On Mon, Oct 10, 2011 at 2:58 PM, T.J. Yang <user-61afc885aa73@xymon.invalid> wrote:
Hi, Henrik
Passing message without encryption among xymon client and server will
cause concerns in corporate IT.
I know you did some work at previous branches, can you activate this
message encryption work or put it on roadmap ?
I was taking another crack at this today and found some interesting things.
The xymon command, which delivers messages to the server, can take a URL
for a parameter. Also, lurking in xymon-4.3.5/xymonproxy there is a little
program called xymoncgimsg, which takes an HTTP-delivered Xymon message and
hands it directly to Xymon. I went a step further and poked around in the
code to see what was being sent, and came up with this:
1) Discover the state of some service, including the color. Assemble the
report:
MESSAGE="status $MACHINE.$TEST $COLOR `date`
some message(s) relating to the test we're reporting"
2) instead of doing: $XYMON $XYMSRV "$MESSAGE" to deliver, do this:
curl -s -S -L --cacert /path/to/secure/xymon-server/cert.pem \
-H "Content-Ty[e: application/octet-stream" \
-H "MIME-version: 1.0" \
-d "$MESSAGE" \
https://secure-xymon.server.com/xymon-cgi/xymoncgimsg.cgi
Curl validates the server certificate and manages the encrypted connection.
$MESSAGE is shoved down the pipe to the cgi script and directly to xymon.
Ralph Mitchell