Xymon Mailing List Archive search

SSH - Make Red if ACTIVE

3 messages in this thread

list FreeSoftwareServers · Thu, 21 Jul 2016 11:58:58 -0400 · 
I have set up XYMon and XYMon - Client successfully today!

 
But I have an interesting situation, I have services like my Routers and
esxi servers where I want XYMon to go RED if SSH is ENABLED. It should be
disabled for security, can I make it so it runs the other way around then
normal?

 
I Apologize if this is written somewhere and super easy, I couldn't find it!

 
PS: I had a hard time getting client to work, if I can make a polite
suggestion for the this webpage >>

 
http://xymon.sourceforge.net/xymon/help/xymon-tips.html#noclient

 
Basically that

 
cat /etc/default/xymon-client | grep CLIENTHOSTNAME 

 
must match

 
XYMon-Server's  /etc/xymon/hosts.cfg.

 
1.2.3.4 CLIENTHOSTNAME # Extra Params

 
I understand that it is implied in the text, but this might make things much
easier to fix for those of us looking to solve the issue of "The client is
using another hostname than what is in the hosts.cfg file."
list John Thurston · Thu, 21 Jul 2016 13:10:18 -0800 · 
On 7/21/2016 7:58 AM, FreeSoftwareServers wrote:
I want XYMon to go RED if SSH is ENABLED
0.0.0.0  foo.bar.com  # !ssh

 From the man page for hosts.cfg

By prefixing a test with "!" it becomes a reverse test: Xymon will
expect the service NOT to be available, and send a green status if it
does NOT respond. If a connection to the service succeeds, the status
will go red.
-- 
    Do things because you should, not just because you can.

John Thurston    XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Enterprise Technology Services
Department of Administration
State of Alaska
list Axel Beckert · Fri, 5 Aug 2016 15:21:29 +0200 · 
Hi,
quoted from John Thurston

On Thu, Jul 21, 2016 at 01:10:18PM -0800, John Thurston wrote:
On 7/21/2016 7:58 AM, FreeSoftwareServers wrote:
I want XYMon to go RED if SSH is ENABLED
0.0.0.0  foo.bar.com  # !ssh
That's for the remote test.

If you want a "local" test, i.e. one that's based on data sent by the
client, you can put lines the following into your analysis.cfg:

HOST=foo.bar.com
    PORT STATE=LISTEN "LOCAL=%^(0\.0\.0\.0|::)[.:](22|1022|2200|2222)$" MAX=0 "TRACK=Unwanted SSH server"

(We use that to get informed if some user starts a web server on
typical ports like 8000 or 8080 on managed Linux workstations.)

		Kind regards, Axel Beckert
-- 
Axel Beckert <user-96d9963fe797@xymon.invalid>       support: +41 44 633 26 68
IT Services Group, HPT H 6                  voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland		   http://nic.phys.ethz.ch/