<div dir="ltr">It's not very hard to construct a method to install custom scripts. Linux systems generally have a package manager, whether it's rpm, yum, dnf, zypper, apt or whatever. So, off the top of my head, I think this would work:<div><br></div><div>1) construct packages for the various tests you want to install</div><div>2) construct a meta-package for each different server type (DB, App, web, etc) that contains nothing other than requirements for the relevant packages</div><div>3) in Xymon's client-local.cfg you can put *anything* you want, so add a line for each client that contains the name of the meta-package:</div><div> clientPKG: DB</div><div> clientPKG: APP</div><div> clientPKG: WEB</div><div> That will get delivered to the client every time the main client test (cpu, disk, mem, port, procs) runs.</div><div>4) then distribute to each client a generic custom test that grep's that line out of the local.cfg and does the equivalent of:</div><div> yum install xymon-client-DB </div><div> or -APP, or -WEB, to install the meta-package, which in turn will pull in the appropriate group of test packages.</div><div><br></div><div>The client will then use all the safeguards built into the OS package delivery/installation process to download and verify the signed package before installing it. That ought to satisfy an auditor.</div><div><br></div><div>If you need to modify a test, just update its package, rebuild any meta-package that has a dependency for it, and push them all to your package repository server. Similarly for a new test. Clients will pull in the updated meta-package whenever their update script checks in (hourly, daily, weekly?), and install any updated bits. The updater can be run as a Xymon task, even if it doesn't generate a report.</div><div><br></div><div>Ralph Mitchell</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 4, 2020 at 11:19 AM Greg Hubbard <<a href="mailto:glh.forums@gmail.com">glh.forums@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">I think that the original philosophy behind Xymon was to "inform and notify" and not to "remediate." The client sends data to a predefined destination at regular intervals.<div><br></div><div>However, you have described the Xymon administrators dilemma very well -- what about custom tests? As Timothy points out, some thought has been put into this in the PowerShell client, but I am not sure what JC is planning for the Xymon "native" clients. Just keep in mind that once your Xymon server can start distributing code to its clients, the security requirements will likely escalate. Some form of "trust" will be needed between the client and the server as well as other features to keep the auditors at bay.</div><div><br></div><div>However, you might be able to roll your own distribution function. All you need is a custom test that connects to your distribution point to look for changes. If anything changes, it can download the new code and "do the needful" to activate it. Another coping mechanism is to write your custom checks so they do not need to be updated very often, or isolate the updates so they can be easily applied.</div><div><br></div><div>Regards,</div><div><br></div><div>Greg Hubbard</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 4, 2020 at 9:21 AM Timothy Williams <<a href="mailto:tlwilliams4@vcu.edu" target="_blank">tlwilliams4@vcu.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:verdana,sans-serif;font-size:small">On the Windows PSXymon or (shudder) BBWin client, you can run an external script by specifying it in the client-config file. Client can download from a central repository using URL or BB: (from Xymon server) link to run every scan or on slow scan. Therefore, changes to script are immediately distributed. The script can write an output file to TMP folder and that is picked up and displayed on Xymon console (name of file becomes name of column).</div><div style="font-family:verdana,sans-serif;font-size:small"><br></div><div style="font-family:verdana,sans-serif;font-size:small">As Windows clients were built to mimic the Linux client, I would assume there is a mechanism there as well.</div><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="background-image:initial;background-position:initial;background-repeat:initial"><font face="arial, sans-serif"><b>Timothy L. Williams<br></b></font><span style="font-family:verdana,sans-serif;font-weight:bold"></span><span style="font-weight:bold"><font face="arial, sans-serif">Windows Server </font></span><b><font face="arial, sans-serif">O</font><font face="Arial, sans-serif">perating Systems Analyst</font><br></b></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 4, 2020 at 9:12 AM Gabby Gibbons via Xymon <<a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><br><br>---------- Forwarded message ----------<br>From: Gabby Gibbons <<a href="mailto:gabby.gibbons@yahoo.com" target="_blank">gabby.gibbons@yahoo.com</a>><br>To: Xymon Mailinglist <<a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a>><br>Cc: <br>Bcc: <br>Date: Fri, 4 Dec 2020 13:52:18 +0000 (UTC)<br>Subject: Running a custom test on multiple clients.<br><div><div style="font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:16px"><div dir="ltr">Hello,</div><div dir="ltr"> </div><div dir="ltr">I am trying to figure out if there's a way to write a custom test on the xymon server and then run that test on each client as the client. I am aware of the ability to write a test on the server and then use XYMONGREP to run a test on each machine as the server, but the problem with that is, as far as I can tell, you can only run unauthenticated checks from the outside of the system. Say, for example, I want to monitor a log file using xymon on each client. If I were able to run the check on each system itself as the authenticated xymon user I could do that easily, but I wouldn't be able to view that file from the outside with another computer without first authenticating.</div><div dir="ltr"><br></div><div dir="ltr">Right now my solution is to simply copy all of the custom tests I have to each monitored machine. This works, but the problem is that it's so decentralized. Every time I make a simple change to a script or want to add a new custom script I have to go to every single machine and make the same change. Being able to centralize this somewhat and have the clients all read from one source would make managing custom tests much much easier. Is this possible to do?</div></div></div><br><br><br>---------- Forwarded message ----------<br>From: Gabby Gibbons via Xymon <<a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a>><br>To: Xymon Mailinglist <<a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a>><br>Cc: <br>Bcc: <br>Date: Fri, 4 Dec 2020 13:52:18 +0000 (UTC)<br>Subject: [Xymon] Running a custom test on multiple clients.<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote></div>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.</div></div>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote></div>