[External] Re: [Xymon] can I put enadis into debug mode?

Rothlisberger, John R. john.r.rothlisberger at accenture.com
Wed Sep 18 14:37:01 CEST 2019


There is nothing that shows up in xymond.log for enadis.sh - the debug is running also.

Thanks,
John

-----Original Message-----
From: Japheth Cleaver <cleaver at terabithia.org> 
Sent: Tuesday, September 17, 2019 4:45 PM
To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; xymon at xymon.com
Subject: Re: [External] Re: [Xymon] can I put enadis into debug mode?

killall -USR2 xymond, to enable debugging on the fly.

At that point, go ahead and use enadis.sh to submit the request. You should see a disable (or enable) message in /var/log/xymon/xymond.log for the host in question -- either correctly or incorrectly. We should be able to see what's happening from there.

If it does make it through textually correct, then we've verified that it's no longer being blocked by the original problem.

HTH,
-jc


On 9/17/2019 1:19 PM, Rothlisberger, John R. wrote:
> I have made changes to --admin-senders but only in an attempt to fix 
> the issues at hand.  That being said, it was either set to it's own IP 
> or 127.0.0.1,$XYMONSERVERIP I am unsure how or where you want me to 
> use -USR2 (sorry brain fade)
>
> Here is with debug enabled and captured in enadis.log:
> 99801 2019-09-17 21:13:15.091517 CGI: Request method='GET', data=''
> 99801 2019-09-17 21:13:15.091663 Transport setup is:
> 99801 2019-09-17 21:13:15.091674 xymondportnumber = 1984
> 99801 2019-09-17 21:13:15.091683 xymonproxyhost = NONE
> 99801 2019-09-17 21:13:15.091691 xymonproxyport = 0
> 99801 2019-09-17 21:13:15.091699 Recipient listed as '127.0.0.1'
> 99801 2019-09-17 21:13:15.091708 Standard protocol on port 1984
> 99801 2019-09-17 21:13:15.091727 Will connect to address 127.0.0.1 
> port 1984
> 99801 2019-09-17 21:13:15.091871 Connect status is 0
> 99801 2019-09-17 21:13:15.091912 Sent 16 bytes
> 99801 2019-09-17 21:13:15.150989 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151183 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151311 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151537 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151608 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151708 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151775 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151849 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151916 Read 32767 bytes
> 99801 2019-09-17 21:13:15.151984 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152057 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152138 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152206 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152290 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152470 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152594 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152668 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152737 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152823 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152898 Read 32767 bytes
> 99801 2019-09-17 21:13:15.152968 Read 32767 bytes
> 99801 2019-09-17 21:13:15.153042 Read 32767 bytes
> 99801 2019-09-17 21:13:15.153109 Read 672 bytes
> 99801 2019-09-17 21:13:15.153157 Closing connection
> 99801 2019-09-17 21:13:15.165423 Trying header/footer file '/home/xymon/server/web/maint_header'
> 99801 2019-09-17 21:13:15.165475 Recipient listed as '127.0.0.1'
> 99801 2019-09-17 21:13:15.165485 Standard protocol on port 1984
> 99801 2019-09-17 21:13:15.165489 Will connect to address 127.0.0.1 
> port 1984
> 99801 2019-09-17 21:13:15.165543 Connect status is 0
> 99801 2019-09-17 21:13:15.165561 Sent 55 bytes
> 99801 2019-09-17 21:13:15.182312 Read 32767 bytes
> 99801 2019-09-17 21:13:15.182391 Read 11009 bytes
> 99801 2019-09-17 21:13:15.182851 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183039 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183149 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183241 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183317 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183395 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183470 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183551 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183627 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183716 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183799 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183873 Read 32767 bytes
> 99801 2019-09-17 21:13:15.183950 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184053 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184135 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184210 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184284 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184359 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184458 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184578 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184657 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184734 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184826 Read 32767 bytes
> 99801 2019-09-17 21:13:15.184903 Read 32767 bytes
> 99801 2019-09-17 21:13:15.185013 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186451 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186535 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186645 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186727 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186805 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186882 Read 32767 bytes
> 99801 2019-09-17 21:13:15.186959 Read 32767 bytes
> 99801 2019-09-17 21:13:15.187033 Read 491 bytes
> 99801 2019-09-17 21:13:15.187062 Closing connection
> 99801 2019-09-17 21:13:15.205359 Recipient listed as '127.0.0.1'
> 99801 2019-09-17 21:13:15.205376 Standard protocol on port 1984
> 99801 2019-09-17 21:13:15.205380 Will connect to address 127.0.0.1 
> port 1984
> 99801 2019-09-17 21:13:15.205438 Connect status is 0
> 99801 2019-09-17 21:13:15.205456 Sent 8 bytes
> 99801 2019-09-17 21:13:15.205607 Closing connection
> 99801 2019-09-17 21:13:15.309349 Opening file 
> /home/xymon/server/etc/xymonmenu.cfg
> 99801 2019-09-17 21:13:15.313554 Trying header/footer file '/home/xymon/server/web/maint_footer'
> 99879 2019-09-17 21:13:44.381310 CGI: Request method='POST', data='hostname=servera&disabletest=disk&hostpattern=&pagepattern=&ippattern=&classpattern=&cause=test+disable&go2=Disable+for&duration=1&scale=60&endmonth=9&endday=17&endyear=2019&endhour=21&endminute=13&go=Disable+now&month=9&day=17&year=2019&hour=21&minute=13'
> 99879 2019-09-17 21:13:44.381480 CSP return is 
> Content-Security-Policy: script-src 'self' 'unsafe-inline'; 
> connect-src 'self'; form-action 'self'; sandbox allow-forms 
> allow-scripts allow-same-origin allow-modals allow-popups;
> X-Content-Security-Policy: script-src 'self' 'unsafe-inline'; 
> connect-src 'self'; form-action 'self'; sandbox allow-forms 
> allow-scripts allow-same-origin allow-modals allow-popups;
> X-Webkit-CSP: script-src 'self' 'unsafe-inline'; connect-src 'self'; 
> form-action 'self'; sandbox allow-forms allow-scripts 
> allow-same-origin allow-modals allow-popups;
> 99879 2019-09-17 21:13:44.381511  - checking if referer is OK 
> (http_referer: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_xy
> mon-2Dseccgi_enadis.sh&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Irw
> NKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NM
> Jtuq&m=ZUUgPRbrRXrf6v9iK_IYMgdM6skatcaFWp9MfwwoR6A&s=Ca_BDatt9fV_6-hnE
> rKzruPVe3Arga8WJdTolYDibMU&e= , http_host: our.domain.com, 
> xymonwebhost: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&d=
> DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-Ab
> gJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=ZUUgPRbrRXrf6v9iK_
> IYMgdM6skatcaFWp9MfwwoR6A&s=1PkWq1uFfsXaAP-oHT24OhAovO3g-jsYt3IfNjPfJB
> o&e= , checkstr: /xymon-seccgi/enadis
> 99879 2019-09-17 21:13:44.381597 Trying header/footer file '/home/xymon/server/web/maintact_header'
> 99879 2019-09-17 21:13:44.381724 Opening file 
> /home/xymon/server/etc/xymonmenu.cfg
> 99879 2019-09-17 21:13:44.381891 Action = disable
> 99879 2019-09-17 21:13:44.381902 Tests = 99879 2019-09-17 
> 21:13:44.381911 Duration = 1, scale = 60
> 99879 2019-09-17 21:13:44.381919 Cause = test disable
> 99879 2019-09-17 21:13:44.381939 Trying header/footer file '/home/xymon/server/web/maintact_footer'
>
> Thanks,
> John
>
> -----Original Message-----
> From: Japheth Cleaver <cleaver at terabithia.org>
> Sent: Tuesday, September 17, 2019 12:41 PM
> To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; 
> xymon at xymon.com
> Subject: Re: [External] Re: [Xymon] can I put enadis into debug mode?
>
> Based on the connectivity information below, it looks like the message (or at least A message) is making back into xymond OK.
>
> Can you send -USR2 to xymond and hit it again? Were there any changes to your '--admin-senders' option concurrently?
>
> -jc
>
> On 9/16/2019 5:31 PM, Rothlisberger, John R. wrote:
>> Any ideas?  This causing us issues because we are unable to acknowledge or disable alerts from the webpapge.
>>
>> Thanks,
>> John
>>
>> -----Original Message-----
>> From: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>
>> Sent: Friday, September 13, 2019 4:54 PM
>> To: Japheth Cleaver <cleaver at terabithia.org>; rene at vermare.net; 
>> xymon at xymon.com
>> Subject: RE: [External] Re: [Xymon] can I put enadis into debug mode?
>>
>> I was able to set HTTP_HOST within cgioptions.cfg:
>>
>> And now, it appears as though enadis works - but its not disabling the test...
>> Cgioptions.cfg:
>> HTTP_HOST=aoc.accenture.com
>>
>> 11428 2019-09-13 22:43:31.789838 Opening file 
>> /home/xymon/server/etc/xymonmenu.cfg
>> 11428 2019-09-13 22:43:31.793320 Trying header/footer file '/home/xymon/server/web/maint_footer'
>> 11479 2019-09-13 22:43:45.424949 CGI: Request method='POST', data='hostname=serverA&disabletest=lupdate&hostpattern=serverA&pagepattern=&ippattern=&classpattern=&cause=test+disable&go2=Disable+for&duration=4&scale=60&endmonth=9&endday=13&endyear=2019&endhour=22&endminute=43&go=Disable+now&month=9&day=13&year=2019&hour=22&minute=43'
>> 11479 2019-09-13 22:43:45.425092 CSP return is
>> Content-Security-Policy: script-src 'self' 'unsafe-inline'; 
>> connect-src 'self'; form-action 'self'; sandbox allow-forms 
>> allow-scripts allow-same-origin allow-modals allow-popups;
>> X-Content-Security-Policy: script-src 'self' 'unsafe-inline'; 
>> connect-src 'self'; form-action 'self'; sandbox allow-forms 
>> allow-scripts allow-same-origin allow-modals allow-popups;
>> X-Webkit-CSP: script-src 'self' 'unsafe-inline'; connect-src 'self'; 
>> form-action 'self'; sandbox allow-forms allow-scripts 
>> allow-same-origin allow-modals allow-popups;
>> 11479 2019-09-13 22:43:45.425124  - checking if referer is OK
>> (http_referer:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_x
>> y 
>> mon-2Dseccgi_enadis.sh&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Ir
>> w 
>> NKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0N
>> M 
>> Jtuq&m=hUp7xV6fRA2n12I55P6JyeCMauvA190vp8c5SkV-sNE&s=d4ROtciks3XZkuyj
>> q Lv1pL1srjNjhp2WASy5jFUDRJo&e= , http_host: our.domain.com,
>> xymonwebhost:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&d
>> = 
>> DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-A
>> b 
>> gJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=hUp7xV6fRA2n12I55
>> P 
>> 6JyeCMauvA190vp8c5SkV-sNE&s=1dukM_LrvEB24reV8YMIm6JDvfrBojPwjn3kI6zoH
>> T o&e= , checkstr: /xymon-seccgi/enadis
>> 11479 2019-09-13 22:43:45.425212 Trying header/footer file '/home/xymon/server/web/maintact_header'
>> 11479 2019-09-13 22:43:45.425354 Opening file 
>> /home/xymon/server/etc/xymonmenu.cfg
>> 11479 2019-09-13 22:43:45.425549 Action = disable
>> 11479 2019-09-13 22:43:45.425564 Tests = 11479 2019-09-13
>> 22:43:45.425574 Duration = 4, scale = 60
>> 11479 2019-09-13 22:43:45.425582 Cause = test disable
>> 11479 2019-09-13 22:43:45.425608 Trying header/footer file '/home/xymon/server/web/maintact_footer'
>> 11482 2019-09-13 22:43:49.112970 CGI: Request method='GET', data=''
>> 11482 2019-09-13 22:43:49.113120 Transport setup is:
>> 11482 2019-09-13 22:43:49.113138 xymondportnumber = 1984
>> 11482 2019-09-13 22:43:49.113147 xymonproxyhost = NONE
>> 11482 2019-09-13 22:43:49.113156 xymonproxyport = 0
>> 11482 2019-09-13 22:43:49.113164 Recipient listed as '127.0.0.1'
>> 11482 2019-09-13 22:43:49.113173 Standard protocol on port 1984
>> 11482 2019-09-13 22:43:49.113194 Will connect to address 127.0.0.1 
>> port 1984
>> 11482 2019-09-13 22:43:49.113328 Connect status is 0
>> 11482 2019-09-13 22:43:49.113373 Sent 16 bytes
>>
>> Unbuntu 16.04LTS
>> Xymon 4.3.30
>>
>> Thanks,
>> John
>>
>> -----Original Message-----
>> From: Japheth Cleaver <cleaver at terabithia.org>
>> Sent: Thursday, September 12, 2019 5:45 PM
>> To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>;
>> rene at vermare.net
>> Cc: xymon at xymon.com
>> Subject: Re: [External] Re: [Xymon] can I put enadis into debug mode?
>>
>> This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
>>
>> On 9/12/2019 2:58 PM, Rothlisberger, John R. wrote:
>>
>>> That worked for debugging - can at least see where the error is coming from:
>>> 76996 2019-09-12 22:42:29.566819  - checking if referer is OK
>>> (http_referer:
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_
>>> x 
>>> ymon-2Dseccgi_enadis.sh&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8
>>> I 
>>> rwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6
>>> k 
>>> 0NMJtuq&m=bRahvPMUFYb204VPoQl7be5NB_ddal_nzGb2JBHaABg&s=HpwRnnzanaIW
>>> U LrjFb04HysWuBn92I2_d7Ms7pmSiK8&e= , http_host: 10.20.30.40,
>>> xymonwebhost:
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&
>>> d
>>> =DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN
>>> - 
>>> AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=bRahvPMUFYb204
>>> V 
>>> PoQl7be5NB_ddal_nzGb2JBHaABg&s=ik1nvxSgFr0cOhbiWRUQbpQ8u_Vq7hDK4hnke
>>> a MqQsE&e= , checkstr: /xymon-seccgi/enadis
>>> 76996 2019-09-12 22:42:29.566832 Disallowed request due to 
>>> unexpected referer 'our.domain.com/xymon-seccgi/enadis.sh', wanted '10.20.30.40/xymon-seccgi/enadis' (originally '/xymon-seccgi/enadis') http_host is the IP of the Xymon server - but not the same as the URL used for our system (we have several and use a reverse proxy to get to all of them).
>>> Without taking too many wild guesses at which setting defines http_host (can't find it in man pages) - how do I change that?
>>
>> HTTP_HOST is actually going to be set by the client. However the 
>> check
>>
>> can be overridden by setting $XYMONSERVERWWWNAME (technically
>>
>> $XYMONWEBHOST is what's used) in xymonserver.cfg to what you're
>>
>> expecting the client to be using.
>>
>>
>>
>> Depending on current .cfg settings, something may be specifying the
>>
>> basic IP there.
>>
>>
>>
>> HTH,
>>
>>
>>
>> -jc
>>
>>
>>
>>
>> ________________________________
>>
>> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
>> _____________________________________________________________________
>> _
>> ________________
>>
>> http://www.accenture.com
>



More information about the Xymon mailing list