Method to report/list all configured clients and their info.
list Mike Burger
Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
list Larry Bonham
Mike, Not sure what xymon version you have but "Reports -> Config Report" is a pretty complete dump of all monitored systems and related settings. Larry
▸
-----Original Message----- From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mike Burger Sent: Wednesday, May 11, 2016 12:42 PM To: xymon at xymon.com Subject: [Xymon] Method to report/list all configured clients and their info. Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
CONFIDENTIALITY NOTICE:
This electronic mail message is intended exclusively for
recipient to which it is addressed. The contents of this message
and any attachments may contain confidential and privileged
information. Any unauthorized review, use, print, storage, copy,
disclosure or distribution is strictly prohibited. If you have
received this message in error, please advise the sender
immediately by replying to the message's sender and delete all
copies of this message and its attachments without disclosing
the contents to anyone, or using the contents for any purpose.
list Richard Hamilton
Given that most of the information is in hosts.cfg, I would think you could script your report generation easily enough using perl or perhaps even awk. A script could also pick up the contents of any notes files, if they tended to contain useful descriptive information; and you could format it any way they wanted, even as a spreadsheet. On Wed, May 11, 2016 at 1:41 PM, Mike Burger <user-cc5c6e80f4c5@xymon.invalid>
▸
wrote:
Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
list Japheth Cleaver
▸
On Wed, May 11, 2016 10:41 am, Mike Burger wrote:
Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org
Directly from the web interface, not especially (unless you've enabled xymoncgimsg.cgi for HTTP transport of xymon messages), but it's fairly easy from the command line: xymoncmd xymon localhost "xymondboard test=info fields=hostname,ip,XMH_ALLPAGEPATHS" This will only return systems that have sent (or been reported by) at least one xymon status message, but for most configurations that's fine. There are different ways of collecting different types of auditable data as well such as looking at clientlog reports and comparing [ifconfig] output with whatever you might expect it to be. You can also compare incoming 'cpu' report existence with presence in hosts.cfg to find systems that haven't sent in a report at all and may not have been configured correctly. If you have plenty of spare RAM on your main monitor server, I've found that saving client data via xymond_channel to tmpfs enables all sorts of interesting possibilities for a security and/or audit team. greping through the live state of your entire environment can be quite useful. HTH, -jc
list Japheth Cleaver
I'd forgotten about that, but that's very helpful for humans via the web as well! -jc
▸
On Thu, May 12, 2016 9:16 am, Larry Bonham wrote:Mike, Not sure what xymon version you have but "Reports -> Config Report" is a pretty complete dump of all monitored systems and related settings. Larry -----Original Message----- From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mike Burger Sent: Wednesday, May 11, 2016 12:42 PM To: xymon at xymon.com Subject: [Xymon] Method to report/list all configured clients and their info. Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org
list John Rothlisberger
So, I find this command to be very interesting: xymoncmd xymon localhost "xymondboard test=info fields=hostname,ip,XMH_ALLPAGEPATHS" But, if I change it just a bit so that I get only the page name that a host resides on such as this: xymon 0 "xymondboard host=<HOSTNAME> test=info fields=XMH_ALLPAGEPATHS" It will return the page name that <HOSTNAME> resides on... UNLESS <HOSTNAME> is not unique and then it will include ALL the page names for hosts that match. For example, if I put in "host=serverABC123" (and that particular server name is unique) it will return a single page name. But, if I have multiple servers such as serverABC123, serverABC1, serverAB, & server - the page for every single one of those will be returned. So, my question is, how can I return a single page for that one specific hostname? I have tried several variations of the xymondboard command: - "xymondboard serverAB.testname fields=..." - "xymondboard host='serverAB' test=info fields=..." - "xymondboard host=serverAB test=info fields=..." Etc. Any ideas how I can get the returned data to be for a single host? Thanks, John Upcoming PTO: John Rothlisberger IT Strategy, Infrastructure & Security - Technology Growth Platform TGP for Business Process Outsourcing Accenture XXX.XXX.XXXX office
▸
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of J.C. Cleaver
Sent: Thursday, May 12, 2016 11:45 AM
To: Mike Burger <user-cc5c6e80f4c5@xymon.invalid>
Cc: xymon at xymon.com
Subject: Re: [Xymon] Method to report/list all configured clients and their info.
On Wed, May 11, 2016 10:41 am, Mike Burger wrote:Good morning, all. I've got a request from my security and monitoring team for a way to export a list of all configured clients along with their IP addresses and either descriptions or page/subpage locations. Other than providing them with a copy of hosts.cfg on a regular basis, I've been unsuccessful in locating a way to do so (either in the documentation/man pages, mailing list archives or just good old Google). Is there a method to do so from the Xymon interface? Maybe a plugin that I'm not, yet, aware of? -- Mike Burger http://www.bubbanfriends.org
Directly from the web interface, not especially (unless you've enabled xymoncgimsg.cgi for HTTP transport of xymon messages), but it's fairly easy from the command line: xymoncmd xymon localhost "xymondboard test=info fields=hostname,ip,XMH_ALLPAGEPATHS" This will only return systems that have sent (or been reported by) at least one xymon status message, but for most configurations that's fine. There are different ways of collecting different types of auditable data as well such as looking at clientlog reports and comparing [ifconfig] output with whatever you might expect it to be. You can also compare incoming 'cpu' report existence with presence in hosts.cfg to find systems that haven't sent in a report at all and may not have been configured correctly. If you have plenty of spare RAM on your main monitor server, I've found that saving client data via xymond_channel to tmpfs enables all sorts of interesting possibilities for a security and/or audit team. greping through the live state of your entire environment can be quite useful. HTH, -jc
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
www.accenture.com
list Thomas Eckert
▸
On May 13, 2016 18:44, user-7adce57665bb@xymon.invalid wrote:
>
> So, I find this command to be very interesting:
>
> xymoncmd xymon localhost "xymondboard test=info fields=hostname,ip,XMH_ALLPAGEPATHS"
>
> But, if I change it just a bit so that I get only the page name that a host resides on such as this:
> xymon 0 "xymondboard host= test=info fields=XMH_ALLPAGEPATHS"
>
> It will return the page name that resides on... UNLESS is not unique and then it will include ALL the page names for hosts that match.
▸
>
> For example, if I put in "host=serverABC123" (and that particular server name is unique) it will return a single page name. But, if I have multiple servers such as serverABC123, serverABC1, serverAB, & server - the page for every single one of those will be returned.
>
> So, my question is, how can I return a single page for that one specific hostname?
>
> I have tried several variations of the xymondboard command:
> - "xymondboard serverAB.testname fields=..."
> - "xymondboard host='serverAB' test=info fields=..."
> - "xymondboard host=serverAB test=info fields=..."
> Etc.
>
> Any ideas how I can get the returned data to be for a single host?
The is regex. This does not explain your example above (but that might be an "example issue").
The safest would be to anchor the hostname, like
host=^$
You could also have a look at my `xymonq` tool, http://www.it-eckert.com/software/xymonq/, that supports this among other queries.
All the best
Thomas
▸
> Thanks,
> John
> Upcoming PTO:
> _____________________________________________________________________
> John Rothlisberger
> IT Strategy, Infrastructure & Security - Technology Growth Platform
> TGP for Business Process Outsourcing
> Accenture
> XXX.XXX.XXXX office
> _____________________________________________________________________
>
>
> -----Original Message-----
> From: Xymon [mailto:xymon-bounces@xymon.com] On Behalf Of J.C. Cleaver
> Sent: Thursday, May 12, 2016 11:45 AM
> To: Mike Burger
> Cc: xymon@xymon.com
▸
> Subject: Re: [Xymon] Method to report/list all configured clients and their info.
>
> On Wed, May 11, 2016 10:41 am, Mike Burger wrote:
> > Good morning, all.
> >
> > I've got a request from my security and monitoring team for a way to
> > export a list of all configured clients along with their IP addresses
> > and either descriptions or page/subpage locations.
> >
> > Other than providing them with a copy of hosts.cfg on a regular basis,
> > I've been unsuccessful in locating a way to do so (either in the
> > documentation/man pages, mailing list archives or just good old Google).
> >
> > Is there a method to do so from the Xymon interface? Maybe a plugin
> > that I'm not, yet, aware of?
> >
> > --
> > Mike Burger
> > http://www.bubbanfriends.org
> >
>
>
> Directly from the web interface, not especially (unless you've enabled xymoncgimsg.cgi for HTTP transport of xymon messages), but it's fairly easy from the command line:
>
> xymoncmd xymon localhost "xymondboard test=info fields=hostname,ip,XMH_ALLPAGEPATHS"
>
> This will only return systems that have sent (or been reported by) at least one xymon status message, but for most configurations that's fine.
> There are different ways of collecting different types of auditable data as well such as looking at clientlog reports and comparing [ifconfig] output with whatever you might expect it to be. You can also compare incoming 'cpu' report existence with presence in hosts.cfg to find systems that haven't sent in a report at all and may not have been configured correctly.
>
>
> If you have plenty of spare RAM on your main monitor server, I've found that saving client data via xymond_channel to tmpfs enables all sorts of interesting possibilities for a security and/or audit team. greping through the live state of your entire environment can be quite useful.
>
>
> HTH,
> -jc
>
>
>
> Xymon@xymon.com
▸
>
> ________________________________
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
>
> www.accenture.com
>
> Xymon@xymon.com