<div>Anyone have xymoncgimsg.cgi functioning on their server and successfully receiving PSclient data over HTTPS? The documentation for this is vague and doesn't specify how to make it work. Any specifics would be greatly appreciated. <br/>
<br/>
Thanks, <br/>
Kris Springer<br/>
<br/><br/>-----Original Message-----<br/>From: Timothy Williams <tlwilliams4@vcu.edu><br/>To: kspringer@innovateteam.com<br/>Cc: xymon@xymon.com<br/>Sent: Tue, 06 Nov 2018 2:22 PM<br/>Subject: Re: [Xymon] PSclient sending from intranet<br/><br/></div><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">Alas, I am unable to help further, as my InfoSec allows port 1984, and not 80 or 443 to Xymon, so I don't have http running. </div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">Tim</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 6, 2018 at 3:29 PM Kris Springer <<a href="mailto:kspringer@innovateteam.com">kspringer@innovateteam.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
I've configured one of my PSclients to test this HTTPS
functionality, and it indeed does try to send data over port 443.
But the client logs say that my Xymon server is timing out. Is
there a specific server url path that I need to be using? The
documentation doesn't give any example.<br>
<br>
<pre class="m_367587555834596435moz-signature" cols="72">Kris Springer
</pre>
<div class="m_367587555834596435moz-cite-prefix">On 11/6/18 7:54 AM, Timothy Williams
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div class="gmail_default">The Powershell client can connect
to the Xymon server using TCP port 1984 as default, but can
also connect using HTTP or HTTPS with/without user/password.
You likely have port 80 or 443 open. Here are Word doc
details:</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">
<div class="gmail_default">HTTP is an alternate method. It
can be used if you have xymoncgimsg.cgi running on the web
server on your Xymon server – see <a href="https://www.xymon.com/help/manpages/man8/xymoncgimsg.cgi.8.html" target="_blank">https://www.xymon.com/help/manpages/man8/xymoncgimsg.cgi.8.html</a>.
The web server running the CGI can be configured for SSL
(i.e. HTTPS) and / or authentication – XymonPSClient
supports basic authentication and SSL. If you require
authentication, the <serverHttpUsername> and
<serverHttpPassword> elements should be configured.</div>
<div class="gmail_default">If you are using HTTP and
transmitting over unsecure networks (e.g. the internet),
it is strongly recommended to enable SSL, authentication
and disallow HTTP connections.</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">ServerHttpPassword encryption</div>
<div class="gmail_default">If <serverHttpPassword> is
set, the Xymon client will encrypt the password if it is
not encrypted and remove the plain text password from the
configuration file, overwriting with the encrypted
password. The Xymon client will prefix the encrypted
password with ‘{SecureString}’, so it is easy to tell if
the client has attempted to encrypt the password or not.</div>
<div class="gmail_default">This is done using the .NET
SecureString functions, which means that the encryption is
unique to the server and user. This means that once the
password has been encrypted, you cannot use the same
xymonclient_config.xml on another server. It also means
that if you have been testing by running XymonPSClient
from a command prompt, and this encrypts the password,
when you run XymonPSClient as a service it will not be
able to decrypt the password unless the service is running
as the same user.</div>
<div class="gmail_default">In both scenarios, replacing the
encrypted password with the plain text password and
re-starting Xymon will cause the password to be
re-encypted.</div>
<div><br>
</div>
</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">Tim Williams</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Tue, Nov 6, 2018 at 9:37 AM Rolf
Schrittenlocher <<a href="mailto:schritte@ub.uni-frankfurt.de" target="_blank">schritte@ub.uni-frankfurt.de</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote">any possibility to send
something from intranet to the world outside? <br>
creating webpage, send by sftp or scp? This could be done by
cron and <br>
xymon could analyze this data then.<br>
> Anyone have an idea about how to collect client server
stats using the <br>
> Powershell client on machines that are on an intranet
that blocks port <br>
> 1984, and send it out to our external xymon server
located in a <br>
> different part of the country? The intranet network
doesn't want to <br>
> open any additional ports to allow the traffic out.<br>
><br>
<br>
-- <br>
Mit freundlichen Grüßen<br>
Rolf Schrittenlocher<br>
<br>
Lokales Bibliothekssystem Frankfurt<br>
Bockenheimer Landstr. 134-138, 60325 Frankfurt<br>
Tel LBS: (49) 69 - 798 28830<br>
Tel persönlich: (49) 69 - 798 28908<br>
LBS: <a href="mailto:lbs@ub.uni-frankfurt.de" target="_blank">lbs@ub.uni-frankfurt.de</a><br>
Persönlich: <a href="mailto:schritte@ub.uni-frankfurt.de" target="_blank">schritte@ub.uni-frankfurt.de</a><br>
<br>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</blockquote></div>