forget to put the IP
And it should work. Do not forget to restart client & server just in case.
On Tuesday 12 February 2008 15:51:14 L.M.J. wrote:
On Monday 11 February 2008 14:05:17 L.M.J. wrote:
On Tuesday 05 February 2008 16:01:48 linuxmasterjedi at free.fr wrote:
Did I mist something ?
BTW, did you read the other recent posts (in between your first set of many questions in this thread, and when you started implementing)? Because, all the steps were listed in my reply to one of those posts.
Configure the client to report to itself (the msgcache), by setting BBDISP=127.0.0.1 in hobbitclient.cfg.
BBDISP=127.0.0.1 + "pulldata" in the bb-hosts + removed "DISABLED" msgcache in the clientlaunch.cfg
Did you enable the 'hobbitfetch' task in hobbitlaunch.cfg on the Hobbit server?
I see the Hobbit server connection to the DMZ client now. The DMZ clients do not try to reach the Hobbit server anymore. Good point!
Can you connect from the Hobbit server to port 1984 on the clients in the DMZ?
I *still* don't have any report from the DMZ host. Help please.
You should also check if you have any entries in the msgcache.log on the clients.
Regards, Buchan
Did I mist something ?
BTW, did you read the other recent posts (in between your first set of many questions in this thread, and when you started implementing)? Because, all the steps were listed in my reply to one of those posts.
Configure the client to report to itself (the msgcache), by setting BBDISP=127.0.0.1 in hobbitclient.cfg.
BBDISP=127.0.0.1 + "pulldata" in the bb-hosts + removed "DISABLED" msgcache in the clientlaunch.cfg
Did you enable the 'hobbitfetch' task in hobbitlaunch.cfg on the Hobbit server?
Yep : [hobbitfetch] # DISABLED ENVFILE ....
I see the Hobbit server connection to the DMZ client now. The DMZ clients do not try to reach the Hobbit server anymore. Good point!
Can you connect from the Hobbit server to port 1984 on the clients in the DMZ?
I *still* don't have any report from the DMZ host. Help please.
You should also check if you have any entries in the msgcache.log on the clients.
Here we go : 2008-02-11 15:27:29 Listening on 0.0.0.0:1984 2008-02-11 15:30:58 Caught TERM signal, terminating 2008-02-11 15:30:58 Hobbit msgcache version 4.2.0 starting 2008-02-11 15:30:58 Listening on 0.0.0.0:1984 2008-02-13 07:55:50 Caught TERM signal, terminating 2008-02-13 07:58:24 Hobbit msgcache version 4.2.0 starting 2008-02-13 07:58:24 Listening on 0.0.0.0:1984
Nothing look abnormal. Any ideas why my server won't retrieve informations from the DMZ clients ?
participants (7)
-
bgmilne@staff.telkomsa.net
-
frederic.mangeant@steria.com
-
klomph@nlr.nl
-
linuxmasterjedi@free.fr
-
mikeegg1@mac.com
-
pkc_mls@yahoo.fr
-
steve.e.mcconnell@gsk.com