Xymon Mailing List Archive search

How to test remote ports

list Christoph Zechner
Thu, 19 Jan 2023 06:57:40 +0100
Message-Id: <user-495668a13545@xymon.invalid>

Hi,

On 18/01/2023 23:52, Jeremy Laidman wrote:
I would try *:80 as Josh suggested. It might not be exactly what you want, but it might help to narrow down where the problem is.
this would not work, because port 80 does not show up on the xymon server, it is a remote (Windows) machine.


What scenario are you trying to alert on? Are you trying to detect when there's an established outgoing connection from the monitored host to one specific other host?
I want to get an alert, if port 80 (in this example) went down for any reason on the remote machine, just like I can monitor a port on my xymon server. This Windows machine is the endpoint of an ipsec tunnel and I want to monitor its open ports.

I tend to use regular expressions, perhaps because of the examples in analysis.cfg.

In case it helps, here's an example that works for me, albeit from the analysis.cfg file (I don't use client mode anywhere):

PORT "REMOTE=%([.:]179)$" state=ESTABLISHED min=0 max=4 color=yellow "TEXT=bgp connections out (TCP/179)"
Thanks for the example, but the thing is, I do not have an established connection to the remote port, I just want to check if its present or not. :-/

Cheers
Christoph

I don't believe the quotes around "REMOTE=..." are important - it's just how I tend to use regular expressions.

J

On Thu, 19 Jan 2023 at 07:43, Josh Luthman <user-4c45a83f15cb@xymon.invalid <mailto:user-4c45a83f15cb@xymon.invalid>> wrote:

    Is 1.2.3.4 your Xymon server or the host IP?? The 1.2.3.4 in your
    example is the local addr that it would request from.? If you don't
    care, you could use *:80.

    https://xymon.com/help/manpages/man5/analysis.cfg.5.html
    <https://xymon.com/help/manpages/man5/analysis.cfg.5.html>;

    On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <user-249716582ccc@xymon.invalid
    <mailto:user-249716582ccc@xymon.invalid>> wrote:

        Hi,

        I've been trying to establish a remote port check, but cannot
        get it to
        work. After reading the man pages and the corresponding topics
        on the
        mailing list, I've configured a test like this:

        PORT REMOTE=1.2.3.4:80 <http://1.2.3.4:80>;

        but the remote port always comes back as down, even though it is
        up. Am
        I doing something wrong? Local port checks all work perfectly,
        only the
        remote ones do not.

        Am I doing something wrong here?

        Context: I am using local mode on all clients, so I'm putting
        all my
        checks in /etc/xymon/localclient.cfg, but this should not effect
        this
        check, right?

        Thanks in advance!

        Best regards
        Christoph Zechner
        <

    <