xymon-rclient

Introduction

xymon-rclient is an extension for Xymon that implements a remote client that requires no software to be installed on the remote system. It was developed to allow execution via remote shell type packages such as rsh, rexec, rlogin and ssh. For security reasons, only ssh is recommended.

This script provides a way to monitor servers that are not directly accessible by the Xymon display server, or when software cannot be installed or user accounts cannot be created. As long as you have a way to run a shell on the remote server, you should be able to use xymon-rclient to monitor that server.

Licence

xymon-rclient is hererby released into the public domain. Use it however you need. It'd be nice if you let me know how well it works for you.

Disclaimer: xymon-rclient comes with no warranty. You use this software at your own risk. The software might not work as expected, or at all, and that would be your problem. The software might cause other things to break. If you decide to use it, then you are entirely responsible for anything that happens as a result.

Limitations

Because xymon-rclient it relies only on standard UNIX commands, it does not fully support the "logfetch" binary (normally provided with a Xymon client). Thus log monitoring is only partially supported. In particular, support for "file:" ignores "trigger" and "ignore" modifiers, checksumming, and also sends the whole file rather than just new lines since the last run. Logfile monitoring support is very new, and care should be taken to ensure that it works as expected.

Installation

Download/view v0.6.1 or changelog, or v0.6 or v0.5 or v0.4 or v0.3 or v0.2 or v0.1.

To install and use, follow the instructions in the comments at the start of the script. In brief:

  1. setup non-interactive (eg key) authentication for target hosts
  2. copy script somewhere
  3. create a file in tasks.d/ to launch, or add a section to tasks.cfg
  4. add RCLIENT definitions to hosts.cfg

Example hosts.cfg entries are shown here:

10.99.1.1 remserver1.example.com # testip noping dialup "RCLIENT:cmd(ssh -T otheruser@%{H}),ostype(sunos)"
10.99.1.2 remserver2.example.com # testip noping dialup "RCLIENT:cmd(ssh -T user1@gateway ssh -T -l user1 %{I}),ostype(sunos)"
10.99.1.3 remserver3.example.com # testip noping dialup "RCLIENT:cmd(rsh),ostype(linux),timeout(120)"
10.99.1.4 remserver4.example.com # testip noping dialup "RCLIENT:cmd(ssh -T remserver4.local),ostype(linux),env(TOP=/usr/local/bin/top)"

The format of the RCLIENT specification in hosts.cfg is something like this:

RCLIENT:cmd(command-line),ostype(ostype)[,timeout(seconds)][,scriptos(ostype)][,env(var1=val1[ var2=val2 ...])]

If spaces are used, the entire RCLIENT:... string must be enclosed in quotes.

The cmd() specifies a command-line to execute in order to get a shell on the remote system. The string %{H} is automatically replaced by the target hostname. If a cmd() definition has no spaces, then the hostname will be appended regardless (such as in the "rsh" example above). The string %{I} is automatically replaced by the IP address in hosts.cfg. There is no default cmd() - it must be specified.

The ostype() specifies the OS type, and must match one of the scripts in the client bin directory. For example, specifying ostype(irix) will match (and use) the script xymonclient-irix.sh. There is no default ostype() - it must be specified.

The scriptos() specifies the OS type for the script to be sent. This defaults to the ostype() specification. This is useful if you need to send a customised script, but the OS of the host matches an existing script. Specify only the OS part, so for example, specifying ostype(sunos) and scriptos(sunos7) will report a "sunos" server in the client data but will run the script xymonclient-sunos7.sh.

The default timeout() setting is 60 seconds.

The env() setting is useful to specify environment variables to be given to the client script. This is useful for defining TOP if it's not in the PATH.

Troubleshooting

Although designed to be run from tasks.cfg or tasks.d/*.cfg, you can run it directly from the command-line. Give it -h for instructions.

Multi-hop Connections

Sometimes the target server is not even remotely contactable by hosts that the Xymon server can connect, and requires multiple connections to get to a shell prompt the the server to be monitored. This can be overcome in most cases, depending on the connectivity. Here are some examples that might work for you.
via proxy (requires netcat):
xymon server -[proxy]-> web proxy server -[ssh]-> target server
.ssh/config: ProxyCommand /usr/bin/nc -X connect -x proxyserver:8080 %h %p

via another server with ssh, target private key on intermediate server:
xymon server -[ssh]-> intermediate server -[ssh]-> target server
.ssh/config: ProxyCommand ssh -i .ssh/authkey intermediateservername

via another server with ssh, target private key on Xymon server (requires bash):
xymon server ->[tunnel]->( -[ssh]-> intermediate server -[ssh]->)-[ssh]-> target server
.ssh/config: ProxyCommand ssh -i .ssh/authkey intermediateservername 'exec 3<>/dev/tcp/%h/%p; cat <&3 & cat >&3; kill $!' (requires bash)

It's useful, and sometimes important to specify the following parameters to ssh connections, either in the cmd() command-line specification, or in the .ssh/config file:

  • -T = disable pseudo-terminal allocation
  • BatchMode=yes - prevent ssh from hanging if user input is required (eg key fails and password required)
  • -i ~xymon/.ssh/keyfile (or IdentityFile) - specify authentication key

    Other

    xymon-rclient has been used on a Linux display server to monitor Solaris and Linux nodes and has also been used in various embedded Linux systems.

    Note that (FreeBSD based) FreeNAS appears to run a limited shell by default, which doesn't handle the client script it's given. To work around this, add "/bin/bash" to the command like so:

    cmd(ssh -T -i /home/xymon/.ssh/xymon-rclient root@%{H} /bin/bash),ostype(freebsd)

    Comments, submissions welcome: jeremy+xymonrclient@laidman.org