[Xymon] [External] Re: can I put enadis into debug mode?

Japheth Cleaver cleaver at terabithia.org
Tue Sep 17 19:40:46 CEST 2019 

Based on the connectivity information below, it looks like the message 
(or at least A message) is making back into xymond OK.

Can you send -USR2 to xymond and hit it again? Were there any changes to 
your '--admin-senders' option concurrently?

-jc

On 9/16/2019 5:31 PM, Rothlisberger, John R. wrote:
> Any ideas?  This causing us issues because we are unable to acknowledge or disable alerts from the webpapge.
>
> Thanks,
> John
>
> -----Original Message-----
> From: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>
> Sent: Friday, September 13, 2019 4:54 PM
> To: Japheth Cleaver <cleaver at terabithia.org>; rene at vermare.net; xymon at xymon.com
> Subject: RE: [External] Re: [Xymon] can I put enadis into debug mode?
>
> I was able to set HTTP_HOST within cgioptions.cfg:
>
> And now, it appears as though enadis works - but its not disabling the test...
> Cgioptions.cfg:
> HTTP_HOST=aoc.accenture.com
>
> 11428 2019-09-13 22:43:31.789838 Opening file /home/xymon/server/etc/xymonmenu.cfg
> 11428 2019-09-13 22:43:31.793320 Trying header/footer file '/home/xymon/server/web/maint_footer'
> 11479 2019-09-13 22:43:45.424949 CGI: Request method='POST', data='hostname=serverA&disabletest=lupdate&hostpattern=serverA&pagepattern=&ippattern=&classpattern=&cause=test+disable&go2=Disable+for&duration=4&scale=60&endmonth=9&endday=13&endyear=2019&endhour=22&endminute=43&go=Disable+now&month=9&day=13&year=2019&hour=22&minute=43'
> 11479 2019-09-13 22:43:45.425092 CSP return is Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
> X-Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
> X-Webkit-CSP: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
> 11479 2019-09-13 22:43:45.425124  - checking if referer is OK (http_referer: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_xymon-2Dseccgi_enadis.sh&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=hUp7xV6fRA2n12I55P6JyeCMauvA190vp8c5SkV-sNE&s=d4ROtciks3XZkuyjqLv1pL1srjNjhp2WASy5jFUDRJo&e= , http_host: our.domain.com, xymonwebhost: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=hUp7xV6fRA2n12I55P6JyeCMauvA190vp8c5SkV-sNE&s=1dukM_LrvEB24reV8YMIm6JDvfrBojPwjn3kI6zoHTo&e= , checkstr: /xymon-seccgi/enadis
> 11479 2019-09-13 22:43:45.425212 Trying header/footer file '/home/xymon/server/web/maintact_header'
> 11479 2019-09-13 22:43:45.425354 Opening file /home/xymon/server/etc/xymonmenu.cfg
> 11479 2019-09-13 22:43:45.425549 Action = disable
> 11479 2019-09-13 22:43:45.425564 Tests = 11479 2019-09-13 22:43:45.425574 Duration = 4, scale = 60
> 11479 2019-09-13 22:43:45.425582 Cause = test disable
> 11479 2019-09-13 22:43:45.425608 Trying header/footer file '/home/xymon/server/web/maintact_footer'
> 11482 2019-09-13 22:43:49.112970 CGI: Request method='GET', data=''
> 11482 2019-09-13 22:43:49.113120 Transport setup is:
> 11482 2019-09-13 22:43:49.113138 xymondportnumber = 1984
> 11482 2019-09-13 22:43:49.113147 xymonproxyhost = NONE
> 11482 2019-09-13 22:43:49.113156 xymonproxyport = 0
> 11482 2019-09-13 22:43:49.113164 Recipient listed as '127.0.0.1'
> 11482 2019-09-13 22:43:49.113173 Standard protocol on port 1984
> 11482 2019-09-13 22:43:49.113194 Will connect to address 127.0.0.1 port 1984
> 11482 2019-09-13 22:43:49.113328 Connect status is 0
> 11482 2019-09-13 22:43:49.113373 Sent 16 bytes
>
> Unbuntu 16.04LTS
> Xymon 4.3.30
>
> Thanks,
> John
>
> -----Original Message-----
> From: Japheth Cleaver <cleaver at terabithia.org>
> Sent: Thursday, September 12, 2019 5:45 PM
> To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; rene at vermare.net
> Cc: xymon at xymon.com
> Subject: Re: [External] Re: [Xymon] can I put enadis into debug mode?
>
> This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
>
> On 9/12/2019 2:58 PM, Rothlisberger, John R. wrote:
>
>> That worked for debugging - can at least see where the error is coming from:
>> 76996 2019-09-12 22:42:29.566819  - checking if referer is OK (http_referer: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_xymon-2Dseccgi_enadis.sh&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=bRahvPMUFYb204VPoQl7be5NB_ddal_nzGb2JBHaABg&s=HpwRnnzanaIWULrjFb04HysWuBn92I2_d7Ms7pmSiK8&e= , http_host: 10.20.30.40, xymonwebhost: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=bRahvPMUFYb204VPoQl7be5NB_ddal_nzGb2JBHaABg&s=ik1nvxSgFr0cOhbiWRUQbpQ8u_Vq7hDK4hnkeaMqQsE&e= , checkstr: /xymon-seccgi/enadis
>> 76996 2019-09-12 22:42:29.566832 Disallowed request due to unexpected referer 'our.domain.com/xymon-seccgi/enadis.sh', wanted '10.20.30.40/xymon-seccgi/enadis' (originally '/xymon-seccgi/enadis')
>> http_host is the IP of the Xymon server - but not the same as the URL used for our system (we have several and use a reverse proxy to get to all of them).
>> Without taking too many wild guesses at which setting defines http_host (can't find it in man pages) - how do I change that?
>
>
> HTTP_HOST is actually going to be set by the client. However the check
>
> can be overridden by setting $XYMONSERVERWWWNAME (technically
>
> $XYMONWEBHOST is what's used) in xymonserver.cfg to what you're
>
> expecting the client to be using.
>
>
>
> Depending on current .cfg settings, something may be specifying the
>
> basic IP there.
>
>
>
> HTH,
>
>
>
> -jc
>
>
>
>
> ________________________________
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
> ______________________________________________________________________________________
>
> http://www.accenture.com

More information about the Xymon mailing list