XYmon in a DMZ
list L.M.J
Hi, Can someone explain me if I could do this with XYmon ! 1) DMZ hosts send all data to a "local DMZ xymon" 2) XYmon global server fetch all data from this "local DMZ xymon" I bet I have to use "xymonproxy", but I read and re-read the documentation, it's very cristal clear for me. Can someone explain to the big picture please ? Also, I have hosts in a remote site, I installed a Xymon server there. Remote hosts report to this remote XYmon server. For a few hosts, I add an extra IP to XYMSERVERS and it sends also data to my XYmon global server Is it the best to do it ? Like the previous questin, can the XYmon global server fetch data from the remote Xymon server. With my choice : 1 global xymon, 1 on each remote location, I have to watch a couple of the XYmon pages, I don't have an global overview... How do you guys do ? Any Xymon architecture advices is welcome ! Thanks -- LMJ "May the source be with you my young padawan"
list Paul Root
I'm not sure about fetching from one server to the next, but someone will answer that. I would (and do) setup the DMZ server as a proxy and server in one. Have the proxy run on port 1984, and the server run on port 1985 (or other). Then the proxy forwards to the local server port and to the global. Or to keep things simpler, don't have the DMZ xymon server even be a server, have it just be a proxy. As to the remote machine. If you are sending straight to the global server anyway, why bother with that server? If you do need it there, then it probably wants to be a proxy as well. You can also have the remote servers send a summary status to the global, that way you will know with 1 icon the state of the remote servers' clients. That is, if it is green, everything reporting to that server is green.
▸
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of L.M.J
Sent: Monday, March 10, 2014 1:07 PM
To: xymon at xymon.com
Subject: [Xymon] XYmon in a DMZ
Hi,
Can someone explain me if I could do this with XYmon !
1) DMZ hosts send all data to a "local DMZ xymon"
2) XYmon global server fetch all data from this "local DMZ xymon"
I bet I have to use "xymonproxy", but I read and re-read the documentation,
it's very cristal clear for me. Can someone explain to the big picture
please ?
Also, I have hosts in a remote site, I installed a Xymon server there. Remote
hosts report to this remote XYmon server. For a few hosts, I add an extra IP
to XYMSERVERS and it sends also data to my XYmon global server
Is it the best to do it ? Like the previous questin, can the XYmon global
server fetch data from the remote Xymon server.
With my choice : 1 global xymon, 1 on each remote location, I have to watch a
couple of the XYmon pages, I don't have an global overview...
How do you guys do ? Any Xymon architecture advices is welcome !
Thanks
--
LMJ
"May the source be with you my young padawan"
list Martin Sperl
We have some something like this using msgcache. Essentially you do the following: * on one of the xyagents in the DMZ you configure msgcache by enabling it. * on all the servers you set up the above server as the XYMONSERVER instead of your central server * on your central xymon server you: ** set up xymonfetch (removing --server=YOUR.XYMON.SERVER.IP and possibly adding a different polling-interval: --interval=10) ** in your hosts file you add to the "msgcache" server line: "#bbd pulldata=<ip_of_msgcache_server>:1984 That way you get the data via a _pull_ from the server (so the connection is established by the Server and connects to the DMZ) and no connections need to get opened allowing access from the DMZ to the XYMON server. But there is one thing: There will be a delay of up to 10 seconds between the message getting sent by the agent and the time the message shows up on the server (Agent->msgcache is instantaneous while msgcache -> Server only happens every 10 seconds), which might (depending on your configs) trigger the "alerts" regarding the clocks being out of sync... Martin
▸
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Root, Paul T
Sent: Montag, 10. März 2014 19:22
To: 'L.M.J'; 'xymon at xymon.com'
Subject: Re: [Xymon] XYmon in a DMZ
I'm not sure about fetching from one server to the next, but someone will answer that.
I would (and do) setup the DMZ server as a proxy and server in one. Have the proxy run on port 1984, and the server run on port 1985 (or other).
Then the proxy forwards to the local server port and to the global.
Or to keep things simpler, don't have the DMZ xymon server even be a server, have it just be a proxy.
As to the remote machine. If you are sending straight to the global server anyway, why bother with that server? If you do need it there, then it probably wants to be a proxy as well.
You can also have the remote servers send a summary status to the global, that way you will know with 1 icon the state of the remote servers' clients. That is, if it is green, everything reporting to that server is green.
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of L.M.J
Sent: Monday, March 10, 2014 1:07 PM
To: xymon at xymon.com
Subject: [Xymon] XYmon in a DMZ
Hi,
Can someone explain me if I could do this with XYmon !
1) DMZ hosts send all data to a "local DMZ xymon"
2) XYmon global server fetch all data from this "local DMZ xymon"
I bet I have to use "xymonproxy", but I read and re-read the documentation,
it's very cristal clear for me. Can someone explain to the big picture
please ?
Also, I have hosts in a remote site, I installed a Xymon server there. Remote
hosts report to this remote XYmon server. For a few hosts, I add an extra IP
to XYMSERVERS and it sends also data to my XYmon global server
Is it the best to do it ? Like the previous questin, can the XYmon global
server fetch data from the remote Xymon server.
With my choice : 1 global xymon, 1 on each remote location, I have to watch a
couple of the XYmon pages, I don't have an global overview...
How do you guys do ? Any Xymon architecture advices is welcome !
Thanks
--
LMJ
"May the source be with you my young padawan"
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
list Gautier Begin
Hello,
You get it. To monitor with XYMON a special network zone, you have to use the XYMON proxy.
To install it:
A.\ Install a XYMON server.
B.\ Change its task.cfg file as follow:
* DISABLE the xymond (daemon fr the XYMONserver)
* Enable xymonproxy (proxy XYMON), xymonnet (ping and nework test) and xymonclient (local XYMONclient)
[xymond]
DISABLED
[xymonproxy]
ENVFILE <xymon_path>/etc/xymonserver.cfg
CMD $XYMONHOME/bin/xymonproxy --server=YOUR.XYMON.SERVER.IP --report=$MACHINE.xymonproxy --no-daemon --pidfile=$XYMONSERVERLOGS/xymonproxy.pid
LOGFILE $XYMONSERVERLOGS/xymonproxy.log
[xymonnet]
ENVFILE <xymon_path>/etc/xymonserver.cfg
CMD xymonnet --report --ping --checkresponse
LOGFILE $XYMONSERVERLOGS/xymonnet.log
INTERVAL 5m
C.\ Modify/check the hosts.cfg on both xymon proxy and xymon server.
On the xymon proxy, indicate the list of the targets of the "special network zone" you want to monitor
On the xymon server, indicate the list of the targets of the "special network zone" you want to monitor with the noconn tag at the end. This disable the ping from the xymon server. It will be done from the the xymon server by the xymonnet process. Don't do it for the xymon proxy itself.
D.\ Configure your agents in your "special network zone" to send data to the xymon proxy.
E.\ Configure your FW to enable these flows:
- xymonproxy -----> xymonserver:1984 (TCP)
- xymonserver -----> xymonproxy (ICMP)
F.\ Start your xymonproxy the same way you do for a xymon server.
G.\ Enjoy !! - Rq: Data on communication flow are shown in the the xymonproxy xymon test.
Cordialement, Regards,Mit freundlichen Grüßen,
Gautier BEGIN
CSC • This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose
• CSC Computer Sciences SAS • Registered Office: Immeuble Le Balzac, 10 Place des Vosges, 92072 Paris La Défense Cedex, France • Registered in France: RCS Nanterre B 315 268 664
From: "L.M.J" <user-78bb6d5d9024@xymon.invalid>
To: <xymon at xymon.com>
Date: 03/10/2014 07:07 PM
Subject: [Xymon] XYmon in a DMZ
Sent by: "Xymon" <xymon-bounces at xymon.com>
▸
Hi,
Can someone explain me if I could do this with XYmon !
1) DMZ hosts send all data to a "local DMZ xymon"
2) XYmon global server fetch all data from this "local DMZ xymon"
I bet I have to use "xymonproxy", but I read and re-read the documentation,
it's very cristal clear for me. Can someone explain to the big picture
please ?
Also, I have hosts in a remote site, I installed a Xymon server there. Remote
hosts report to this remote XYmon server. For a few hosts, I add an extra IP
to XYMSERVERS and it sends also data to my XYmon global server
Is it the best to do it ? Like the previous questin, can the XYmon global
server fetch data from the remote Xymon server.
With my choice : 1 global xymon, 1 on each remote location, I have to watch a
couple of the XYmon pages, I don't have an global overview...
How do you guys do ? Any Xymon architecture advices is welcome !
Thanks
--
LMJ
"May the source be with you my young padawan"