How Xymon invokes an SSH connection to the Client? 🔗 link

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:

Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

On Mar 13, 2016, at 6:16 PM, Adam Goryachev <user-92fd6827f6ae@xymon.invalid> wrote:

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:
Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

In the standard installation method, the server doesn't use ssh to connect to the client and collect information. The only connections the server initiates are the "network" tests, eg, ping, smtp, http, etc... The client runs it's own client installation package, which will collect all the local information (disk space, processes running, network ports, etc) and then send those to the server using the Xymon protocol (extended from the original Big Brother protocol, but still backwards compatible).

There are numerous options available for altering that method, including having the server use ssh to connect to the client and collect the data at regular intervals.

Also, all source code is available, so feel free to peruse that for the ultimate finer details.

Regards,
Adam

-- 
Adam Goryachev Website Managers www.websitemanagers.com.au

On 14/03/16 11:39, Agege wrote:

Thank you Adams,

In this scenario, I am investigating Xymon server-and-several-clients installation someone already already made.

How do I determine if the Xymon server is getting data from clients via Xymon protocol or via SSH protocol.

Thank you in advance.


Thanks,
Toyin Orokotan
Linux System Admin.
XXX-XXX-XXXX

On Mar 13, 2016, at 6:16 PM, Adam Goryachev <user-92fd6827f6ae@xymon.invalid <mailto:user-92fd6827f6ae@xymon.invalid>> wrote:

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:

Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

In the standard installation method, the server doesn't use ssh to connect to the client and collect information. The only connections the server initiates are the "network" tests, eg, ping, smtp, http, etc... The client runs it's own client installation package, which will collect all the local information (disk space, processes running, network ports, etc) and then send those to the server using the Xymon protocol (extended from the original Big Brother protocol, but still backwards compatible).

There are numerous options available for altering that method, including having the server use ssh to connect to the client and collect the data at regular intervals.

Also, all source code is available, so feel free to peruse that for the ultimate finer details.

Regards,
Adam

-- 
Adam Goryachev Website Managers www.websitemanagers.com.au

-- 

From: Xymon <xymon-bounces at xymon.com> on behalf of Adam Goryachev <user-92fd6827f6ae@xymon.invalid>
Sent: Sunday, March 13, 2016 8:51 PM
To: Agege
Cc: xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

On 14/03/16 11:39, Agege wrote:
Thank you Adams,

In this scenario, I am investigating Xymon server-and-several-clients installation someone already already made.

How do I determine if the Xymon server is getting data from clients via Xymon protocol or via SSH protocol.

tcpdump running on either server or one of the clients should confirm this...
And is Xymon protocol equals to port 1984?

By default, but that can be changed in the configuration files.

I'd suggest to review the config files on the server, starting with the files modified most recently (as these will be the ones customised for your installation). Check what port number the server is listening on (netstat -an | grep LISTEN) and then use tcpdump to monitor that port number, you will see the traffic/data reported from the clients. If you see status on the web pages which you don't see sent over this port, then you should check the config files further to see what else has been changed/other data collection configs.

PS, please don't top post :(

Regards,
Adam
Thank you in advance.


Thanks,
Toyin Orokotan
Linux System Admin.
XXX-XXX-XXXX

On Mar 13, 2016, at 6:16 PM, Adam Goryachev <<mailto:user-92fd6827f6ae@xymon.invalid>user-92fd6827f6ae@xymon.invalid<mailto:user-92fd6827f6ae@xymon.invalid>> wrote:

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:
Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

In the standard installation method, the server doesn't use ssh to connect to the client and collect information. The only connections the server initiates are the "network" tests, eg, ping, smtp, http, etc... The client runs it's own client installation package, which will collect all the local information (disk space, processes running, network ports, etc) and then send those to the server using the Xymon protocol (extended from the original Big Brother protocol, but still backwards compatible).

There are numerous options available for altering that method, including having the server use ssh to connect to the client and collect the data at regular intervals.

Also, all source code is available, so feel free to peruse that for the ultimate finer details.

Regards,
Adam

--

On Mar 14, 2016, at 1:25 PM, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:

SSH tests are built into the services that Xymon uses.  These are server initiated calls by adding 'ssh' to the host.cfg file for the host you want to test it for (help is available in the Xymon menu).  While it may leverage it's own method,  it does try on port 22 by default unless you override it.  I don't believe it actually logs in but just checks for "availability".  You can look at the etc/protocols.cfg on the Xymon server for what it is expecting.

Note: top posting is not an option without a fair amount of effort if you use Outlook...thank MS for that.

=G=

From: Xymon <xymon-bounces at xymon.com> on behalf of Adam Goryachev <user-92fd6827f6ae@xymon.invalid>
Sent: Sunday, March 13, 2016 8:51 PM
To: Agege
Cc: xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?
 On 14/03/16 11:39, Agege wrote:

Thank you Adams,

In this scenario, I am investigating Xymon server-and-several-clients installation someone already already made.

How do I determine if the Xymon server is getting data from clients via Xymon protocol or via SSH protocol.
 

tcpdump running on either server or one of the clients should confirm this... 

And is Xymon protocol equals to port 1984?

By default, but that can be changed in the configuration files.

I'd suggest to review the config files on the server, starting with the files modified most recently (as these will be the ones customised for your installation). Check what port number the server is listening on (netstat -an | grep LISTEN) and then use tcpdump to monitor that port number, you will see the traffic/data reported from the clients. If you see status on the web pages which you don't see sent over this port, then you should check the config files further to see what else has been changed/other data collection configs.

PS, please don't top post :(

Regards,
Adam

Thank you in advance.


Thanks,
Toyin Orokotan Linux System Admin.
XXX-XXX-XXXX

On Mar 13, 2016, at 6:16 PM, Adam Goryachev < <mailto:user-92fd6827f6ae@xymon.invalid>user-92fd6827f6ae@xymon.invalid <mailto:user-92fd6827f6ae@xymon.invalid>> wrote:

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:

Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

In the standard installation method, the server doesn't use ssh to connect to the client and collect information. The only connections the server initiates are the "network" tests, eg, ping, smtp, http, etc... The client runs it's own client installation package, which will collect all the local information (disk space, processes running, network ports, etc) and then send those to the server using the Xymon protocol (extended from the original Big Brother protocol, but still backwards compatible).

There are numerous options available for altering that method, including having the server use ssh to connect to the client and collect the data at regular intervals.

Also, all source code is available, so feel free to peruse that for the ultimate finer details.

Regards,
Adam

-- 

From: Agege Information Systems, Inc. <user-67dc27681f67@xymon.invalid>
Sent: Tuesday, March 15, 2016 2:46 PM
To: Galen Johnson
Cc: Adam Goryachev; xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Hello Galen,

Please what script trigger the SSH tests that are built into the services that Xymon uses.

Thanks,
Agege

On Mar 14, 2016, at 1:25 PM, Galen Johnson <user-87f955643e3d@xymon.invalid<mailto:user-87f955643e3d@xymon.invalid>> wrote:

SSH tests are built into the services that Xymon uses.  These are server initiated calls by adding 'ssh' to the host.cfg file for the host you want to test it for (help is available in the Xymon menu).  While it may leverage it's own method,  it does try on port 22 by default unless you override it.  I don't believe it actually logs in but just checks for "availability".  You can look at the etc/protocols.cfg on the Xymon server for what it is expecting.

Note: top posting is not an option without a fair amount of effort if you use Outlook...thank MS for that.

=G=

From: Xymon <xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> on behalf of Adam Goryachev <user-92fd6827f6ae@xymon.invalid<mailto:user-92fd6827f6ae@xymon.invalid>>
Sent: Sunday, March 13, 2016 8:51 PM
To: Agege
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

On 14/03/16 11:39, Agege wrote:
Thank you Adams,

In this scenario, I am investigating Xymon server-and-several-clients installation someone already already made.

How do I determine if the Xymon server is getting data from clients via Xymon protocol or via SSH protocol.

tcpdump running on either server or one of the clients should confirm this...
And is Xymon protocol equals to port 1984?

By default, but that can be changed in the configuration files.

I'd suggest to review the config files on the server, starting with the files modified most recently (as these will be the ones customised for your installation). Check what port number the server is listening on (netstat -an | grep LISTEN) and then use tcpdump to monitor that port number, you will see the traffic/data reported from the clients. If you see status on the web pages which you don't see sent over this port, then you should check the config files further to see what else has been changed/other data collection configs.

PS, please don't top post :(

Regards,
Adam
Thank you in advance.


Thanks,
Toyin Orokotan
Linux System Admin.
XXX-XXX-XXXX

On Mar 13, 2016, at 6:16 PM, Adam Goryachev <<mailto:user-92fd6827f6ae@xymon.invalid>user-92fd6827f6ae@xymon.invalid<mailto:user-92fd6827f6ae@xymon.invalid>> wrote:

On 14/03/16 07:54, Agege Information Systems, Inc. wrote:
Greetings,

Please what kind of code or internal scripts Xymon runs to invoke an SSH connection to the client and what runs the Xymon client scripts.

In order words, please could you enlighten me with the actual commands or codes or scripts that Xymon uses for the SSH connection and any Xymon codes running on each Client.

In the standard installation method, the server doesn't use ssh to connect to the client and collect information. The only connections the server initiates are the "network" tests, eg, ping, smtp, http, etc... The client runs it's own client installation package, which will collect all the local information (disk space, processes running, network ports, etc) and then send those to the server using the Xymon protocol (extended from the original Big Brother protocol, but still backwards compatible).

There are numerous options available for altering that method, including having the server use ssh to connect to the client and collect the data at regular intervals.

Also, all source code is available, so feel free to peruse that for the ultimate finer details.

Regards,
Adam

--
Adam Goryachev Website Managers www.websitemanagers.com.au<http://www.websitemanagers.com.au/>;


--
Adam Goryachev Website Managers www.websitemanagers.com.au<http://www.websitemanagers.com.au/>;

Please what script trigger the SSH tests that are built into the services
that Xymon uses.

On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:

Please what script trigger the SSH tests that are built into the services that Xymon uses.

The SSH test, and all of the other network-probe tests (ping, http, etc) are performed by the xymonnet program.  This is launched by the xymonlaunch supervisor process, by default once every 5 minutes.  The execution parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg and builts up its suite of TCP tests from there, such as "smtp" and "ssh".  It also has built-in the three special non-TCP tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a tag matching any of these defined test names.  And then it runs through each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally equivalent to how I've explained it.  For more of the details, refer to the man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and whether the status page should show the response received after sending the "send" string.  The "send" string gets sent to the remote server being subjected to the test.  The "expect" string is matched against the response (banner) and if successful, the status goes green, otherwise red.  Or if the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like some more relevant help, perhaps you could explain what you're trying to do, and what you are expecting to happen but is not.

Cheers
Jeremy

=G=


From: Xymon <xymon-bounces at xymon.com> on behalf of Agege Information Systems, Inc. <user-67dc27681f67@xymon.invalid>
Sent: Tuesday, March 15, 2016 11:15 PM
To: Jeremy Laidman
Cc: xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Thank you Jeremy!

Yes, the issues is that I have been asked to figure out is how Xymon handle monitoring activities with Xymon Clients.

And the reason being is that we have one Xymon server with over 3,000 Xymon clients on it.  And  we keep getting thousands of alert emails every day from Xymon clients.

Therefore, the Upper Management would like to move some servers to Tivoli and they want to understand what Xymon does, and how it actually communicate with Clients.   So that when we finally move some servers to Tivoli, we will not be missing anything that Xymon has been monitoring.

Thanks,
Agege
On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:

Please what script trigger the SSH tests that are built into the services that Xymon uses.

The SSH test, and all of the other network-probe tests (ping, http, etc) are performed by the xymonnet program.  This is launched by the xymonlaunch supervisor process, by default once every 5 minutes.  The execution parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg and builts up its suite of TCP tests from there, such as "smtp" and "ssh".  It also has built-in the three special non-TCP tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a tag matching any of these defined test names.  And then it runs through each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally equivalent to how I've explained it.  For more of the details, refer to the man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and whether the status page should show the response received after sending the "send" string.  The "send" string gets sent to the remote server being subjected to the test.  The "expect" string is matched against the response (banner) and if successful, the status goes green, otherwise red.  Or if the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like some more relevant help, perhaps you could explain what you're trying to do, and what you are expecting to happen but is not.

Cheers
Jeremy

On Mar 16, 2016, at 8:27 AM, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:

This is just a curiousity on my part but why does upper management think that moving to Tivoli is going to change the number of alerts you get (reasoning inferred from the statement below)?  If you configure Tivoli with the same thresholds, you're going to get the same alerting.  If it's a volume issue, it seems like it would make more sense to reconsider the current monitoring thresholds.  Just sayin'.

=G=

From: Xymon <xymon-bounces at xymon.com> on behalf of Agege Information Systems, Inc. <user-67dc27681f67@xymon.invalid>
Sent: Tuesday, March 15, 2016 11:15 PM
To: Jeremy Laidman
Cc: xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?
 Thank you Jeremy!

Yes, the issues is that I have been asked to figure out is how Xymon handle monitoring activities with Xymon Clients.

And the reason being is that we have one Xymon server with over 3,000 Xymon clients on it.  And  we keep getting thousands of alert emails every day from Xymon clients.

Therefore, the Upper Management would like to move some servers to Tivoli and they want to understand what Xymon does, and how it actually communicate with Clients.   So that when we finally move some servers to Tivoli, we will not be missing anything that Xymon has been monitoring.

Thanks,
Agege

On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:

Please what script trigger the SSH tests that are built into the services that Xymon uses.

The SSH test, and all of the other network-probe tests (ping, http, etc) are performed by the xymonnet program.  This is launched by the xymonlaunch supervisor process, by default once every 5 minutes.  The execution parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg and builts up its suite of TCP tests from there, such as "smtp" and "ssh".  It also has built-in the three special non-TCP tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a tag matching any of these defined test names.  And then it runs through each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally equivalent to how I've explained it.  For more of the details, refer to the man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and whether the status page should show the response received after sending the "send" string.  The "send" string gets sent to the remote server being subjected to the test.  The "expect" string is matched against the response (banner) and if successful, the status goes green, otherwise red.  Or if the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like some more relevant help, perhaps you could explain what you're trying to do, and what you are expecting to happen but is not.

Cheers
Jeremy

On 17/03/16 05:35, Agege wrote:

Well said Galen!
In addition, we're currently running Hobbit/Xymon 4.3.0.0 beta2.  And there's discussion going on about upgrading Xymon or build a new Server for Xymon or move newer Xymon hosts to Tivoli.

Thanks,
Agege

On Mar 16, 2016, at 8:27 AM, Galen Johnson <user-87f955643e3d@xymon.invalid <mailto:user-87f955643e3d@xymon.invalid>> wrote:

This is just a curiousity on my part but why does upper management think that moving to Tivoli is going to change the number of alerts you get (reasoning inferred from the statement below)?  If you configure Tivoli with the same thresholds, you're going to get the same alerting.  If it's a volume issue, it seems like it would make more sense to reconsider the current monitoring thresholds.  Just sayin'.


=G=

*Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the Client?
Thank you Jeremy!

Yes, the issues is that I have been asked to figure out is how Xymon handle monitoring activities with Xymon Clients.

And the reason being is that we have one Xymon server with over 3,000 Xymon clients on it.  And  we keep getting thousands of alert emails every day from Xymon clients.

Therefore, the Upper Management would like to move some servers to Tivoli and they want to understand what Xymon does, and how it actually communicate with Clients.   So that when we finally move some servers to Tivoli, we will not be missing anything that Xymon has been monitoring.

Thanks,
Agege

On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid <mailto:user-71895fb2e44c@xymon.invalid>> wrote:

    Please what script trigger the SSH tests that are built into the
    services that Xymon uses.


The SSH test, and all of the other network-probe tests (ping, http, etc) are performed by the xymonnet program.  This is launched by the xymonlaunch supervisor process, by default once every 5 minutes. The execution parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg and builts up its suite of TCP tests from there, such as "smtp" and "ssh".  It also has built-in the three special non-TCP tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a tag matching any of these defined test names.  And then it runs through each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally equivalent to how I've explained it.  For more of the details, refer to the man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and whether the status page should show the response received after sending the "send" string.  The "send" string gets sent to the remote server being subjected to the test. The "expect" string is matched against the response (banner) and if successful, the status goes green, otherwise red.  Or if the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like some more relevant help, perhaps you could explain what you're trying to do, and what you are expecting to happen but is not.

Cheers
Jeremy

-- 

=G=


From: Xymon <xymon-bounces at xymon.com> on behalf of Adam Goryachev <user-92fd6827f6ae@xymon.invalid>
Sent: Wednesday, March 16, 2016 6:46 PM
To: xymon at xymon.com
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Unless part of your problem is load related, and you are getting false alerts because the hobbit/xymon server is overloaded somehow.... (not entirely sure about this, but I guess it might happen that way)...

Though yes, why not just fix the monitoring system, and/or upgrade, rather than try to re-invent what has already been done...

Regards,
Adam

On 17/03/16 05:35, Agege wrote:
Well said Galen!
In addition, we're currently running Hobbit/Xymon 4.3.0.0 beta2.  And there's discussion going on about upgrading Xymon or build a new Server for Xymon or move newer Xymon hosts to Tivoli.

Thanks,
Agege

On Mar 16, 2016, at 8:27 AM, Galen Johnson <<mailto:user-87f955643e3d@xymon.invalid>user-87f955643e3d@xymon.invalid<mailto:user-87f955643e3d@xymon.invalid>> wrote:


This is just a curiousity on my part but why does upper management think that moving to Tivoli is going to change the number of alerts you get (reasoning inferred from the statement below)?  If you configure Tivoli with the same thresholds, you're going to get the same alerting.  If it's a volume issue, it seems like it would make more sense to reconsider the current monitoring thresholds.  Just sayin'.


=G=


From: Xymon <<mailto:xymon-bounces at xymon.com>xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> on behalf of Agege Information Systems, Inc. <<mailto:user-67dc27681f67@xymon.invalid>user-67dc27681f67@xymon.invalid<mailto:user-67dc27681f67@xymon.invalid>>
Sent: Tuesday, March 15, 2016 11:15 PM
To: Jeremy Laidman
Cc: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Thank you Jeremy!

Yes, the issues is that I have been asked to figure out is how Xymon handle monitoring activities with Xymon Clients.

And the reason being is that we have one Xymon server with over 3,000 Xymon clients on it.  And  we keep getting thousands of alert emails every day from Xymon clients.

Therefore, the Upper Management would like to move some servers to Tivoli and they want to understand what Xymon does, and how it actually communicate with Clients.   So that when we finally move some servers to Tivoli, we will not be missing anything that Xymon has been monitoring.

Thanks,
Agege
On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:

Please what script trigger the SSH tests that are built into the services that Xymon uses.

The SSH test, and all of the other network-probe tests (ping, http, etc) are performed by the xymonnet program.  This is launched by the xymonlaunch supervisor process, by default once every 5 minutes.  The execution parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg and builts up its suite of TCP tests from there, such as "smtp" and "ssh".  It also has built-in the three special non-TCP tests "ping", "dns" (or "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a tag matching any of these defined test names.  And then it runs through each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally equivalent to how I've explained it.  For more of the details, refer to the man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and whether the status page should show the response received after sending the "send" string.  The "send" string gets sent to the remote server being subjected to the test.  The "expect" string is matched against the response (banner) and if successful, the status goes green, otherwise red.  Or if the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like some more relevant help, perhaps you could explain what you're trying to do, and what you are expecting to happen but is not.

Cheers
Jeremy


--

On 16 March 2016 at 23:34, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:

Even if you are planning to change to Tivoli you'll want to consider
upgrading to a newer version of Xymon server since there were many security
patches added since that release.  And if you really want to twist the
knife a bit, I'm sure that Tivoli is not inexpensive...and that's just the
software cost that doesn't include the people cost to transition any custom
monitors to use their framework plus the learning curve required to
familiarize yourselves with a whole new system.  But management will do,
what management will do...and often defy logic.


=G=


*From:* Xymon <xymon-bounces at xymon.com> on behalf of Adam Goryachev <
user-92fd6827f6ae@xymon.invalid>
*Sent:* Wednesday, March 16, 2016 6:46 PM
*To:* xymon at xymon.com

*Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Unless part of your problem is load related, and you are getting false
alerts because the hobbit/xymon server is overloaded somehow.... (not
entirely sure about this, but I guess it might happen that way)...

Though yes, why not just fix the monitoring system, and/or upgrade, rather
than try to re-invent what has already been done...

Regards,
Adam

On 17/03/16 05:35, Agege wrote:

Well said Galen!
In addition, we're currently running Hobbit/Xymon 4.3.0.0 beta2.  And
there's discussion going on about upgrading Xymon or build a new Server for
Xymon or move newer Xymon hosts to Tivoli.

Thanks,
Agege

On Mar 16, 2016, at 8:27 AM, Galen Johnson < <user-87f955643e3d@xymon.invalid>
user-87f955643e3d@xymon.invalid> wrote:

This is just a curiousity on my part but why does upper management think
that moving to Tivoli is going to change the number of alerts you get
(reasoning inferred from the statement below)?  If you configure Tivoli
with the same thresholds, you're going to get the same alerting.  If it's a
volume issue, it seems like it would make more sense to reconsider the
current monitoring thresholds.  Just sayin'.


=G=

*Sent:* Tuesday, March 15, 2016 11:15 PM
*To:* Jeremy Laidman
*Cc:* xymon at xymon.com
*Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the Client?

Thank you Jeremy!

Yes, the issues is that I have been asked to figure out is how Xymon
handle monitoring activities with Xymon Clients.

And the reason being is that we have one Xymon server with over 3,000
Xymon clients on it.  And  we keep getting thousands of alert emails every
day from Xymon clients.

Therefore, the Upper Management would like to move some servers to Tivoli
and they want to understand what Xymon does, and how it actually
communicate with Clients.   So that when we finally move some servers to
Tivoli, we will not be missing anything that Xymon has been monitoring.

Thanks,
Agege

On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>
wrote:

Please what script trigger the SSH tests that are built into the services

that Xymon uses.

The SSH test, and all of the other network-probe tests (ping, http, etc)
are performed by the xymonnet program.  This is launched by the xymonlaunch
supervisor process, by default once every 5 minutes.  The execution
parameters are defined in the tasks.cfg file, in the [xymonnet] section.

The way it works is this.  When xymonnet runs, it looks in protocols.cfg
and builts up its suite of TCP tests from there, such as "smtp" and "ssh".
It also has built-in the three special non-TCP tests "ping", "dns" (or
"dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a
tag matching any of these defined test names.  And then it runs through
each test for each host having that test.

It's actually slightly more complicated than that, but it's functionally
equivalent to how I've explained it.  For more of the details, refer to the
man page for xymonnet, and read the "XYMONNET INTERNALS" section.

The "ssh" test is defined in protocols.cfg as follows:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

This defines the port (which can be overridden per host in hosts.cfg) and
whether the status page should show the response received after sending the
"send" string.  The "send" string gets sent to the remote server being
subjected to the test.  The "expect" string is matched against the response
(banner) and if successful, the status goes green, otherwise red.  Or if
the TCP socket fails to connect, the status goes red.

Is there a particular problem you're trying to solve?  If you would like
some more relevant help, perhaps you could explain what you're trying to
do, and what you are expecting to happen but is not.

Cheers
Jeremy