Xymon pull client data setup
list Blake
After getting the "piss off" response from security in regards to
monitoring systems in the DMZ I need to configure about two dozen systems
for pull vs the standard push.
While I have gone through the documentation I am still having a few issues
and needed some help.
*Server Changes
=>updated server/etc/tasks.cfg
[xymonfetch]
ENABLED
ENVFILE /app/xymon/server/etc/xymonserver.cfg
CMD $XYMONHOME/bin/xymonfetch --server=10.1.1.73 --no-daemon
--pidfile=$XYMONSERVERLOGS/xymonfetch.pid --interval=60 --log-interval=600
--debug
LOGFILE $XYMONSERVERLOGS/xymonfetch.log
*Client Changes
=>updated server/etc/clientlaunch.cfg
[msgcache]
ENABLED
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon
--pidfile=$XYMONCLIENTLOGS/msgcache.pid --debug
--logfile=$XYMONCLIENTLOGS/msgcachedaemon.log --max-age=1200
LOGFILE $XYMONCLIENTLOGS/msgcache.log
# The main client task
[client]
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/xymonclient.sh
LOGFILE $XYMONCLIENTLOGS/xymonclient.log
INTERVAL 5m
=>updated server/etc/xymonclient.cfg
XYMSRV="127.0.0.1"
Any help to get this working is greatly appreciated.
Thanks
Blake
list Galen Johnson
I have this working for all my EC2 servers (same issue with security and opening firewall ports back inside). Do you have port open and verified the msgcache service is running on the clients? Also, check the xymon server logs...that's where I found the most helpful info. =G=
▸
From: Xymon <xymon-bounces at xymon.com> on behalf of Blake <user-fb8e66f0958d@xymon.invalid>
Sent: Tuesday, October 7, 2014 2:17 PM
To: xymon at xymon.com
Subject: [Xymon] Xymon pull client data setup
After getting the "piss off" response from security in regards to monitoring systems in the DMZ I need to configure about two dozen systems for pull vs the standard push.
While I have gone through the documentation I am still having a few issues and needed some help.
*Server Changes
=>updated server/etc/tasks.cfg
[xymonfetch]
ENABLED
ENVFILE /app/xymon/server/etc/xymonserver.cfg
CMD $XYMONHOME/bin/xymonfetch --server=10.1.1.73 --no-daemon --pidfile=$XYMONSERVERLOGS/xymonfetch.pid --interval=60 --log-interval=600 --debug
LOGFILE $XYMONSERVERLOGS/xymonfetch.log
*Client Changes
=>updated server/etc/clientlaunch.cfg
[msgcache]
ENABLED
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon --pidfile=$XYMONCLIENTLOGS/msgcache.pid --debug --logfile=$XYMONCLIENTLOGS/msgcachedaemon.log --max-age=1200
LOGFILE $XYMONCLIENTLOGS/msgcache.log
# The main client task
[client]
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/xymonclient.sh
LOGFILE $XYMONCLIENTLOGS/xymonclient.log
INTERVAL 5m
=>updated server/etc/xymonclient.cfg
XYMSRV="127.0.0.1"
Any help to get this working is greatly appreciated.
Thanks
Blake
list Galen Johnson
also, did you add "pulldata" to the clients in your xymon hosts file.
▸
On Tue, Oct 7, 2014 at 2:27 PM, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:
I have this working for all my EC2 servers (same issue with security and
opening firewall ports back inside). Do you have port open and verified
the msgcache service is running on the clients? Also, check the xymon
server logs...that's where I found the most helpful info.
=G=
*From:* Xymon <xymon-bounces at xymon.com> on behalf of Blake <
user-fb8e66f0958d@xymon.invalid>
*Sent:* Tuesday, October 7, 2014 2:17 PM
*To:* xymon at xymon.com
*Subject:* [Xymon] Xymon pull client data setup
After getting the "piss off" response from security in regards to
monitoring systems in the DMZ I need to configure about two dozen systems
for pull vs the standard push.
While I have gone through the documentation I am still having a few
issues and needed some help.
*Server Changes
=>updated server/etc/tasks.cfg
[xymonfetch]
ENABLED
ENVFILE /app/xymon/server/etc/xymonserver.cfg
CMD $XYMONHOME/bin/xymonfetch --server=10.1.1.73 --no-daemon
--pidfile=$XYMONSERVERLOGS/xymonfetch.pid --interval=60 --log-interval=600
--debug
LOGFILE $XYMONSERVERLOGS/xymonfetch.log
*Client Changes
=>updated server/etc/clientlaunch.cfg
[msgcache]
ENABLED
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon
--pidfile=$XYMONCLIENTLOGS/msgcache.pid --debug
--logfile=$XYMONCLIENTLOGS/msgcachedaemon.log --max-age=1200
LOGFILE $XYMONCLIENTLOGS/msgcache.log
# The main client task
[client]
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/xymonclient.sh
LOGFILE $XYMONCLIENTLOGS/xymonclient.log
INTERVAL 5m
=>updated server/etc/xymonclient.cfg
XYMSRV="127.0.0.1"
Any help to get this working is greatly appreciated.
Thanks
Blake
list Thomas Eckert
Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative. In a nutshell it provides a convenient way to manage an ssh tunnel to clients (opening port 1984 there). Upstream: https://wiki.xymonton.org/doku.php/addons:ssh_tunnel?s[]=ssh&s[]=tunnel Bashified-version with a few tweaks: http://www.it-eckert.com/software/patches/ssh-tunnel/ More background info on usage (incl. combining 1 tunnel with xymonproxy to provide a "hub" for a bunch of EC2 instances): http://www.it-eckert.com/blog/2014/remote-site-monitoring-with-ssh-tunnel/ http://www.it-eckert.com/blog/2014/combine-ssh-tunnel-with-xymonproxy/ Thomas Am 08.10.2014 02:22 schrieb Galen Johnson <user-fc632e705d24@xymon.invalid>:
▸
also, did you add "pulldata" to the clients in your xymon hosts file. On Tue, Oct 7, 2014 at 2:27 PM, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:I have this working for all my EC2 servers (same issue with security and opening firewall ports back inside). Do you have port open and verified the msgcache service is running on the clients? Also, check the xymon server logs...that's where I found the most helpful info. =G= From: Xymon <xymon-bounces at xymon.com> on behalf of Blake <user-fb8e66f0958d@xymon.invalid> Sent: Tuesday, October 7, 2014 2:17 PM To: xymon at xymon.com Subject: [Xymon] Xymon pull client data setup After getting the "piss off" response from security in regards to monitoring systems in the DMZ I need to configure about two dozen systems for pull vs the standard push. While I have gone through the documentation I am still having a few issues and needed some help. *Server Changes =>updated server/etc/tasks.cfg [xymonfetch] ENABLED ENVFILE /app/xymon/server/etc/xymonserver.cfg CMD $XYMONHOME/bin/xymonfetch --server=10.1.1.73 --no-daemon --pidfile=$XYMONSERVERLOGS/xymonfetch.pid --interval=60 --log-interval=600 --debug LOGFILE $XYMONSERVERLOGS/xymonfetch.log *Client Changes =>updated server/etc/clientlaunch.cfg [msgcache] ENABLED ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon --pidfile=$XYMONCLIENTLOGS/msgcache.pid --debug --logfile=$XYMONCLIENTLOGS/msgcachedaemon.log --max-age=1200 LOGFILE $XYMONCLIENTLOGS/msgcache.log # The main client task [client] ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/xymonclient.sh LOGFILE $XYMONCLIENTLOGS/xymonclient.log INTERVAL 5m =>updated server/etc/xymonclient.cfg XYMSRV="127.0.0.1" Any help to get this working is greatly appreciated. Thanks Blake
list Jeremy Laidman
▸
On 8 October 2014 16:36, Thomas Eckert <user-2a86d6cd6326@xymon.invalid> wrote:
Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative.
Various methods of tunnelling Xymon are documented here: http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Guide#Encryption_and_Tunnelling For example, add the following to tasks.cfg: [xymon-over-ssh] ENVFILE /usr/lib/xymon/server/etc/xymonserver.cfg CMD ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at xymon-client '/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"' LOGFILE $XYMONERVERLOGS/xymon-over-ssh.log INTERVAL 5m This requires no additional software. As long as the xymon user can ssh to the remote xymon client machine using key authentication, and as long as the xymon client is installed in the expected location, it should work as expected. J
list Thomas Eckert
▸
On 08 Oct 2014, at 07:56, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
On 8 October 2014 16:36, Thomas Eckert <user-2a86d6cd6326@xymon.invalid> wrote: Depending on the extent of the security requirements 'ssh-tunnel' may be an alternative. Various methods of tunnelling Xymon are documented here: http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Guide#Encryption_and_Tunnelling For example, add the following to tasks.cfg: [xymon-over-ssh] ENVFILE /usr/lib/xymon/server/etc/xymonserver.cfg CMD ssh -R1984:127.0.0.1:1984 -o batchmode=yes xymon at xymon-client '/usr/lib/xymon/client/bin/xymoncmd sh -c "XYMSRV=127.0.0.1 /usr/lib/xymon/client/bin/xymonclient.sh"' LOGFILE $XYMONERVERLOGS/xymon-over-ssh.log INTERVAL 5m This requires no additional software. As long as the xymon user can ssh to the remote xymon client machine using key authentication, and as long as the xymon client is installed in the expected location, it should work as expected.
Agreed. That’s a nice and out-of-the-box solution. It does not require the ssh-tunnel extension on the server-side. But if you do this for a lot of clients the ssh overhead _may_ become a problem (every 5 minutes). The ssh-tunnel extension creates a persistent tunnel that is only re-created if not already established. For only a few systems I’d use your example if pulldata is not desired. For larger setups I prefer the persistent tunnel (with xymonproxy on the far end). Cheers Thomas