<p>That's close to what I am doing using curl to post to a secure web server. Secure http over port 443 is already blessed by management and security. Opening another port requires paperwork... </p>
<p>Ralph Mitchell</p>
<div class="gmail_quote">On Oct 10, 2011 5:34 PM, "Roland Soderstrom" <<a href="mailto:rolands@logicaltech.com.au">rolands@logicaltech.com.au</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
This feature would please my managers a lot, getting all traffic
encrypted.<br>
To me it seems like all the stones are there like SSL, xymond isn't
that just an RPC?<br>
Just need to put it together. (sounds easy doesn't it)<br>
<br>
I had another thought that I haven't played around with yet.<br>
Could you create an ssh tunnel and just pipe all xymon traffic
through it?<br>
<br>
client % ssh -N -g -f -L 1984:xymonserver.local:1984
xymonserver.local -l roland<br>
And let XYMSRV be localhost:1984<br>
or something similar...<br>
<br>
I don't have a test rig to test it out right now.<br>
<br>
- Roland<br>
<br>
<br>
On 11/10/11 08:07 AM, Ralph Mitchell wrote:
<blockquote type="cite">
<div class="gmail_quote">On Mon, Oct 10, 2011 at 4:53 PM, Rob
Munsch <span dir="ltr"><<a href="mailto:Munsch@phillycarshare.org" target="_blank">Munsch@phillycarshare.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div> > At present, I have a work-around.
Instead of using<br>
> bin/xymon to send<br>
> > messages, I'm using curl to post the message file
to<br>
> > <a href="https://server.domain.com/xymon/upload.php" target="_blank">https://server.domain.com/xymon/upload.php</a>.
On the server<br>
> side, the<br>
> > upload.php script simply drops the message file
into<br>
> xymon's incoming<br>
> > stream, just as if it were delivered over the net
by bin/xymon.<br>
><br>
> Good idea. I almost can copy this approach.<br>
><br>
> > The client side has the server's CA cert to
validate the connection<br>
> > and the data flow is encrypted in transit. I
could use<br>
> client certificates as well.<br>
><br>
> But I think this approach only works for Linux xymon
client,<br>
> since curl is readily available.<br>
> Preparing curl for other Unix(say HP-UX) and Windows
will be<br>
> a big challenge.<br>
<br>
</div>
Actually....<br>
<br>
<a href="http://curl.haxx.se/download.html" target="_blank">http://curl.haxx.se/download.html</a><br>
<br>
Wanna run it on Haiku? How about an Amiga? :)<br>
</blockquote>
</div>
<br>
Beat me to it... :-) We've got the script running on some IBM
AIX boxes here. I think the curl version is something ridiculous,
like curl-7.9, but it still delivers. That particular version is
not built with SSL, so it won't do secure connections. We have
HP-UX as well, but no Xymon client on that (yet).<br>
<br>
I've lost *some* functionality, because I'm only installing the
shell scripts, not any compiled binaries. That way, if I have to,
I can show that it's just a script using utilities supplied along
with the OS, same as anyone can type in to discover machine
status. Plus it's easier for other people to maintain.<br>
<br>
Ralph Mitchell<br>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Xymon mailing list
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
</div>
<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote></div>