Xymon Mailing List Archive search

agents with pulldata - xymonfetch and ssh tunelling

list Pierre L
Thu, 02 Nov 2017 07:38:42 +0000
Message-Id: <CAFrxnpT5EDNYSa+owrsY7Qj0ZHcU9HY-EC3NRKeL6efvAKB=user-5ba25e291fe8@xymon.invalid>

Hello Thomas,

thanks for the reply.
I have tried xymon 127.0.0.1 “ping” but it does nothing on the client
(tunnel opened or not).
When I do 'xymon serverIP “ping”'  I get the version of the server.
For the tunnel, I have done, on the server: 'ssh -L 1234:127.0.0.1:1984
serverIP'

Regarding the proxy, we had this kind of solution but security (again)
asked for them to be removed.

I have seen your ssh tunnel script and article but I must admit that my
technical level made it a little bit difficult to understand. I ll get a
closer look today.

Pierre

Le mar. 31 oct. 2017 à 18:05, Thomas Eckert <user-2a86d6cd6326@xymon.invalid> a
écrit :

Pierre,

does a `xymon 127.0.0.1 “ping”` on the client return the version-number of
your xymon server? If it does your client should simply report to 127.0.0.1
and you should be ready to go.

`pulldata` is for situations where the _server_ can reach the client (on
port 1984) — “normal” communication is the other way around: the client
contacts the server on tcp/1984. The “daemon" for `pulldata` from the
server on the client is `msgcache`: That has to be enabled in `
clientlaunch.cg`. If the security-policy applies to the client as well.
This does not seem to be the case in your setup.

If you are not already using it: have a look at the excellent
`ssh-tunnel`-extension <
https://wiki.xymonton.org/doku.php/addons:ssh_tunnel>; for automatic
establishing (and monitoring) the ssh-tunnel.
I have an article on ssh-tunnel <
http://www.it-eckert.com/blog/2014/remote-site-monitoring-with-ssh-tunnel/>;
and also provide an improved/patched version <
http://www.it-eckert.com/software/patches/ssh-tunnel/>;.

If you have more than one client that has to be monitored in a remote
location have a look at `xymonproxy` too, more details here <
http://www.it-eckert.com/blog/2014/combine-ssh-tunnel-with-xymonproxy/>;.

Cheers
Thomas

On 31 Oct 2017, at 17:37, Pierre L <user-fdf21db1a9c5@xymon.invalid> wrote:

Hello,

I am trying to set up xymonfetch/msgcache with ssh tunnelling (because
security does not want to open flows on port 1984).

I have enabled xymonfetch (in tasks.cfg) and added pulldata (in hosts.cfg)
on server side and also msgcache (in clientlaunch.cfg) and
XYMSRV=127.0.0.1 (in xymonclient.cfg).

I have done a ssh tunnel (ssh -L 1234:127.0.0.1:1984 IP_of_the_client)
from the xymon server. My tunnel is ok but xymon logs still show that
nothing happens, no pulldata.

Is there something else I should do to enable this function?

Any help would be appreciated. Thank you!

Pierre