<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Thanks for the reply Zak. After my brain chewed on the problem for
a day I woke up at 2am and was able to figure it out. I did some
Googling regarding Apache and CGI scripts and all I needed to do was
to edit the default cgi-bin path in one of apache's conf files and
restart Apache. <br>
/etc/apache2/conf-enabled/serve-cgi-bin.conf defines
/usr/lib/cgi-bin/ which is an empty directory on my server. I
pointed it to my /xymon/cgi-bin/ directory where the scripts live
and everything suddenly worked. I'm writing up my own how-to now.
This feature is great for sending remote system data over 443. I'll
be using it a lot moving forward. Thanks for the PSclient!<br>
<br>
<pre class="moz-signature" cols="72">Kris Springer
</pre>
<div class="moz-cite-prefix">On 11/8/18 2:25 AM, Beck, Zak wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CO1P114MB0054ABC79C21E220A4CE4FAA98C50@CO1P114MB0054.NAMP114.PROD.OUTLOOK.COM">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<div class="WordSection1">
<p class="MsoNormal"><span>Hi Kris</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>Yes, I have it working. As you say,
the URL needs to include the full path to xymoncgimsg.cgi.</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>All xymoncgimsg.cgi does as far as I
can tell is relay the message(s) received over HTTPS via TCP
to localhost port 1984 (which is what the man page says as
well). So you need that listening (which by default it will
be).</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>I don’t recall making any other
config changes to make this work (aside from Apache etc to
sort out the authentication).</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>I suspect the time out is waiting for
the response – when you submit data to Xymon, you normally
get the client local config back from the server. This comes
back via the HTTPS response. There is a timeout setting –
sorry I forgot to document it in the table in the Word doc –
serverHttpTimeoutMs – which defaults to 100000 milliseconds
– i.e. 100 seconds. This is the time it waits for the
response from the server. 100 seconds is pretty generous
unless you’re traversing particularly slow VPNs or saturated
connections. You can override this in the
xymonclient_config.xml file.</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>I’m assuming you’re getting this
message:</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> " Connecting to $($url), body
length $($body.Length), timeout
$($script:XymonSettings.serverHttpTimeoutMs)ms"</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>And then this one (with a timeout
exception):</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> " Exception connecting to
$($url):`n$($_)"</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>And not either of these:</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> " FAILED, HTTP response
code: $($response.StatusCode) ($statusCode)"</span></p>
<p class="MsoNormal"><span>or</span></p>
<p class="MsoNormal"><span> " Received $($output.Length)
bytes from server"</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>Zak </span><span></span></p>
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span
lang="EN-US"> Xymon <a class="moz-txt-link-rfc2396E" href="mailto:xymon-bounces@xymon.com"><xymon-bounces@xymon.com></a>
<b>On Behalf Of </b><a class="moz-txt-link-abbreviated" href="mailto:kspringer@innovateteam.com">kspringer@innovateteam.com</a><br>
<b>Sent:</b> Thursday, 8 November 2018 08:51<br>
<b>To:</b> Xymon MailingList <a class="moz-txt-link-rfc2396E" href="mailto:xymon@xymon.com"><xymon@xymon.com></a><br>
<b>Subject:</b> [External] Re: [Xymon] PSclient sending from
intranet</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Anyone have xymoncgimsg.cgi functioning
on their server and successfully receiving PSclient data
over HTTPS? The documentation for this is vague and doesn't
specify how to make it work. Any specifics would be greatly
appreciated. <br>
<br>
Thanks, <br>
Kris Springer<br>
<br>
<br>
-----Original Message-----<br>
From: Timothy Williams <<a
href="mailto:tlwilliams4@vcu.edu" moz-do-not-send="true">tlwilliams4@vcu.edu</a>><br>
To: <a href="mailto:kspringer@innovateteam.com"
moz-do-not-send="true">kspringer@innovateteam.com</a><br>
Cc: <a href="mailto:xymon@xymon.com" moz-do-not-send="true">xymon@xymon.com</a><br>
Sent: Tue, 06 Nov 2018 2:22 PM<br>
Subject: Re: [Xymon] PSclient sending from intranet</p>
</div>
<div>
<div>
<p class="MsoNormal"><span>Alas, I am unable to help
further, as my InfoSec allows port 1984, and not 80 or
443 to Xymon, so I don't have http running. </span></p>
</div>
<div>
<p class="MsoNormal"><span> </span></p>
</div>
<div>
<p class="MsoNormal"><span>Tim</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Tue, Nov 6, 2018 at 3:29 PM Kris
Springer <<a href="mailto:kspringer@innovateteam.com"
moz-do-not-send="true">kspringer@innovateteam.com</a>>
wrote:</p>
</div>
<blockquote>
<div>
<p class="MsoNormal">I've configured one of my PSclients
to test this HTTPS functionality, and it indeed does try
to send data over port 443. But the client logs say
that my Xymon server is timing out. Is there a specific
server url path that I need to be using? The
documentation doesn't give any example.<br>
<br>
<br>
</p>
<pre>Kris Springer</pre>
<pre> </pre>
<pre> </pre>
<div>
<p class="MsoNormal">On 11/6/18 7:54 AM, Timothy
Williams wrote:</p>
</div>
<blockquote>
<div>
<div>
<div>
<p class="MsoNormal">The Powershell client can
connect to the Xymon server using TCP port 1984
as default, but can also connect using HTTP or
HTTPS with/without user/password. You likely
have port 80 or 443 open. Here are Word doc
details:</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">HTTP is an alternate
method. It can be used if you have
xymoncgimsg.cgi running on the web server on
your Xymon server – see
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.xymon.com_help_manpages_man8_xymoncgimsg.cgi.8.html&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=-OwMT0n637myRsiGrh2Ey_FyOjBckX9cnzeXB9ID_dw&s=nwg-TdqZw8dbasxkybIMrt8HKpuV-U4Z2HpC5Rbr1BM&e="
target="_blank" moz-do-not-send="true">
https://www.xymon.com/help/manpages/man8/xymoncgimsg.cgi.8.html</a>. The
web server running the CGI can be configured
for SSL (i.e. HTTPS) and / or authentication –
XymonPSClient supports basic authentication
and SSL. If you require authentication, the
<serverHttpUsername> and
<serverHttpPassword> elements should be
configured.</p>
</div>
<div>
<p class="MsoNormal">If you are using HTTP and
transmitting over unsecure networks (e.g. the
internet), it is strongly recommended to
enable SSL, authentication and disallow HTTP
connections.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">ServerHttpPassword
encryption</p>
</div>
<div>
<p class="MsoNormal">If
<serverHttpPassword> is set, the Xymon
client will encrypt the password if it is not
encrypted and remove the plain text password
from the configuration file, overwriting with
the encrypted password. The Xymon client will
prefix the encrypted password with
‘{SecureString}’, so it is easy to tell if the
client has attempted to encrypt the password
or not.</p>
</div>
<div>
<p class="MsoNormal">This is done using the .NET
SecureString functions, which means that the
encryption is unique to the server and user.
This means that once the password has been
encrypted, you cannot use the same
xymonclient_config.xml on another server. It
also means that if you have been testing by
running XymonPSClient from a command prompt,
and this encrypts the password, when you run
XymonPSClient as a service it will not be able
to decrypt the password unless the service is
running as the same user.</p>
</div>
<div>
<p class="MsoNormal">In both scenarios,
replacing the encrypted password with the
plain text password and re-starting Xymon will
cause the password to be re-encypted.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Tim Williams</p>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Tue, Nov 6, 2018 at 9:37 AM
Rolf Schrittenlocher <<a
href="mailto:schritte@ub.uni-frankfurt.de"
target="_blank" moz-do-not-send="true">schritte@ub.uni-frankfurt.de</a>>
wrote:</p>
</div>
<blockquote>
<p class="MsoNormal">any possibility to send
something from intranet to the world outside?
<br>
creating webpage, send by sftp or scp? This could
be done by cron and <br>
xymon could analyze this data then.<br>
> Anyone have an idea about how to collect
client server stats using the <br>
> Powershell client on machines that are on an
intranet that blocks port <br>
> 1984, and send it out to our external xymon
server located in a <br>
> different part of the country? The intranet
network doesn't want to <br>
> open any additional ports to allow the
traffic out.<br>
><br>
<br>
-- <br>
Mit freundlichen Grüßen<br>
Rolf Schrittenlocher<br>
<br>
Lokales Bibliothekssystem Frankfurt<br>
Bockenheimer Landstr. 134-138, 60325 Frankfurt<br>
Tel LBS: (49) 69 - 798 28830<br>
Tel persönlich: (49) 69 - 798 28908<br>
LBS: <a href="mailto:lbs@ub.uni-frankfurt.de"
target="_blank" moz-do-not-send="true">lbs@ub.uni-frankfurt.de</a><br>
Persönlich: <a
href="mailto:schritte@ub.uni-frankfurt.de"
target="_blank" moz-do-not-send="true">schritte@ub.uni-frankfurt.de</a><br>
<br>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank"
moz-do-not-send="true">Xymon@xymon.com</a><br>
<a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwMGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=-OwMT0n637myRsiGrh2Ey_FyOjBckX9cnzeXB9ID_dw&s=F_2sRqz669yemQ4GbrwkTlh6D0HtrNX1wqu7RvAN1WE&e="
target="_blank" moz-do-not-send="true">http://lists.xymon.com/mailman/listinfo/xymon</a></p>
</blockquote>
</div>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</blockquote>
</div>
</div>
<br>
<hr>
<br>
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise confidential information. If
you have received it in error, please notify the sender
immediately and delete the original. Any other use of the e-mail
by you is prohibited. Where allowed by local law, electronic
communications with Accenture and its affiliates, including e-mail
and instant messaging (including content), may be scanned by our
systems for the purposes of information security and assessment of
internal compliance with Accenture policy. Your privacy is
important to us. Accenture uses your personal data only in
compliance with data protection laws. For further information on
how Accenture processes your personal data, please see our privacy
statement at <a class="moz-txt-link-freetext" href="https://www.accenture.com/us-en/privacy-policy">https://www.accenture.com/us-en/privacy-policy</a>. <br>
______________________________________________________________________________________<br>
<br>
<a class="moz-txt-link-abbreviated" href="http://www.accenture.com">www.accenture.com</a><br>
</blockquote>
<br>
</body>
</html>