Xymon Mailing List Archive search

xymoncgimsg.cgi

3 messages in this thread

list Stef Coene · Tue, 06 Dec 2011 21:17:26 +0100 · 
Hi,

Some time ago Ralph Mitchell posted a message that he was able to use 
curl to post a message to the cgi script xymoncgimsg.cgi.
http://comments.gmane.org/gmane.comp.monitoring.hobbit/27772
I'm trying to do the same, but it's not working.

Ralph, can you explain more in detail what you did?
Or somebody else can help?

The goal is to use ssl encryption between client and server.  I also 
like the idea of using the https protocol for the communication.


Stef
list Henrik Størner · Tue, 06 Dec 2011 22:11:53 +0100 ·
quoted from Stef Coene
On 06-12-2011 21:17, Stef Coene wrote:
Hi,

Some time ago Ralph Mitchell posted a message that he was able to use
curl to post a message to the cgi script xymoncgimsg.cgi.
http://comments.gmane.org/gmane.comp.monitoring.hobbit/27772
I'm trying to do the same, but it's not working.
I tried it here, and it works fine. You need to copy the xymoncgimsg.cgi binary to your ~xymon/cgi-bin/ directory (or setup a symlink and configure the webserver to accept links), but then it works fine.

I didn't try the SSL client-certificate stuff that Ralph was doing, but a plain "send a command to xymond" stuff is working OK.

Here's the commandline I used:

curl \
    -d "xymondboard" \
    -H "Content-type: application/octet-stream" \
    -H "Mime-version: 1.0" \
    http://www.xymon.com/xymon-cgi/xymoncgimsg.cgi

This just sends a "xymondboard" command to fetch the current status of all Xymon tests; you can replace it with a status message or the client data, if that is what you want to transmit.

Note that if you use an https-URL, many curl installations do not come with an up-to-date set of root certificates, so you will either need to update that - or use the "-k" option to disable checking of the SSL certificate from the server.


Regards,
Henrik
list Ralph Mitchell · Wed, 7 Dec 2011 13:10:20 -0500 · 
I just realized that my response went solely to Henrik, instead of going to
the list address as I expected.  So, here it is again.
quoted from Henrik Størner

On Tue, Dec 6, 2011 at 4:11 PM, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:

On 06-12-2011 21:17, Stef Coene wrote:

Hi,

Some time ago Ralph Mitchell posted a message that he was able to use
curl to post a message to the cgi script xymoncgimsg.cgi.

http://comments.gmane.org/**gmane.comp.monitoring.hobbit/**27772<http://comments.gmane.org/gmane.comp.monitoring.hobbit/27772>;
quoted from Henrik Størner
I'm trying to do the same, but it's not working.

I tried it here, and it works fine. You need to copy the xymoncgimsg.cgi
binary to your ~xymon/cgi-bin/ directory (or setup a symlink and configure
the webserver to accept links), but then it works fine.

I didn't try the SSL client-certificate stuff that Ralph was doing, but a
plain "send a command to xymond" stuff is working OK.

Here's the commandline I used:

curl \
  -d "xymondboard" \
  -H "Content-type: application/octet-stream" \
  -H "Mime-version: 1.0" \

  http://www.xymon.com/xymon-**cgi/xymoncgimsg.cgi<http://www.xymon.com/xymon-cgi/xymoncgimsg.cgi>;
quoted from Henrik Størner

This just sends a "xymondboard" command to fetch the current status of all
Xymon tests; you can replace it with a status message or the client data,
if that is what you want to transmit.

Note that if you use an https-URL, many curl installations do not come
with an up-to-date set of root certificates, so you will either need to
update that - or use the "-k" option to disable checking of the SSL
certificate from the server.

Yep, that's how I did it.  As far as certificates go, if you're posting to
a secure server that you control, you should be able to lift the CA cert
chain from the server itself.  It ought to have the certs to verify its own
cert when it starts up.  You can cat several pem-encoded certs together
into one file, then supply that to curl:

     --cacert /path/to/secure/xymon-server/cert.pem

or dump the individual pem certs into a directory and give that location
using --capath.

Ralph Mitchell