[Xymon] xymon for AIX
John Langbein
bigbandjohn at gmail.com
Wed May 25 16:25:41 CEST 2016
In case you need them, here are the firewall commands I used:
[root at xymontest rc3.d]# firewall-cmd --permanent --zone=public
--add-port=80/tcp
success
[root at xymontest rc3.d]# firewall-cmd --permanent --zone=public
--add-port=1984/tcp
success
[root at xymontest rc3.d]# firewall-cmd --reload
I also just created a service file for startup/shutdown. This may be
helpful to you down the road so you won't have to re-invent the wheel. It
took me a while and asking a CentOS mailing list to find the answer:
"/usr/lib/systemd/system/xymon.service" 27L, 816C
# xymonlaunch.service
# systemd file for Fedora 18 and up, or RHEL 7 and up
[Unit]
Description=Xymon systems and network monitor
Documentation=man:xymon(7) man:xymonlaunch(8) man:xymon(1)
After=network.target
[Install]
# Compatibility with "xymon" and "xymon-client"
Alias=xymon.service
Alias=xymon-client.service
WantedBy=multi-user.target
[Service]
#EnvironmentFile=/etc/sysconfig/xymonlaunch
User=xymon
# We wrap in xymoncmd to eliminate the need for the bulk of the old init
script
ExecStart=/home/xymon/server/bin/xymoncmd
/home/xymon/server/bin/xymonlaunch --no-daemon $XYMONLAUNCHOPTS
Type=simple
# Kill xymonlaunch, but don't send kills to the underlying procs, since they
# might be doing important things (like writing checkpoints and flushing
caches)
KillMode=process
# SendSIGHUP=yes
SendSIGKILL=no
######################################## - next run the commands below
after creating this service file
systemctl enable xymon.service
systemctl start xymon.service
I had issues where it would only stop or only start. It was not obvious how
to write this. Hope you find this helpful
John
On Tue, May 24, 2016 at 6:49 PM, John Langbein <bigbandjohn at gmail.com>
wrote:
> This sounds like a firewall issue. Search for open poet firewall centos 7
> and the command should come up. I just had the same issue.
> On May 24, 2016 6:46 PM, "Jeremy Laidman" <jlaidman at rebel-it.com.au>
> wrote:
>
>> On 25/05/2016 4:14 AM, "Wonder fo" <wonderfoo2 at gmail.com> wrote:
>> >
>> > Hi Jeremy,
>> >
>> > telnet is disabled by default on xymon server (running Centos
>> 7.2.1511).
>>
>> As it should be, the telnet daemon is disabled. But not the telnet
>> client. The centos should not allow anyone to connect to it, but shouldn't
>> stop you connecting from it to other devices that use telnet.
>>
>> As an aside, telnet can be secured using kerberos.
>>
>> > Below is probably an expected output consider the security risk of
>> clear text protocol ?
>>
>> Actually, no, it's not. Here, you are using the telnet command for
>> something other than the telnet protocol. This is an old sysadmin trick.
>> The telnet command primarily just connects to a TCP service, but that
>> doesn't have to be the telnet service, it can be practically any TCP
>> service. It might be a bit confusing at first, but it works; it's as if the
>> command is really called "socket", and just happens to connect on the
>> telnet port by default. But specify another service port, and you have a
>> primitive tcp client for that other service. In fact people have even used
>> telnet in place of a xymon client binary on systems where compiling or
>> installing binaries is not possible.
>>
>> For kicks, try using it to connect to the ssh port on the Centos server,
>> from itself.
>>
>> # telnet 127.1 22
>>
>> If you run an ssh service on the Centos server, then the above command
>> will successfully connect, and also give you an ssh protocol banner. (To
>> disconnect, press ctrl-] and type quit.)
>>
>> Here, we are using telnet like netcat (aka nc). Netcat is a generic
>> socket connection tool that is much more flexible than the telnet client,
>> but telnet is more universally available, which is why it's so popular as a
>> socket test tool in the sysadmin's toolbox.
>>
>> > # telnet 172.31.2.131 1984
>> > Trying...
>>
>> This should say "connected" almost instantly. The fact that it says
>> neither "connected" nor "refused" tells me that there's a firewall dropping
>> packets. As you say, there's no firewall between the client and server. So
>> the most likely cause is a firewall /on/ the client or server. That would
>> be something like iptables (technically called netfilter) on the Centos
>> Xymon server, restricting incoming connections on port 1984, or something
>> like TCP/IP filters on the AIX Xymon client, restricting outbound
>> connections. Try running "iptables-save" on the Xymon server to see if
>> there are rules defined; try running "lsfilt" on the Xymon client to see if
>> there are rules defined.
>>
>> Cheers
>> Jeremy
>>
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160525/e1ef1be9/attachment.html>
More information about the Xymon
mailing list