I think direct SSL wrapping is what I need, thanks.
Would it be unreasonable to suggest that the SSL setup, decryption, etc be
offloaded to a standalone program that then delivers the message to the
core daemon in the same manner as cgimsg? I'd like to get Apache out of
the loop, and just have an SSL-enabled message receiver funneling status
messages to the core daemon.
The problem I've been living with is, I have a bunch of near-identical
clients that all reboot at 1:30am to deal with a memory-leaking Java
program. This means that their Xymon clients all start up at pretty much
the same time and deliver messages fairly close together. From time to
time a message storm prevents some clients getting through, and sometimes
it seems like status messages are being merged. At least, I get clients
reporting filesystems they don't have, and graphs that shows max values
equal to the lifetime of the Universe measured in femtoseconds...
Ralph Mitchell
On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <user-87556346d4af@xymon.invalid>
wrote:
Hi Ralph,
For direct SSL wrapping of client submission to xymond, yes. For
authentication of source messages via proxy or intermediary, no.
For high-volume situations, or where a reply is not needed, cgimsg will
still be a useful mechanism. SSL setup, teardown, and decryption in the
core daemon still has an impact, so offloading that to a receiver for
termination would be recommended depending on your scale.
Regards,
-jc
On 8/14/2020 7:30 PM, Ralph M wrote:
Is the 4.4 release going to have encrypted communications? I'm not
supposed to send plain text over the network, so I've been faking it with
curl posting to xymoncgimsg on port 443. It would be really nice to get
port 1984 opened and do it properly.
Thanks,
Ralph Mitchell
On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid> wrote:
Thanks for the update Japheth!
On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid>
wrote:
Hi Jim,
I'm looking at the XSS report and sorting through a variety of the
patches since this release now.
There will be a 4.3.31 release with this as well as other updates, as
well as a 4.4 pre-release. Due to there being a longish gap, a maintenance
release is appropriate.
-jc
On 7/31/2020 7:15 AM, James Louis wrote:
Japheth,
Will 4.3.31 be out soon or will it jump to 4.4?
Thanks,
Jim
On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid>
wrote:
Xymon 4.3.30 has been released and is now available for download.
4.3.30 is mostly a bug-fix release, quashing issues stemming from the
security fixes in 4.3.29, including improperly-tight restrictions on
allowed characters in hostname for browsing along with several other
parsing errors. Thanks in particular to Tom Schmidt for his assistance
in tracking these down.
Xymon should also now be more easily buildable on older GCC versions
without the diagnostics pragma available.
Xymon 4.3.30 is available from the Xymon SourceForge page at
https://sourceforge.net/projects/xymon/
As always, thank you to all who have contributed code, ideas, and
features
to the project!
Regards,
Japheth "J.C." Cleaver
--
*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *
*--oOo---(_)---oOo-- *
?It does me no injury for my neighbor to say there are twenty gods, or
no God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson
--
*Jim Louis \\\\||//// \ ~ ~ / | @ @ | *
*--oOo---(_)---oOo-- *
?It does me no injury for my neighbor to say there are twenty gods, or no
God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson