Nagios monitoring port 443 (https)

Posted on 2009-04-07
Last Modified: 2012-05-06
I have an Ubuntu 8.04.2 machine that is currently running NagiosVersion 2.0b3, I want to be able to monitor port 443  (https)
Question by:xpandit
  • 3
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
Use plugins called
./check_http with as below by default plugin directory is /usr/local/nagios/plugins/

#./check_http -S -u


./check_http -S -H -p 443

Open in new window


Author Comment

Comment Utility
When I ran the following on terminal /usr/local/nagios/libexec/check_http -S I get the following error check_http: Invalid option - SSL is not available. What can I do to rectify the error?

LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
Following is the usage of the plugin
 check_http -w 5 -c 10 -S -H

 -S, --ssl
   Connect via SSL. Port defaults to 443

#check_http --help

check_http v2008 (nagios-plugins 1.4.12)

Copyright (c) 1999 Ethan Galstad <>

Copyright (c) 1999-2008 Nagios Plugin Development Team


This plugin tests the HTTP service on the specified host. It can test

normal (http) and secure (https) servers, follow redirects, search for

strings and regular expressions, check connection times, and report on

certificate expiration times.

Usage: check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]

       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]

       [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]

       [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]

       [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string]

       [-k string] [-S] [-C <age>] [-T <content-type>]

NOTE: One or both of -H and -I must be specified


 -h, --help

    Print detailed help screen

 -V, --version

    Print version information

 -H, --hostname=ADDRESS

    Host name argument for servers using host headers (virtual host)

    Append a port to include it in the header (eg:

 -I, --IP-address=ADDRESS

    IP address or name (use numeric address if possible to bypass DNS lookup).

 -p, --port=INTEGER

 Port number (default: 80)

 -4, --use-ipv4

    Use IPv4 connection

 -6, --use-ipv6

    Use IPv6 connection

 -S, --ssl

   Connect via SSL. Port defaults to 443

 -C, --certificate=INTEGER

   Minimum number of days a certificate has to be valid. Port defaults to 443

   (when this option is used the url is not checked.)

 -e, --expect=STRING

    String to expect in first (status) line of server response (default: 


    If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)

 -s, --string=STRING

    String to expect in the content

 -u, --url=PATH

    URL to GET or POST (default: /)

 -P, --post=STRING

    URL encoded http POST data

 -N, --no-body

    Don't wait for document body: stop reading after headers.

    (Note that this still does an HTTP GET or POST, not a HEAD.)

 -M, --max-age=SECONDS

    Warn if document is more than SECONDS old. the number can also be of

    the form "10m" for minutes, "10h" for hours, or "10d" for days.

 -T, --content-type=STRING

    specify Content-Type header media type when POSTing

 -l, --linespan

    Allow regex to span newlines (must precede -r or -R)

 -r, --regex, --ereg=STRING

    Search page for regex STRING

 -R, --eregi=STRING

    Search page for case-insensitive regex STRING


    Return CRITICAL if found, OK if not

 -a, --authorization=AUTH_PAIR

    Username:password on sites with basic authentication

 -A, --useragent=STRING

    String to be sent in http header as "User Agent"

 -k, --header=STRING

     Any other tags to be sent in http header. Use multiple times for additional headers

 -L, --link

    Wrap output in HTML link (obsoleted by urlize)

 -f, --onredirect=<ok|warning|critical|follow>

    How to handle redirected pages

 -m, --pagesize=INTEGER<:INTEGER>

    Minimum page size required (bytes) : Maximum page size required (bytes)

 -w, --warning=DOUBLE

    Response time to result in warning status (seconds)

 -c, --critical=DOUBLE

    Response time to result in critical status (seconds)

 -t, --timeout=INTEGER

    Seconds before connection times out (default: 10)

 -v, --verbose

    Show details for command-line debugging (Nagios may truncate output)


 This plugin will attempt to open an HTTP connection with the host.

 Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL

 other errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse

 messages from the host result in STATE_WARNING return values.  If you are

 checking a virtual server that uses 'host headers' you must supply the FQDN

 (fully qualified domain name) as the [host_name] argument.

 This plugin can also check whether an SSL enabled web server is able to

 serve content (optionally within a specified time) or whether the X509 

 certificate is still valid for the specified number of days.


 CHECK CONTENT: check_http -w 5 -c 10 --ssl -H

 When the '' server returns its content within 5 seconds,

 a STATE_OK will be returned. When the server returns its content but exceeds

 the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,

 a STATE_CRITICAL will be returned.

 CHECK CERTIFICATE: check_http -H -C 14

 When the certificate of '' is valid for more than 14 days,

 a STATE_OK is returned. When the certificate is still valid, but for less than

 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when

 the certificate is expired.

Send email to if you have questions

regarding use of this software. To submit patches or suggest improvements,

send email to

Open in new window

LVL 14

Accepted Solution

Deepak Kosaraju earned 400 total points
Comment Utility
Make sure you have openssl package installed.

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap ( Version 1.2 2.      Jpcap( Version 0.6 Prerequisite: 1.      GCC …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now