<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes, we have 443 and 22 open so this will just work, if you figure
out how todo it that is...<br>
but this approach will let almost all OS flavors use it as almost
all have SSH by default, or at least easily installed.<br>
<br>
- Roland<br>
<br>
On 11/10/11 08:40 AM, Ralph Mitchell wrote:
<blockquote
cite="mid:CAAEjoCUAp+cvqKbxGDfneB0iPxL5J02P-Mvqg0brEJALWQg7xA@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<p>That's close to what I am doing using curl to post to a secure
web server. Secure http over port 443 is already blessed by
management and security. Opening another port requires
paperwork... </p>
<p>Ralph Mitchell</p>
<div class="gmail_quote">On Oct 10, 2011 5:34 PM, "Roland
Soderstrom" <<a moz-do-not-send="true"
href="mailto:rolands@logicaltech.com.au">rolands@logicaltech.com.au</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> This feature would
please my managers a lot, getting all traffic encrypted.<br>
To me it seems like all the stones are there like SSL,
xymond isn't that just an RPC?<br>
Just need to put it together. (sounds easy doesn't it)<br>
<br>
I had another thought that I haven't played around with yet.<br>
Could you create an ssh tunnel and just pipe all xymon
traffic through it?<br>
<br>
client % ssh -N -g -f -L 1984:xymonserver.local:1984
xymonserver.local -l roland<br>
And let XYMSRV be localhost:1984<br>
or something similar...<br>
<br>
I don't have a test rig to test it out right now.<br>
<br>
- Roland<br>
<br>
<br>
On 11/10/11 08:07 AM, Ralph Mitchell wrote:
<blockquote type="cite">
<div class="gmail_quote">On Mon, Oct 10, 2011 at 4:53 PM,
Rob Munsch <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:Munsch@phillycarshare.org"
target="_blank">Munsch@phillycarshare.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt
0pt 0.8ex;border-left:1px solid rgb(204, 204,
204);padding-left:1ex">
<div> > At present, I have a work-around. Instead
of using<br>
> bin/xymon to send<br>
> > messages, I'm using curl to post the
message file to<br>
> > <a moz-do-not-send="true"
href="https://server.domain.com/xymon/upload.php"
target="_blank">https://server.domain.com/xymon/upload.php</a>.
On the server<br>
> side, the<br>
> > upload.php script simply drops the message
file into<br>
> xymon's incoming<br>
> > stream, just as if it were delivered over
the net by bin/xymon.<br>
><br>
> Good idea. I almost can copy this approach.<br>
><br>
> > The client side has the server's CA cert
to validate the connection<br>
> > and the data flow is encrypted in
transit. I could use<br>
> client certificates as well.<br>
><br>
> But I think this approach only works for Linux
xymon client,<br>
> since curl is readily available.<br>
> Preparing curl for other Unix(say HP-UX) and
Windows will be<br>
> a big challenge.<br>
<br>
</div>
Actually....<br>
<br>
<a moz-do-not-send="true"
href="http://curl.haxx.se/download.html"
target="_blank">http://curl.haxx.se/download.html</a><br>
<br>
Wanna run it on Haiku? How about an Amiga? :)<br>
</blockquote>
</div>
<br>
Beat me to it... :-) We've got the script running on
some IBM AIX boxes here. I think the curl version is
something ridiculous, like curl-7.9, but it still
delivers. That particular version is not built with SSL,
so it won't do secure connections. We have HP-UX as well,
but no Xymon client on that (yet).<br>
<br>
I've lost *some* functionality, because I'm only
installing the shell scripts, not any compiled binaries.
That way, if I have to, I can show that it's just a script
using utilities supplied along with the OS, same as anyone
can type in to discover machine status. Plus it's easier
for other people to maintain.<br>
<br>
Ralph Mitchell<br>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Xymon mailing list
<a moz-do-not-send="true" href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a>
<a moz-do-not-send="true" href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
</div>
<br>
_______________________________________________<br>
Xymon mailing list<br>
<a moz-do-not-send="true" href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a moz-do-not-send="true"
href="http://lists.xymon.com/mailman/listinfo/xymon"
target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br>
</blockquote>
</div>
</blockquote>
</body>
</html>