[Xymon] Looking for clarification on Xymon client / server hierarchy.

Jeremy Laidman jeremy at laidman.org
Tue Oct 17 02:08:14 CEST 2023 

Hi Grant

The xymonnet process needs to be able to send probe packets (eg ping, web
requests, and whatever you're trying to monitor) to the clients. If the
firewall is blocking the probe traffic, then it's not going to work. The
xymon proxy only proxies xymon messages, such as the ones sent by the
xymonnet process to the xymond process when reporting the status of the
probes (success or failure, and round-trip times).

It seems to me that you need a xymonnet process running on the client side
of the firewall. For example, if you can run xymonnet on one of the
clients, then the firewall only needs to allow xymon traffic from the
client to the Xymon server, so that xymonnet can report the status of its
probes.

You can run xymonnet stand-alone, and set environment variables to tell it
where to send its messages. If you already have a xymon client installed on
the client host, you can execute xymonnet from clientlaunch.cfg and it
should then know where to send packets due to the environment that is setup.

The only thing I'm not certain of, is how xymonnet knows which hosts to
probe and what probes to send to them. When xymonnet is running on the
Xymon server, it has access to the hosts.cfg file that's there. When
running elsewhere, I'm not sure. I know that there's a way to fetch the
hosts.cfg contents using xymon messages, so my guess is that xymonnet can
do that too, but might need to be told to do so. And if so, you would only
want that xymonnet instance to probe devices inside the client network, so
you might need to make use of the "NET:" tags in hosts.cfg.

J

On Tue, 17 Oct 2023 at 02:51, Grant Taylor via Xymon <xymon at xymon.com>
wrote:

>
>
>
> ---------- Forwarded message ----------
> From: Grant Taylor <gtaylor at tnetconsulting.net>
> To: xymon at xymon.com
> Cc:
> Bcc:
> Date: Mon, 16 Oct 2023 10:49:42 -0500
> Subject: Looking for clarification on Xymon client / server hierarchy.
> Hi,
>
> Would someone help me understand the Xymon client / server / proxy
> hierarchy a little bit better?
>
> My scenario is I have two locations separated by a firewall wherein
> clients inside can send things out to the larger network, but the
> xymonnet can't reach in to probe clients in the private LAN.
>
> I had thought that an Xymon proxy might be the answer for this.  --  I
> did get internal clients to relay updates out through the xymonproxy to
> the Xymon (display) server.  However xymonnet seems to not utilize the
> xymonproxy to initiate tests therefrom.
>
> What is the recommended way to have Xymon monitor internal clients that
> can't be directly reached from the Xymon (display) server?
>
> Aside:  It seems as if the xymonproxy might be for the other way around,
> to have clients in the wild get messages into a protected Xymon server
> which can reach out and touch the clients.
>
> Thank you and have a good day.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
>
> ---------- Forwarded message ----------
> From: Grant Taylor via Xymon <xymon at xymon.com>
> To: xymon at xymon.com
> Cc:
> Bcc:
> Date: Mon, 16 Oct 2023 10:49:42 -0500
> Subject: [Xymon] Looking for clarification on Xymon client / server
> hierarchy.
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20231017/5f90e9a9/attachment.htm>

More information about the Xymon mailing list