[Xymon] How to test remote ports

Christoph Zechner zechner at vrvis.at
Thu Jan 19 06:57:40 CET 2023 

Hi,

On 18/01/2023 23:52, Jeremy Laidman wrote:
> I would try *:80 as Josh suggested. It might not be exactly what you 
> want, but it might help to narrow down where the problem is.

this would not work, because port 80 does not show up on the xymon 
server, it is a remote (Windows) machine.


> 
> What scenario are you trying to alert on? Are you trying to detect when 
> there's an established outgoing connection from the monitored host to 
> one specific other host?

I want to get an alert, if port 80 (in this example) went down for any 
reason on the remote machine, just like I can monitor a port on my xymon 
server. This Windows machine is the endpoint of an ipsec tunnel and I 
want to monitor its open ports.

> 
> I tend to use regular expressions, perhaps because of the examples in 
> analysis.cfg.
> 
> In case it helps, here's an example that works for me, albeit from the 
> analysis.cfg file (I don't use client mode anywhere):
> 
> PORT "REMOTE=%([.:]179)$" state=ESTABLISHED min=0 max=4 color=yellow 
> "TEXT=bgp connections out (TCP/179)"

Thanks for the example, but the thing is, I do not have an established 
connection to the remote port, I just want to check if its present or 
not. :-/

Cheers
Christoph

> 
> I don't believe the quotes around "REMOTE=..." are important - it's just 
> how I tend to use regular expressions.
> 
> J
> 
> On Thu, 19 Jan 2023 at 07:43, Josh Luthman <josh at imaginenetworksllc.com 
> <mailto:josh at imaginenetworksllc.com>> wrote:
> 
>     Is 1.2.3.4 your Xymon server or the host IP?  The 1.2.3.4 in your
>     example is the local addr that it would request from.  If you don't
>     care, you could use *:80.
> 
>     https://xymon.com/help/manpages/man5/analysis.cfg.5.html
>     <https://xymon.com/help/manpages/man5/analysis.cfg.5.html>
> 
>     On Tue, Jan 17, 2023 at 5:52 PM Christoph Zechner <zechner at vrvis.at
>     <mailto:zechner at vrvis.at>> wrote:
> 
>         Hi,
> 
>         I've been trying to establish a remote port check, but cannot
>         get it to
>         work. After reading the man pages and the corresponding topics
>         on the
>         mailing list, I've configured a test like this:
> 
>         PORT REMOTE=1.2.3.4:80 <http://1.2.3.4:80>
> 
>         but the remote port always comes back as down, even though it is
>         up. Am
>         I doing something wrong? Local port checks all work perfectly,
>         only the
>         remote ones do not.
> 
>         Am I doing something wrong here?
> 
>         Context: I am using local mode on all clients, so I'm putting
>         all my
>         checks in /etc/xymon/localclient.cfg, but this should not effect
>         this
>         check, right?
> 
>         Thanks in advance!
> 
>         Best regards
>         Christoph Zechner
>         _______________________________________________
>         Xymon mailing list
>         Xymon at xymon.com <mailto:Xymon at xymon.com>
>         http://lists.xymon.com/mailman/listinfo/xymon
>         <http://lists.xymon.com/mailman/listinfo/xymon>
> 
>     _______________________________________________
>     Xymon mailing list
>     Xymon at xymon.com <mailto:Xymon at xymon.com>
>     http://lists.xymon.com/mailman/listinfo/xymon
>     <http://lists.xymon.com/mailman/listinfo/xymon>
>

More information about the Xymon mailing list