How to test remote ports
list Christoph Zechner
Hi, I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this: PORT REMOTE=1.2.3.4:80 but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not. Am I doing something wrong here? Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right? Thanks in advance! Best regards Christoph Zechner
list Josh Luthman
Is 1.2.3.4 your Xymon server or the host IP? The 1.2.3.4 in your example is the local addr that it would request from. If you don't care, you could use *:80. https://xymon.com/help/manpages/man5/analysis.cfg.5.html
▸
On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <user-249716582ccc@xymon.invalid> wrote:
Hi, I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this: PORT REMOTE=1.2.3.4:80 but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not. Am I doing something wrong here? Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right? Thanks in advance! Best regards Christoph Zechner
list Jeremy Laidman
I would try *:80 as Josh suggested. It might not be exactly what you want, but it might help to narrow down where the problem is. What scenario are you trying to alert on? Are you trying to detect when there's an established outgoing connection from the monitored host to one specific other host? I tend to use regular expressions, perhaps because of the examples in analysis.cfg. In case it helps, here's an example that works for me, albeit from the analysis.cfg file (I don't use client mode anywhere): PORT "REMOTE=%([.:]179)$" state=ESTABLISHED min=0 max=4 color=yellow "TEXT=bgp connections out (TCP/179)" I don't believe the quotes around "REMOTE=..." are important - it's just how I tend to use regular expressions. J On Thu, 19 Jan 2023 at 07:43, Josh Luthman <user-4c45a83f15cb@xymon.invalid>
▸
wrote:
Is 1.2.3.4 your Xymon server or the host IP? The 1.2.3.4 in your example is the local addr that it would request from. If you don't care, you could use *:80. https://xymon.com/help/manpages/man5/analysis.cfg.5.html On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <user-249716582ccc@xymon.invalid> wrote:Hi, I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this: PORT REMOTE=1.2.3.4:80 but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not. Am I doing something wrong here? Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right? Thanks in advance! Best regards Christoph Zechner
list Christoph Zechner
Hi,
▸
On 18/01/2023 21:15, Josh Luthman wrote:Is 1.2.3.4 your Xymon server or the host IP?? The 1.2.3.4 in your example is the local addr that it would request from.? If you don't care, you could use *:80.
1.2.3.4 is the host IP, I want to check if the port 80 on the remote IP 1.2.3.4 is online (which it is, checked with nmap). I've read the man page and came to the conclusion, if I put a remote port in there, it'd check it like a local port.
https://xymon.com/help/manpages/man5/analysis.cfg.5.html <https://xymon.com/help/manpages/man5/analysis.cfg.5.html>;
▸
On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <user-249716582ccc@xymon.invalid <mailto:user-249716582ccc@xymon.invalid>> wrote:
Hi,
I've been trying to establish a remote port check, but cannot get it to
work. After reading the man pages and the corresponding topics on the
mailing list, I've configured a test like this:
PORT REMOTE=1.2.3.4:80 <http://1.2.3.4:80>;
▸
but the remote port always comes back as down, even though it is up. Am
I doing something wrong? Local port checks all work perfectly, only the
remote ones do not.
Am I doing something wrong here?
Context: I am using local mode on all clients, so I'm putting all my
checks in /etc/xymon/localclient.cfg, but this should not effect this
check, right?
Thanks in advance!
Best regards
Christoph Zechner
<
list Christoph Zechner
Hi,
▸
On 18/01/2023 23:52, Jeremy Laidman wrote:I would try *:80 as Josh suggested. It might not be exactly what you want, but it might help to narrow down where the problem is.
this would not work, because port 80 does not show up on the xymon server, it is a remote (Windows) machine.
What scenario are you trying to alert on? Are you trying to detect when there's an established outgoing connection from the monitored host to one specific other host?
I want to get an alert, if port 80 (in this example) went down for any reason on the remote machine, just like I can monitor a port on my xymon server. This Windows machine is the endpoint of an ipsec tunnel and I want to monitor its open ports.
▸
I tend to use regular expressions, perhaps because of the examples in analysis.cfg. In case it helps, here's an example that works for me, albeit from the analysis.cfg file (I don't use client mode anywhere): PORT "REMOTE=%([.:]179)$" state=ESTABLISHED min=0 max=4 color=yellow "TEXT=bgp connections out (TCP/179)"
Thanks for the example, but the thing is, I do not have an established connection to the remote port, I just want to check if its present or not. :-/ Cheers Christoph
▸
I don't believe the quotes around "REMOTE=..." are important - it's just how I tend to use regular expressions.
J
On Thu, 19 Jan 2023 at 07:43, Josh Luthman <user-4c45a83f15cb@xymon.invalid <mailto:user-4c45a83f15cb@xymon.invalid>> wrote:
Is 1.2.3.4 your Xymon server or the host IP?? The 1.2.3.4 in your
example is the local addr that it would request from.? If you don't
care, you could use *:80.
https://xymon.com/help/manpages/man5/analysis.cfg.5.html
<https://xymon.com/help/manpages/man5/analysis.cfg.5.html>;
On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <user-249716582ccc@xymon.invalid
<mailto:user-249716582ccc@xymon.invalid>> wrote:
Hi,
I've been trying to establish a remote port check, but cannot
get it to
work. After reading the man pages and the corresponding topics
on the
mailing list, I've configured a test like this:
PORT REMOTE=1.2.3.4:80 <http://1.2.3.4:80>;
but the remote port always comes back as down, even though it is
up. Am
I doing something wrong? Local port checks all work perfectly,
only the
remote ones do not.
Am I doing something wrong here?
Context: I am using local mode on all clients, so I'm putting
all my
checks in /etc/xymon/localclient.cfg, but this should not effect
this
check, right?
Thanks in advance!
Best regards
Christoph Zechner
<
<
list Henrik Størner
Hi, why are you trying to do it with a client-side test? You should just add an http test to the configuration and run it as a network test. In hosts.cfg: 1.2.3.4 myhost? # http://1.2.3.4/ If you must do it client-side, then you should add a test for port 80 being in LISTEN state. There are several examples of that on the Xymon demo site https://www.xymon.com/xymon-cgi/viewconf.sh?client like this which tests for port 6543 running a MythTV service HOST=goya.hswn.rv13 PORT LOCAL=%[\.:]6543 STATE=LISTEN TEXT=myth Regards, Henrik Den 17.01.2023 kl. 23.29 skrev Christoph Zechner:
▸
Hi, I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this: PORT REMOTE=1.2.3.4:80 but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not. Am I doing something wrong here? Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right? Thanks in advance! Best regards Christoph Zechner
list Henrik Størner
Den 19.01.2023 kl. 08.13 skrev Christoph Zechner:
why are you trying to do it with a client-side test?Because I thought this was the idea behind the remote port check, but I now see my error here.
▸
You should just add an http test to the configuration and run it as a network test. In hosts.cfg: 1.2.3.4 myhost? # http://1.2.3.4/
This does not test for the port though.
The hosts.cfg entry above _does_ test port 80 by establishing a connection to the port, sending an http request and verifying the response.
Port 80 was just an example for a random port, if I wanted to check port 3389 on a remote Windows machine, how would I do that?
The protocols.cfg file lists the various network protocols that Xymon knows about (and you can add your own, if you need any). Port 3389 is the RDP port, which is one of the protocols Xymon knows. So to test for that, use 1.2.3.4 myhost # rdp Add as many network tests as you like, eg. if you want to test host 1.2.3.4 for both http and RDP: 1.2.3.4 myhost # http://1.2.3.4/ rdp Regards, Henrik
list Becker Christian
Hi,
another possible scenario could be to put the following in protocols.cfg (in my example to check for port 82):
[tcp82]
port 82
In your hosts.cfg, you need to put tcp82 just after the hostname that you want to check (don't forget to include the #) - example:
1.2.3.4 testhost # tcp82
After a while your testhost should show up an additional column tcp82 (it's the name is as defined in your protocols.cfg).
We are doing that for a lot of hosts.
Hope it'll help you a bit.
Regards
Christian
-----Urspr?ngliche Nachricht-----
Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Christoph Zechner
Gesendet: Dienstag, 17. Januar 2023 23:30
An: xymon at xymon.com
Betreff: [Xymon] How to test remote ports
WARNUNG: Diese E-Mail kam von au?erhalb der Organisation. Klicken Sie nicht auf Links oder ?ffnen Sie keine Anh?nge, es sei denn, Sie kennen den Absender und wissen, dass der Inhalt sicher ist.
▸
Hi,
I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this:
PORT REMOTE=1.2.3.4:80
but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not.
Am I doing something wrong here?
Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right?
Thanks in advance!
Best regards
Christoph Zechner
list Christoph Zechner
▸
On 19/01/2023 08:43, Henrik Juul St?rner wrote:
Den 19.01.2023 kl. 08.13 skrev Christoph Zechner:why are you trying to do it with a client-side test?Because I thought this was the idea behind the remote port check, but I now see my error here.You should just add an http test to the configuration and run it as a network test. In hosts.cfg: 1.2.3.4 myhost? # http://1.2.3.4/This does not test for the port though.The hosts.cfg entry above _does_ test port 80 by establishing a connection to the port, sending an http request and verifying the response.Port 80 was just an example for a random port, if I wanted to check port 3389 on a remote Windows machine, how would I do that?The protocols.cfg file lists the various network protocols that Xymon knows about (and you can add your own, if you need any). Port 3389 is the RDP port, which is one of the protocols Xymon knows. So to test for that, use 1.2.3.4 myhost # rdp Add as many network tests as you like, eg. if you want to test host 1.2.3.4 for both http and RDP: 1.2.3.4 myhost # http://1.2.3.4/ rdp
Thank you, this was the information I needed. I forgot about the builtin protocols, rdp test is working fine now! Best regards Christoph
Regards, Henrik
list Christoph Zechner
Hi,
▸
On 19/01/2023 08:56, Becker Christian wrote:Hi,
another possible scenario could be to put the following in protocols.cfg (in my example to check for port 82):
[tcp82]
port 82
In your hosts.cfg, you need to put tcp82 just after the hostname that you want to check (don't forget to include the #) - example:
1.2.3.4 testhost # tcp82
After a while your testhost should show up an additional column tcp82 (it's the name is as defined in your protocols.cfg).
We are doing that for a lot of hosts.
Hope it'll help you a bit.thank you very much, this was it! My check is working now, thanks for reminding me about the protocol list. :-) Best regards Christoph
▸
Regards Christian -----Urspr?ngliche Nachricht----- Von: Xymon <xymon-bounces at xymon.com> Im Auftrag von Christoph Zechner Gesendet: Dienstag, 17. Januar 2023 23:30 An: xymon at xymon.com Betreff: [Xymon] How to test remote ports WARNUNG: Diese E-Mail kam von au?erhalb der Organisation. Klicken Sie nicht auf Links oder ?ffnen Sie keine Anh?nge, es sei denn, Sie kennen den Absender und wissen, dass der Inhalt sicher ist. Hi, I've been trying to establish a remote port check, but cannot get it to work. After reading the man pages and the corresponding topics on the mailing list, I've configured a test like this: PORT REMOTE=1.2.3.4:80 but the remote port always comes back as down, even though it is up. Am I doing something wrong? Local port checks all work perfectly, only the remote ones do not. Am I doing something wrong here? Context: I am using local mode on all clients, so I'm putting all my checks in /etc/xymon/localclient.cfg, but this should not effect this check, right? Thanks in advance! Best regards Christoph Zechner