Solved

Nagios monitoring https site.

Posted on 2009-05-19
36
3,382 Views
Last Modified: 2012-05-07
I need to have nagios login to a website (https) which generates a session key.  How can I do this?  
0
Comment
Question by:THEROMPSTER2000
  • 17
  • 10
  • 6
  • +2
36 Comments
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
Did you try "check_http -S -a username:password"?
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
but its https, with a session id.  Im trying to get it to that it mimics a person actually at the computer entering their logins in and making sure it comes back with a response.
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
-S is for SSL.
If you want to check for returned answer, you may also use "-s" option to check if given string is included in answer (-s "some string"). Check also -r and -R options (similar to -s, but they are for regex case sensitive/insensitive).
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
Oklit has given the right syntax it simulates same as user interaction. This is the easiest way of doing it.
But if you want kind of SOAP request sent then it requires some kind of Java knowledge.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
I tried that but it gave me this :

 /usr/local/nagios/libexec/check_http -S -H https://secure.website.com -a test:crappy1

CRITICAL - Socket timeout after 10 seconds

but im able to login to it as normal.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
I see the username field is expected to be email address, Please check your website link you provided
https://secure.website.com
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
Remove "https://" part. Just "secure.website.com". Make sure, that you are able to connect to this ssl website from your nagios host.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
i just blanked out the website name.  That is not the actual url.  The username and password is not an email address, just a user name and password on a secure site.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
this is what i get when i try that string :

[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H 192.168.0.221 -a test:crappy1

HTTP CRITICAL - No data received from host
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
Ops! but I could get some site when i click on the url! sorry its my mistake. Did you try oklit last suggestion.
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
What is the way you are authenticating to your website? Is it server side authentication, or some form with user/password fields (as on this secure.website.com site)?
If server side - use -a option, as written above.
If you are using some form, -a is useless. Use -P instead (-P "loginFieldName=yourUserName&passwordFieldName=yourPassword").
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
Just tried that actually got this error :


[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H 192.168.0.221 -P "P101_USERNAME=test&P101_PASSWORD=crappy1"
HTTP CRITICAL - No data received from host
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
-H hostname. Not ip address.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com      

no difference
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -p 443 -H libertywirelessdealers.com

HTTP OK HTTP/1.1 200 OK - 1772 bytes in 0.643 seconds |time=0.642660s;;;0.000000 size=1772B;;;0

[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -p 443 -H secure.qualution.com

HTTP CRITICAL - No data received from host

it seems as though it is not checking ssl but port 80??
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
-S by default checks on 443 its surprise in this case.
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
It's not port issue in my opinion. I tried to connect to this website (secure.qualution.com) with openssl s_client, and got just SSL certificate as an answer - no body at all. I don't know what is the reason for this. Yet ;) I'll try to look at it a little bit closer - I just need some time.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
hi secure.qualution.com is not configured with ssl even when you send request to ssl it directed to 80
So remove -S option and try
/usr/local/nagios/libexec/check_http -H secure.website.com -a test:crappy1

Open in new window

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
I get the response with and without -S options.
[/usr/lib64/nagios/plugins]# ./check_http -S -H secure.website.com

HTTP OK HTTP/1.1 200 OK - 31994 bytes in 0.223 seconds |time=0.222599s;;;0.000000 size=31994B;;;0

[/usr/lib64/nagios/plugins]# ./check_http -H secure.website.com

HTTP OK HTTP/1.1 200 OK - 31984 bytes in 0.166 seconds |time=0.166074s;;;0.000000 size=31984B;;;0

Open in new window

0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
secure.website.com was just an example :)
As far as I understand, correct address is secure.qualution.com.
Little 'investigation' shows, that it accepts SSLv3 only - that's the reason of your errors. I just can't find any information about SSLv3 issue in check_http plugin.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
it wont work from an external area.  It is a private address.  when you go to it out of the network you get the one on port 80, which is why you are getting these mresponses.  But when i do it i cannot reach port 80- and CAN reach port 443 but not wit nagios.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
those aren't the reasons.  Secure.qualution.com is an internal site for testing here.  
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
ive also tried the same exact command on a website that IS public.   https://mylibertywireless.com
try that one and see how it does the exact same thing.
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
So, if we cannot check this particular website, try running this commands:
1. check_http -S -H your.website.name.not.ip -P "usernameFieldName=username&passwordFieldName=pass" -v
2. openssl s_client -connect your.website.name:443
after connecting you should get certificate dump. Then enter this:
GET / HTTP/1.0
Hit enter once, or twice.

Paste output of both these commands.

What webserver are you using? What kind of authentication you are using (server-side, or some form based)?
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
Hm.. secure.qualution.com IS reachable externally.
Anyway - I checked https://mylibertywireless.com, and I see the same issue.
Checked this with curl - doesn't work by default, but if I force curl to use SSLv3 it gives mi website.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
1)[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com -P "P101_USERNAME=test&P101_PASSWORD=crappy1" -v
POST / HTTP/1.0
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Connection: close
Host: secure.qualution.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 40

P101_USERNAME=test&P101_PASSWORD=crappy1

HTTP CRITICAL - No data received from host


2) [root@localhost libexec]# openssl s_client -connect secure.qualution:443
getaddrinfo: Name or service not known
connect:errno=2




im using tomcat, form based, here is a screenshot.....
Screenshot.png
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
sorry wrong screenshot, but it just says username and password to login.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
it IS reachable but its not the right site......it goes to our generic homepage.  Doing in house, makes it go to a different login screen.  Also when you tried the other website, you said it still didn't work correct?  that means that check_http -S does not work!?  is this correct??
0
 
LVL 23

Expert Comment

by:Maciej S
Comment Utility
Yupp. It looks, that there is something wrong with check_http over SSL in _this_ case (we checked the same application all the time, right?).
I found something via google, saying, that there is (or was) some problem with check_http over SSL for checking tomcat application, but this post was from 2006, so quite old.
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
so what can i do?
0
 
LVL 9

Expert Comment

by:svs
Comment Utility
It doesn't like the POST request.  Does this work?

/usr/local/nagios/libexec/check_http -S -H secure.qualution.com -v
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com -v
GET / HTTP/1.0
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Connection: close
Host: secure.qualution.com


HTTP CRITICAL - No data received from host

thats what it says
0
 

Author Comment

by:THEROMPSTER2000
Comment Utility
anyone?
0
 
LVL 10

Expert Comment

by:elf_bin
Comment Utility
Hi,

Are you mandating client side SSL certificates from your webserver (it is an optional part of the spec)?
I also note that the network path to the host was wrong, as in:
"openssl s_client -connect secure.qualution:443
getaddrinfo: Name or service not known
connect:errno=2"
Try that again, this time using the correct host-name  (so something like openssl s_client -connect secure.qualution.com:443) & provide the output of that.
When you compiled check_http, did you link in the OpenSSL libraries and so on?
Also, does tomcat actually redirect the connect stream (and you'd have to tell nagios to follow that redirection).
There's a FAQ about monitoring nagios here: http://support.nagios.com/knowledge-base/faq/index.php?option=com_content&view=article&id=52&catid=35&faq_id=310&expand=false&showdesc=true
You could use either wget or curl to retrieve pages and return a warning level (critical, warning or okay).

Hope this helps.
0
 

Accepted Solution

by:
THEROMPSTER2000 earned 0 total points
Comment Utility
I dont understand, i didnt compile check_http, i just instaleld nagios and it was already there.
0
 
LVL 10

Expert Comment

by:elf_bin
Comment Utility
How did you install it then?
The plugins are a separate thing to nagios.  Nagios is the engine, the plugins perform tasks for the engine.  When the plugins executes and you require SSL facilities, the plugins will call upon OpenSSL libraries to provide the necessary SSL bits.  
So once again:
Are you mandating client side SSL certificates from your webserver?
Try using the correct host-name to the OpenSSL "client" (so something like openssl s_client -connect secure.qualution.com:443) & provide the output of that.
Check you have all the required SSL libraries.
Does tomcat actually redirect the connect stream?
And if all this fails (for some reason), you could use curl or wget.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now