HydraFerret report back to xymon

A Blog of Random Tivial Things


Introduction

HydraFerret can be configured to report back to a xymon server in 3 ways:

Configuration

xyserver [<DNS-name>|<IP-Address>|<URL>|none [port-number]]
    Define the xymon server and port. Port 1984 used if not explicitly defined
    If using a URL, the port number is ignored and standrad http/s ports are used.

xysecret [some-string]
    Configure a "secret" to send with http/s data
    Ignored when using native xymon protocol

cert [xymon <fileName>]
    Certificate file to use if using https for transfers

For managing certificate files:
write <filename>
    Write the contents of the file

read <filename>
    Read the contents of the file

del <filename>
    Delete a file

dir
    Directory listing of file system

Using http/s to receive xymon data

Http/s is not natively supported by xymon. To make use of these protocols a CGI script is added to the pages served by the web server. This may have a separate virtual host in the web server. An example of such a script is shown below. Note HydraFerret packs data into 2 fields, "e;xymondata" and "xysecret". The first field holds the data while the second field may contain some arbitrary string of up to 80 characters. The value of the string may act as a password or some other data handling instruction or simply be omitted.

If using http://myserver.org/xymondata/submit.php to receive data, /var/www/html/xymondata/submit.php might hold:

<php
// forward data to the following server
$address = '192.168.1.10';
$port = 1984;

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // Uncomment next two lines if using this secret
  // if (strcmp($_POST['xysecret'],"cfec75ca-c374-4634-8f40-9433d4273752") == 0) {
    // collect value of input field
    $xymondata = $_POST['xymondata'];
    if (empty($xymondata)) {
      echo "No data received!";
    } else {
      $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
      if ($socket === false)  {
        echo "socket_create() failed, reason: " . socket_strerror(socket_last_error()) . "\n";
        }
      else {
        $result = socket_connect($socket, $address, $port);
        if ($result === false) {
          echo "socket_connect() failed, reason: " . socket_strerror(socket_last_error($socket)) . "\n";
        }
        else {
          socket_write ($socket, $xymondata, strlen($xymondata));
          echo "OK";
        }
        socket_close ($socket);
      }
    }
  // Uncomment next two lines if using the secret, this terminates the if and gives a "meaningful message".
  // }
  // else echo "Hello possums!";
}
else echo "echo";
?>

The xysecret can be any string of characters, including memorable phrases and easly communicated phrases, such as "ThreeCowsTwoSheepAndAGoat" or something more cryptic. A more cryptic secret will be harder to guess, and if using https will make it harder for someone to spoof messages to your server. Each HydraFerret module reporting back over the http/s connection will need to be configured with the secret. It is a shared secret and all HydraFerrent modules are configure with the same secret as is encoded in the submit.php script. There are a number of ways of generating such a secret at a Linux prompt, eg:

uuidgen
dd if=/dev/urandom count=1 bs=16 2>/dev/null| od -XA n | tr " " "-" | head -1
dd if=/dev/urandom count=2048 2>/dev/null | sha256sum

Each time these commands run they will produce similar looking (in format) but different (in content) messages. Sample outputs from the above may respectively look similar to:

c27cc8f4-e682-4552-9a22-eb57894eca5c
-9133fd14-2afc9f4d-1850cbb5-779982c6
4c73d78f0ae0c94bc396bd24f976cf293edb8cce754bc9ccbbe823c74afbdf16



Thank you for visiting camelthorn.cloudHome