[Xymon] How Xymon invokes an SSH connection to the Client?

Martin Lenko lenko99 at gmail.com
Thu Mar 17 21:00:59 CET 2016


Hi Agege,
further to all the advice you've been given I would like to clarify few
things for you:
- Xymon server by default doesn't use SSH to retrieve any data from xymon
cients (or vice versa)
- Xymon server has built-in functionality to test whether SSH service is
running/available on clients - in other words it tries to connect over SSH,
checks whether the client responds with SSH header/banner and that's it, no
data transferred. It's basically same as if you did a telnet to client over
port 22 and client responded with something like " SSH-2.0-OpenSSH_6.6...."
and then you closed the connection.
- There is a xymon-rclient plugin that allows xymon server to retrieve data
from clients using SSH - it uses SSH connection to client and runs the same
xymonclient script as it would be run by xymon-client itself. This plugin
is triggered by adding RCLIENT flag to your host definition in xymon's
hosts file. To figure out whether you are using xymon-rclient plugin just
check your xymon's hosts file for RCLIENT flag. If it's not there, you are
not using it.

Martin

On 16 March 2016 at 23:34, Galen Johnson <Galen.Johnson at sas.com> wrote:

> Even if you are planning to change to Tivoli you'll want to consider
> upgrading to a newer version of Xymon server since there were many security
> patches added since that release.  And if you really want to twist the
> knife a bit, I'm sure that Tivoli is not inexpensive...and that's just the
> software cost that doesn't include the people cost to transition any custom
> monitors to use their framework plus the learning curve required to
> familiarize yourselves with a whole new system.  But management will do,
> what management will do...and often defy logic.
>
>
> =G=
>
>
> ------------------------------
> *From:* Xymon <xymon-bounces at xymon.com> on behalf of Adam Goryachev <
> mailinglists at websitemanagers.com.au>
> *Sent:* Wednesday, March 16, 2016 6:46 PM
> *To:* xymon at xymon.com
>
> *Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the Client?
>
> Unless part of your problem is load related, and you are getting false
> alerts because the hobbit/xymon server is overloaded somehow.... (not
> entirely sure about this, but I guess it might happen that way)...
>
> Though yes, why not just fix the monitoring system, and/or upgrade, rather
> than try to re-invent what has already been done...
>
> Regards,
> Adam
>
> On 17/03/16 05:35, Agege wrote:
>
> Well said Galen!
> In addition, we're currently running Hobbit/Xymon 4.3.0.0 beta2.  And
> there's discussion going on about upgrading Xymon or build a new Server for
> Xymon or move newer Xymon hosts to Tivoli.
>
> Thanks,
> Agege
>
> On Mar 16, 2016, at 8:27 AM, Galen Johnson < <Galen.Johnson at sas.com>
> Galen.Johnson at sas.com> wrote:
>
> This is just a curiousity on my part but why does upper management think
> that moving to Tivoli is going to change the number of alerts you get
> (reasoning inferred from the statement below)?  If you configure Tivoli
> with the same thresholds, you're going to get the same alerting.  If it's a
> volume issue, it seems like it would make more sense to reconsider the
> current monitoring thresholds.  Just sayin'.
>
>
> =G=
>
>
> ------------------------------
> *From:* Xymon < <xymon-bounces at xymon.com>xymon-bounces at xymon.com> on
> behalf of Agege Information Systems, Inc. < <cs at agege.com>cs at agege.com>
> *Sent:* Tuesday, March 15, 2016 11:15 PM
> *To:* Jeremy Laidman
> *Cc:* xymon at xymon.com
> *Subject:* Re: [Xymon] How Xymon invokes an SSH connection to the Client?
>
> Thank you Jeremy!
>
> Yes, the issues is that I have been asked to figure out is how Xymon
> handle monitoring activities with Xymon Clients.
>
> And the reason being is that we have one Xymon server with over 3,000
> Xymon clients on it.  And  we keep getting thousands of alert emails every
> day from Xymon clients.
>
> Therefore, the Upper Management would like to move some servers to Tivoli
> and they want to understand what Xymon does, and how it actually
> communicate with Clients.   So that when we finally move some servers to
> Tivoli, we will not be missing anything that Xymon has been monitoring.
>
> Thanks,
> Agege
>
> On Mar 15, 2016, at 6:08 PM, Jeremy Laidman <jlaidman at rebel-it.com.au>
> wrote:
>
> Please what script trigger the SSH tests that are built into the services
>> that Xymon uses.
>>
>
> The SSH test, and all of the other network-probe tests (ping, http, etc)
> are performed by the xymonnet program.  This is launched by the xymonlaunch
> supervisor process, by default once every 5 minutes.  The execution
> parameters are defined in the tasks.cfg file, in the [xymonnet] section.
>
> The way it works is this.  When xymonnet runs, it looks in protocols.cfg
> and builts up its suite of TCP tests from there, such as "smtp" and "ssh".
> It also has built-in the three special non-TCP tests "ping", "dns" (or
> "dig") and "ntp".  Next, xymonnet scans the hosts file for any host with a
> tag matching any of these defined test names.  And then it runs through
> each test for each host having that test.
>
> It's actually slightly more complicated than that, but it's functionally
> equivalent to how I've explained it.  For more of the details, refer to the
> man page for xymonnet, and read the "XYMONNET INTERNALS" section.
>
> The "ssh" test is defined in protocols.cfg as follows:
>
> [ssh|ssh1|ssh2]
>    send "SSH-2.0-OpenSSH_4.1\r\n"
>    expect "SSH"
>    options banner
>    port 22
>
> This defines the port (which can be overridden per host in hosts.cfg) and
> whether the status page should show the response received after sending the
> "send" string.  The "send" string gets sent to the remote server being
> subjected to the test.  The "expect" string is matched against the response
> (banner) and if successful, the status goes green, otherwise red.  Or if
> the TCP socket fails to connect, the status goes red.
>
> Is there a particular problem you're trying to solve?  If you would like
> some more relevant help, perhaps you could explain what you're trying to
> do, and what you are expecting to happen but is not.
>
> Cheers
> Jeremy
>
>
>
>
> _______________________________________________
> Xymon mailing listXymon at xymon.comhttp://lists.xymon.com/mailman/listinfo/xymon
>
>
>
> --
> Adam Goryachev Website Managers www.websitemanagers.com.au
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160317/a6aa6040/attachment.html>


More information about the Xymon mailing list