I think that the original philosophy behind Xymon was to "inform and
notify" and not to "remediate." The client sends data to a predefined
destination at regular intervals.
However, you have described the Xymon administrators dilemma very well --
what about custom tests? As Timothy points out, some thought has been put
into this in the PowerShell client, but I am not sure what JC is planning
for the Xymon "native" clients. Just keep in mind that once your Xymon
server can start distributing code to its clients, the security
requirements will likely escalate. Some form of "trust" will be needed
between the client and the server as well as other features to keep the
auditors at bay.
However, you might be able to roll your own distribution function. All you
need is a custom test that connects to your distribution point to look for
changes. If anything changes, it can download the new code and "do the
needful" to activate it. Another coping mechanism is to write your custom
checks so they do not need to be updated very often, or isolate the updates
so they can be easily applied.
Regards,
Greg Hubbard
On Fri, Dec 4, 2020 at 9:21 AM Timothy Williams <user-1a5482fb085e@xymon.invalid> wrote:
On the Windows PSXymon or (shudder) BBWin client, you can run an external
script by specifying it in the client-config file. Client can download from
a central repository using URL or BB: (from Xymon server) link to run every
scan or on slow scan. Therefore, changes to script are immediately
distributed. The script can write an output file to TMP folder and that is
picked up and displayed on Xymon console (name of file becomes name of
column).
As Windows clients were built to mimic the Linux client, I would assume
there is a mechanism there as well.
*Timothy L. Williams*Windows Server
*Operating Systems Analyst*
On Fri, Dec 4, 2020 at 9:12 AM Gabby Gibbons via Xymon <xymon at xymon.com>
wrote:
---------- Forwarded message ----------
From: Gabby Gibbons <user-920f9e87cd7f@xymon.invalid>
To: Xymon Mailinglist <xymon at xymon.com>
Cc:
Bcc:
Date: Fri, 4 Dec 2020 13:52:18 +0000 (UTC)
Subject: Running a custom test on multiple clients.
Hello,
I am trying to figure out if there's a way to write a custom test on the
xymon server and then run that test on each client as the client. I am
aware of the ability to write a test on the server and then use XYMONGREP
to run a test on each machine as the server, but the problem with that is,
as far as I can tell, you can only run unauthenticated checks from the
outside of the system. Say, for example, I want to monitor a log file using
xymon on each client. If I were able to run the check on each system itself
as the authenticated xymon user I could do that easily, but I wouldn't be
able to view that file from the outside with another computer without first
authenticating.
Right now my solution is to simply copy all of the custom tests I have to
each monitored machine. This works, but the problem is that it's so
decentralized. Every time I make a simple change to a script or want to add
a new custom script I have to go to every single machine and make the same
change. Being able to centralize this somewhat and have the clients all
read from one source would make managing custom tests much much easier. Is
this possible to do?
---------- Forwarded message ----------
From: Gabby Gibbons via Xymon <xymon at xymon.com>
To: Xymon Mailinglist <xymon at xymon.com>
Cc:
Bcc:
Date: Fri, 4 Dec 2020 13:52:18 +0000 (UTC)
Subject: [Xymon] Running a custom test on multiple clients.
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.