[Xymon] RFE: message encryption
Ralph Mitchell
ralphmitchell at gmail.com
Thu Oct 27 22:01:16 CEST 2011
On Mon, Oct 10, 2011 at 2:58 PM, T.J. Yang <tjyang2001 at gmail.com> wrote:
> Hi, Henrik
>
> Passing message without encryption among xymon client and server will
> cause concerns in corporate IT.
> I know you did some work at previous branches, can you activate this
> message encryption work or put it on roadmap ?
>
I was taking another crack at this today and found some interesting things.
The xymon command, which delivers messages to the server, can take a URL
for a parameter. Also, lurking in xymon-4.3.5/xymonproxy there is a little
program called xymoncgimsg, which takes an HTTP-delivered Xymon message and
hands it directly to Xymon. I went a step further and poked around in the
code to see what was being sent, and came up with this:
1) Discover the state of some service, including the color. Assemble the
report:
MESSAGE="status $MACHINE.$TEST $COLOR `date`
some message(s) relating to the test we're reporting"
2) instead of doing: $XYMON $XYMSRV "$MESSAGE" to deliver, do this:
curl -s -S -L --cacert /path/to/secure/xymon-server/cert.pem \
-H "Content-Ty[e: application/octet-stream" \
-H "MIME-version: 1.0" \
-d "$MESSAGE" \
https://secure-xymon.server.com/xymon-cgi/xymoncgimsg.cgi
Curl validates the server certificate and manages the encrypted connection.
$MESSAGE is shoved down the pipe to the cgi script and directly to xymon.
Ralph Mitchell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20111027/2757571b/attachment.html>
More information about the Xymon
mailing list