On 08 Oct 2014, at 07:56, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
On 8 October 2014 16:36, Thomas Eckert <user-2a86d6cd6326@xymon.invalid> wrote:
Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative.
Various methods of tunnelling Xymon are documented here:
http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Guide#Encryption_and_Tunnelling
For example, add the following to tasks.cfg:
[xymon-over-ssh]
ENVFILE /usr/lib/xymon/server/etc/xymonserver.cfg
CMD ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at xymon-client '/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"'
LOGFILE $XYMONERVERLOGS/xymon-over-ssh.log
INTERVAL 5m
This requires no additional software. As long as the xymon user can ssh to the remote xymon client machine using key authentication, and as long as the xymon client is installed in the expected location, it should work as expected.
Agreed. That’s a nice and out-of-the-box solution.
It does not require the ssh-tunnel extension on the server-side. But if you do this for a lot of clients the ssh overhead _may_ become a problem (every 5 minutes).
The ssh-tunnel extension creates a persistent tunnel that is only re-created if not already established.
For only a few systems I’d use your example if pulldata is not desired.
For larger setups I prefer the persistent tunnel (with xymonproxy on the far end).
Cheers
Thomas