Monitoring Remote Sites
Hi.
Does anyone have an experience with using xymon to monitor remote sites? How do you handle the security side of things? Can we use xymon with SSL for example?
Thank you. Jon B.
On 4 April 2013 00:59, Jonathan Bishop <jtkbishop at gmail.com> wrote:
Does anyone have an experience with using xymon to monitor remote sites? How do you handle the security side of things? Can we use xymon with SSL for example?
You can do various VPN type things, such as using stunnel or ssh tunnels (with key auth).
Also, you can run the client from the server (eg from tasks.cfg) over an ssh connection like so:
ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at remote-server'/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"'
J
On 4 April 2013 12:55, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
You can do various VPN type things, such as using stunnel or ssh tunnels (with key auth).
Also, this: http://lists.xymon.com/archive/2011-October/032866.html
In summary, the client-side can use curl to send a web "POST" message to the Xymon server using an https:// type URL. Encryption solved. The Xymon server can do whatever authentication is required (password, client-side certificate, or none).
J
On Apr 3, 2013 10:33 PM, "Jeremy Laidman" <jlaidman at rebel-it.com.au> wrote:
On 4 April 2013 12:55, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
You can do various VPN type things, such as using stunnel or ssh tunnels
(with key auth).
Also, this: http://lists.xymon.com/archive/2011-October/032866.html
In summary, the client-side can use curl to send a web "POST" message to
the Xymon server using an https:// type URL. Encryption solved. The Xymon server can do whatever authentication is required (password, client-side certificate, or none).
Just to clarify - on the Xymon server side it's Apache that handles the client authentication, and there are many docs describing that. Xymon itself is not involved in the authentication or encryption.
I also found that the xymoncgi handler sends back to the client any client-local configuration that it finds, so it isn't just a one way street.
Ralph Mitchell
Thank you all for the suggestions. Much appreciated.
Regards, Jon B.
On Thu, Apr 4, 2013 at 2:12 PM, Ralph Mitchell <ralphmitchell at gmail.com>wrote:
On Apr 3, 2013 10:33 PM, "Jeremy Laidman" <jlaidman at rebel-it.com.au> wrote:
On 4 April 2013 12:55, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
You can do various VPN type things, such as using stunnel or ssh
tunnels (with key auth).
Also, this: http://lists.xymon.com/archive/2011-October/032866.html
In summary, the client-side can use curl to send a web "POST" message to
the Xymon server using an https:// type URL. Encryption solved. The Xymon server can do whatever authentication is required (password, client-side certificate, or none).
Just to clarify - on the Xymon server side it's Apache that handles the client authentication, and there are many docs describing that. Xymon itself is not involved in the authentication or encryption.
I also found that the xymoncgi handler sends back to the client any client-local configuration that it finds, so it isn't just a one way street.
Ralph Mitchell
participants (3)
-
jlaidman@rebel-it.com.au
-
jtkbishop@gmail.com
-
ralphmitchell@gmail.com