[xymon] sslcert
dOCtoR MADneSs
doctor at makelofine.org
Thu Jan 20 20:32:30 CET 2011
Le 20/01/2011 20:00, Xymon User in Richmond a écrit :
> On Thu, January 20, 2011 12:35, dOCtoR MADneSs wrote:
>> Le 20/01/2011 17:52, Xymon User in Richmond a écrit :
>>> On Thu, January 20, 2011 11:10, Root, Paul wrote:
>>>> That's a lot of stuff on each line. I've never done multiple URLs on
>>>> a single host. What does that do for you?
>>>>
>>>> I put the URL on the line of the server.
>>>>
>>>> Is tata by chance the real host of one of the URLs you put on the
>>>> toto line?
>>>>
>>>>
>>>> Paul Root Lead Internet Systems Eng Qwest Network Services
>>>>
>>>>
>>>> -----Original Message----- From: dOCtoR MADneSs
>>>> [mailto:doctor at makelofine.org] Sent: Wednesday, January 19, 2011 2:48
>>>> PM To: xymon at xymon.com Subject: Re: [xymon] sslcert
>>>>
>>>> Le 19/01/2011 20:06, Root, Paul a écrit :
>>>>> What do your lines in hosts.cfg look like for these two servers?
>>>>> -----Original Message----- From: dOCtoR MADneSs
>>>>> [mailto:doctor at makelofine.org] Sent: Wednesday, January 19, 2011
>>>>> 12:45 PM To: xymon at xymon.com Subject: [xymon] sslcert
>>>>>
>>>>> Hi
>>>>>
>>>>> My xymon server has a strange behaviour.I have a host called tata
>>>>> running SSLed services. The tests are all OK. But when I go to
>>>>> sslcert test page, I see the information from another host (called
>>>>> toto). Their SSL certificates are differents, and all my other
>>>>> hosts have their own SSL informations. The host toto is the xymon
>>>>> server itself, running xymon-4.3.0-beta3 client and server. The
>>>>> host 'tata' is running xymon 4.2.2.
>>>>>
>>>>> Thank for any help.
>>>>>
>>>>> Regards, Damien
>>>> Here is the hosts.cfg content : 127.0.0.1 toto # bbd ftp
>>>> http://wikileaks.makelofine.org https://wikileaks.makelofine.org
>>>> http://www.raclo.fr http://www.pleinphares.fr
>>>> http://www.xenon-tuning.fr http://www.hoodmark.fr
>>>> http://www.chasseresse.com https://mailadmin.makelofine.org
>>>> https://www.makelofine.org http://www.skapiso.com
>>>> http://www.galey-ariege.fr http://photos.makelofine.org
>>>> http://www.warcho.net https://test.makelofine.org
>>>> dns=galey-ariege.fr,skapiso.com,loozah.com,manurevah.com,loloack.com,
>>>> make lofine.org smtp ssh imap imaps pop3 smtps pop3s apt
>>>> apache=http://localhost/server-status?auto libs bind postfix mysql
>>>> hardware ntpq
>>>> TRENDS:*,!la,vmstat:vmstat1|vmstat2|vmstat3|vmstat4|vmstat5,apache:ap
>>>> ache
>>>> |apache1|apache2|apache3,mysql:mysql|mysqlslow|mysqlqueries|mysqltabl
>>>> es|m
>>>> ysqlopens|mysqlflush|mysqlquestions,hardware:hardware|fans|voltages,m
>>>> ailg
>>>> raph:mailgraph-rejected|mailgraph-local|mailgraph-amavis|mailgraph-sp
>>>> amd|
>>>> mailgraph-postgrey|mailgraph-postgrey-passed|mailgraph-loglines|mailg
>>>> raph -runtime
>>>>
>>>> 1.2.3.4 tata # DESCR:"server:Serveur Linux" smtp imap imaps bind pop3
>>>> pop3s postfix libs
>>>> TRENDS:*,inode,ntpstat,vmstat:vmstat1|vmstat2|vmstat3|vmstat4|vmstat5
>>>> ,dis
>>>> k:disk|iostat-disk|iostat-part,mailgraph:mailgraph-rejected|mailgraph
>>>> -loc
>>>> al|mailgraph-amavis|mailgraph-spamd|mailgraph-postgrey|mailgraph-post
>>>> grey
>>>> -passed|mailgraph-loglines|mailgraph-runtime,mysql:mysql|mysqlslow|my
>>>> sqlq ueries|mysqltables|mysqlopens|mysqlflush|mysqlquestions samba
>>>> ntpq ssh
>>>>
>>>>
>>> So, the real root top-posts. ;)
>>>
>>> Yeah, that looks funny to me, too. Using a bb-hosts/hosts.cfg line to
>>> test URLs not on that server is probably a novel way to test external
>>> stuff and group it all together. toto's sslcert page should be showing
>>> four external certs plus the local imaps and pop3s certs. Assuming
>>> that's really all one line--I don't see any "\" escapes.
>>>
>>> But the issue reported is with a different line. tata should be
>>> showing its imap2 and pop3s certs, unless they're the same in which
>>> case it would be listed once. I assume we're quite certain that toto
>>> and tata don't use the same pops/imaps certs.
>>>
>>> Which certs from toto is tata reporting? Just its own pops/imaps, or
>>> all of them including the ones from the external https URLs? I assume
>>> we're quite certain that toto and tata don't use the same pops/imaps
>>> certs.
>>>
>> tata reports SSL certs from toto for imaps and pop3s. Actually, tata does
>> not run any other SSL service.
>>
> Bottom-post to top-post and back again gets kinda weird. But I try to go
> with the flow (ever since one of our crustier participants unloaded on me
> for grousing).
>
> The tata thing is also pretty weird. I've tried mucking around with a
> sandbox setup trying to replicate it, and can't find anything short of the
> two host names resolving to the same IP. I presume the conn data for tata
> is showing the correct IP for that machine?
>
>
>
>
>
> To unsubscribe from the xymon list, send an e-mail to
> xymon-unsubscribe at xymon.com
>
>
You presume right. Both toto and tata reports their own IP reported.
More information about the Xymon
mailing list