[hobbit] need help in monitoring edmz client

Galen Johnson Galen.Johnson at sas.com
Thu Aug 14 18:11:55 CEST 2008 

How about put this up on The Shire?  I would say under Add-ons...

=G=

From: Lennon, Padraig [mailto:Padraig.Lennon at pioneerinvestments.com]
Sent: Thursday, August 14, 2008 12:05 PM
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client

Not sure if this is of any use to you Johan..


I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ

Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel

Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection..

Hope this helps..

regards



Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: 2081
Direct dial: 00353 1 480 2081


________________________________
From: Johan Booysen [mailto:johan at matrix-data.co.uk]
Sent: 14 August 2008 16:57
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.

Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host.  I added a second line like that for a second host, but it  doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back.

Does anyone know why this is happening and how I can get it to work?

Thanks.

From: Johan Booysen [mailto:johan at matrix-data.co.uk]
Sent: 14 August 2008 14:02
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client

This works for me (RHEL5 machines), if it helps anyone else.  Any comments most welcome:

Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700.

On the hobbit server, now as the hobbit user:

Generate a private/public keypair with an empty password:

$ pwd
   /var/lib/hobbit

$ ssh-keygen -t dsa

Copy the generated public key to the hobbit client:

$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit


On the hobbit client:

Rename the public key:

$ mv id_dsa.pub authorized_keys

Copy the authorized_keys file to the user's .ssh directory.

$ mv authorized_keys .ssh/

Check that the authorized_keys file has the following permissions:

-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys

>From the server, log on to the client.  You should not be prompted for a password

Modify the hobbit server's /etc/rc.local:

  su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit

Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost:

  HOBBITSERVERS="127.0.0.1"

Add the client to /etc/hobbit/bb-hosts on the hobbit server:

  10.2.0.5    target_machine

From: Johan Booysen [mailto:johan at matrix-data.co.uk]
Sent: 14 August 2008 13:26
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client

Just to clarify:

I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user.

I can ssh from server to client without entering a password, so it works.

If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works.

If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or  /etc/rc.local, then the client stops reporting (after a server reboot).

Anyone know what I should do?

Thanks.

From: Johan Booysen [mailto:johan at matrix-data.co.uk]
Sent: 14 August 2008 12:49
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client

Daniel,

Do you just simply add that command to inittab?

Thanks.


From: Perumal, Santoshbabu [mailto:santoshbabu_perumal at platts.com]
Sent: 13 August 2008 19:20
To: hobbit at hswn.dk
Subject: RE: [hobbit] need help in monitoring edmz client

HI Daniel

   Thanks for your steps. Yes my target machine is UNIX box.


from the hobbit server , run from inittab   (I don't understand run from innittab ..I can run the below command from command line shell promt right)

ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984


on the target machine, set the hobbit client to connect to localhost   --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure...


Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right.



Thanks



________________________________
From: Daniel Bourque [mailto:dbourque at weatherdata.com]
Sent: Wednesday, August 13, 2008 1:52 PM
To: hobbit at hswn.dk
Subject: Re: [hobbit] need help in monitoring edmz client

If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling.

from the hobbit server , run from inittab

ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984

on the target machine, set the hobbit client to connect to localhost.

Daniel Bourque

Sr. Systems Engineer

WeatherData Service Inc

An Accuweather Company


Perumal, Santoshbabu wrote:

Hi,



   We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site.



Thanks in advance



Thanks

santhosh





The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.  The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.

________________________________
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20080814/88690826/attachment.html>

More information about the Xymon mailing list