Monitoring Remote Sites
list Jonathan Bishop
Hi. Does anyone have an experience with using xymon to monitor remote sites? How do you handle the security side of things? Can we use xymon with SSL for example? Thank you. Jon B.
list Jeremy Laidman
▸
On 4 April 2013 00:59, Jonathan Bishop <user-c5231dd0a8e2@xymon.invalid> wrote:
Does anyone have an experience with using xymon to monitor remote sites? How do you handle the security side of things? Can we use xymon with SSL for example?
You can do various VPN type things, such as using stunnel or ssh tunnels (with key auth). Also, you can run the client from the server (eg from tasks.cfg) over an ssh connection like so: ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at remote-server'/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"' J
list Jeremy Laidman
▸
On 4 April 2013 12:55, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
You can do various VPN type things, such as using stunnel or ssh tunnels (with key auth).
Also, this: http://lists.xymon.com/archive/2011-October/032866.html In summary, the client-side can use curl to send a web "POST" message to the Xymon server using an https:// type URL. Encryption solved. The Xymon server can do whatever authentication is required (password, client-side certificate, or none). J
list Ralph Mitchell
▸
On Apr 3, 2013 10:33 PM, "Jeremy Laidman" <user-71895fb2e44c@xymon.invalid> wrote:
On 4 April 2013 12:55, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:You can do various VPN type things, such as using stunnel or ssh tunnels
(with key auth).
Also, this: http://lists.xymon.com/archive/2011-October/032866.html In summary, the client-side can use curl to send a web "POST" message to the Xymon server using an https:// type URL. Encryption solved. The Xymon server can do whatever authentication is required (password, client-side certificate, or none).
Just to clarify - on the Xymon server side it's Apache that handles the client authentication, and there are many docs describing that. Xymon itself is not involved in the authentication or encryption. I also found that the xymoncgi handler sends back to the client any client-local configuration that it finds, so it isn't just a one way street. Ralph Mitchell
list Jonathan Bishop
Thank you all for the suggestions. Much appreciated. Regards, Jon B.
▸
On Thu, Apr 4, 2013 at 2:12 PM, Ralph Mitchell <user-00a5e44c48c0@xymon.invalid>wrote:
On Apr 3, 2013 10:33 PM, "Jeremy Laidman" <user-71895fb2e44c@xymon.invalid> wrote:On 4 April 2013 12:55, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:You can do various VPN type things, such as using stunnel or ssh tunnels (with key auth).Also, this: http://lists.xymon.com/archive/2011-October/032866.html In summary, the client-side can use curl to send a web "POST" message to the Xymon server using an https:// type URL. Encryption solved. TheXymon server can do whatever authentication is required (password, client-side certificate, or none). Just to clarify - on the Xymon server side it's Apache that handles the client authentication, and there are many docs describing that. Xymon itself is not involved in the authentication or encryption. I also found that the xymoncgi handler sends back to the client any client-local configuration that it finds, so it isn't just a one way street. Ralph Mitchell