[Xymon] XYmon in a DMZ
Gautier Begin
gbegin at csc.com
Tue Mar 11 10:32:12 CET 2014
Hello,
You get it. To monitor with XYMON a special network zone, you have to use
the XYMON proxy.
To install it:
A.\ Install a XYMON server.
B.\ Change its task.cfg file as follow:
* DISABLE the xymond (daemon fr the XYMONserver)
* Enable xymonproxy (proxy XYMON), xymonnet (ping and nework test)
and xymonclient (local XYMONclient)
[xymond]
DISABLED
[xymonproxy]
ENVFILE <xymon_path>/etc/xymonserver.cfg
CMD $XYMONHOME/bin/xymonproxy --server=YOUR.XYMON.SERVER.IP
--report=$MACHINE.xymonproxy --no-daemon
--pidfile=$XYMONSERVERLOGS/xymonproxy.pid
LOGFILE $XYMONSERVERLOGS/xymonproxy.log
[xymonnet]
ENVFILE <xymon_path>/etc/xymonserver.cfg
CMD xymonnet --report --ping --checkresponse
LOGFILE $XYMONSERVERLOGS/xymonnet.log
INTERVAL 5m
C.\ Modify/check the hosts.cfg on both xymon proxy and xymon server.
On the xymon proxy, indicate the list of the targets of
the "special network zone" you want to monitor
On the xymon server, indicate the list of the targets of
the "special network zone" you want to monitor with the noconn tag at the
end. This disable the ping from the xymon server. It will be done from the
the xymon server by the xymonnet process. Don't do it for the xymon proxy
itself.
D.\ Configure your agents in your "special network zone" to send data
to the xymon proxy.
E.\ Configure your FW to enable these flows:
- xymonproxy -----> xymonserver:1984 (TCP)
- xymonserver -----> xymonproxy (ICMP)
F.\ Start your xymonproxy the same way you do for a xymon server.
G.\ Enjoy !! - Rq: Data on communication flow are shown in the the
xymonproxy xymon test.
Cordialement, Regards,Mit freundlichen Grüßen,
Gautier BEGIN
CSC • This is a PRIVATE message. If you are not the intended recipient,
please delete without copying and kindly advise us by e-mail of the
mistake in delivery. NOTE: Regardless of content, this e-mail shall not
operate to bind CSC to any order or other contract unless pursuant to
explicit written agreement or government initiative expressly permitting
the use of e-mail for such purpose
•
CSC Computer Sciences SAS • Registered Office: Immeuble Le Balzac, 10
Place des Vosges, 92072 Paris La Défense Cedex, France • Registered in
France: RCS Nanterre B 315 268 664
From: "L.M.J" <linuxmasterjedi at free.fr>
To: <xymon at xymon.com>
Date: 03/10/2014 07:07 PM
Subject: [Xymon] XYmon in a DMZ
Sent by: "Xymon" <xymon-bounces at xymon.com>
Hi,
Can someone explain me if I could do this with XYmon !
1) DMZ hosts send all data to a "local DMZ xymon"
2) XYmon global server fetch all data from this "local DMZ xymon"
I bet I have to use "xymonproxy", but I read and re-read the
documentation,
it's very cristal clear for me. Can someone explain to the big picture
please ?
Also, I have hosts in a remote site, I installed a Xymon server there.
Remote
hosts report to this remote XYmon server. For a few hosts, I add an
extra IP
to XYMSERVERS and it sends also data to my XYmon global server
Is it the best to do it ? Like the previous questin, can the XYmon
global
server fetch data from the remote Xymon server.
With my choice : 1 global xymon, 1 on each remote location, I have to
watch a
couple of the XYmon pages, I don't have an global overview...
How do you guys do ? Any Xymon architecture advices is welcome !
Thanks
--
LMJ
"May the source be with you my young padawan"
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140311/d32e8c73/attachment.html>
More information about the Xymon
mailing list