Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative.
In a nutshell it provides a convenient way to manage an ssh tunnel to clients (opening port 1984 there).
Upstream: https://wiki.xymonton.org/doku.php/addons:ssh_tunnel?s[]=ssh&s[]=tunnel
Bashified-version with a few tweaks: http://www.it-eckert.com/software/patches/ssh-tunnel/
More background info on usage (incl. combining 1 tunnel with xymonproxy to provide a "hub" for a bunch of EC2 instances):
http://www.it-eckert.com/blog/2014/remote-site-monitoring-with-ssh-tunnel/ http://www.it-eckert.com/blog/2014/combine-ssh-tunnel-with-xymonproxy/
Thomas
Am 08.10.2014 02:22 schrieb Galen Johnson <solitaryr at gmail.com>:
also, did you add "pulldata" to the clients in your xymon hosts file.
On Tue, Oct 7, 2014 at 2:27 PM, Galen Johnson <Galen.Johnson at sas.com> wrote:
I have this working for all my EC2 servers (same issue with security and opening firewall ports back inside). Do you have port open and verified the msgcache service is running on the clients? Also, check the xymon server logs...that's where I found the most helpful info.
=G=
From: Xymon <xymon-bounces at xymon.com> on behalf of Blake <scuba.blake at gmail.com> Sent: Tuesday, October 7, 2014 2:17 PM To: xymon at xymon.com Subject: [Xymon] Xymon pull client data setup After getting the "piss off" response from security in regards to monitoring systems in the DMZ I need to configure about two dozen systems for pull vs the standard push.
While I have gone through the documentation I am still having a few issues and needed some help.
*Server Changes =>updated server/etc/tasks.cfg
[xymonfetch] ENABLED ENVFILE /app/xymon/server/etc/xymonserver.cfg CMD $XYMONHOME/bin/xymonfetch --server=10.1.1.73 --no-daemon --pidfile=$XYMONSERVERLOGS/xymonfetch.pid --interval=60 --log-interval=600 --debug LOGFILE $XYMONSERVERLOGS/xymonfetch.log
*Client Changes =>updated server/etc/clientlaunch.cfg
[msgcache] ENABLED ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon --pidfile=$XYMONCLIENTLOGS/msgcache.pid --debug --logfile=$XYMONCLIENTLOGS/msgcachedaemon.log --max-age=1200 LOGFILE $XYMONCLIENTLOGS/msgcache.log
The main client task
[client] ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/xymonclient.sh LOGFILE $XYMONCLIENTLOGS/xymonclient.log INTERVAL 5m
=>updated server/etc/xymonclient.cfg XYMSRV="127.0.0.1"
Any help to get this working is greatly appreciated.
Thanks Blake
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
On 8 October 2014 16:36, Thomas Eckert <thomas.eckert at it-eckert.de> wrote:
Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative.
Various methods of tunnelling Xymon are documented here:
http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Gui...
For example, add the following to tasks.cfg:
[xymon-over-ssh] ENVFILE /usr/lib/xymon/server/etc/xymonserver.cfg CMD ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at xymon-client '/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"' LOGFILE $XYMONERVERLOGS/xymon-over-ssh.log INTERVAL 5m
This requires no additional software. As long as the xymon user can ssh to the remote xymon client machine using key authentication, and as long as the xymon client is installed in the expected location, it should work as expected.
J
On 08 Oct 2014, at 07:56, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
On 8 October 2014 16:36, Thomas Eckert <thomas.eckert at it-eckert.de> wrote: Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative.
Various methods of tunnelling Xymon are documented here:
http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Gui...
For example, add the following to tasks.cfg:
[xymon-over-ssh] ENVFILE /usr/lib/xymon/server/etc/xymonserver.cfg CMD ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at xymon-client '/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"' LOGFILE $XYMONERVERLOGS/xymon-over-ssh.log INTERVAL 5m
This requires no additional software. As long as the xymon user can ssh to the remote xymon client machine using key authentication, and as long as the xymon client is installed in the expected location, it should work as expected.
Agreed. That’s a nice and out-of-the-box solution.
It does not require the ssh-tunnel extension on the server-side. But if you do this for a lot of clients the ssh overhead _may_ become a problem (every 5 minutes). The ssh-tunnel extension creates a persistent tunnel that is only re-created if not already established.
For only a few systems I’d use your example if pulldata is not desired. For larger setups I prefer the persistent tunnel (with xymonproxy on the far end).
Cheers Thomas
participants (2)
-
jlaidman@rebel-it.com.au
-
thomas.eckert@IT-Eckert.de