Solved

Nagios monitoring https site.

Posted on 2009-05-19
36
3,599 Views
Last Modified: 2012-05-07
I need to have nagios login to a website (https) which generates a session key.  How can I do this?  
0
Comment
Question by:THEROMPSTER2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 10
  • 6
  • +2
36 Comments
 
LVL 23

Expert Comment

by:Maciej S
ID: 24426387
Did you try "check_http -S -a username:password"?
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426451
but its https, with a session id.  Im trying to get it to that it mimics a person actually at the computer entering their logins in and making sure it comes back with a response.
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24426547
-S is for SSL.
If you want to check for returned answer, you may also use "-s" option to check if given string is included in answer (-s "some string"). Check also -r and -R options (similar to -s, but they are for regex case sensitive/insensitive).
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24426564
Oklit has given the right syntax it simulates same as user interaction. This is the easiest way of doing it.
But if you want kind of SOAP request sent then it requires some kind of Java knowledge.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426603
I tried that but it gave me this :

 /usr/local/nagios/libexec/check_http -S -H https://secure.website.com -a test:crappy1

CRITICAL - Socket timeout after 10 seconds

but im able to login to it as normal.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24426653
I see the username field is expected to be email address, Please check your website link you provided
https://secure.website.com 
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24426661
Remove "https://" part. Just "secure.website.com". Make sure, that you are able to connect to this ssl website from your nagios host.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426671
i just blanked out the website name.  That is not the actual url.  The username and password is not an email address, just a user name and password on a secure site.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426719
this is what i get when i try that string :

[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H 192.168.0.221 -a test:crappy1

HTTP CRITICAL - No data received from host
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24426727
Ops! but I could get some site when i click on the url! sorry its my mistake. Did you try oklit last suggestion.
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24426739
What is the way you are authenticating to your website? Is it server side authentication, or some form with user/password fields (as on this secure.website.com site)?
If server side - use -a option, as written above.
If you are using some form, -a is useless. Use -P instead (-P "loginFieldName=yourUserName&passwordFieldName=yourPassword").
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426786
Just tried that actually got this error :


[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H 192.168.0.221 -P "P101_USERNAME=test&P101_PASSWORD=crappy1"
HTTP CRITICAL - No data received from host
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24426833
-H hostname. Not ip address.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426970
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com      

no difference
0
 

Author Comment

by:THEROMPSTER2000
ID: 24426995
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -p 443 -H libertywirelessdealers.com

HTTP OK HTTP/1.1 200 OK - 1772 bytes in 0.643 seconds |time=0.642660s;;;0.000000 size=1772B;;;0

[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -p 443 -H secure.qualution.com

HTTP CRITICAL - No data received from host

it seems as though it is not checking ssl but port 80??
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24427105
-S by default checks on 443 its surprise in this case.
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24427130
It's not port issue in my opinion. I tried to connect to this website (secure.qualution.com) with openssl s_client, and got just SSL certificate as an answer - no body at all. I don't know what is the reason for this. Yet ;) I'll try to look at it a little bit closer - I just need some time.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24427136
hi secure.qualution.com is not configured with ssl even when you send request to ssl it directed to 80
So remove -S option and try
/usr/local/nagios/libexec/check_http -H secure.website.com -a test:crappy1

Open in new window

0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24427148
I get the response with and without -S options.
[/usr/lib64/nagios/plugins]# ./check_http -S -H secure.website.com
HTTP OK HTTP/1.1 200 OK - 31994 bytes in 0.223 seconds |time=0.222599s;;;0.000000 size=31994B;;;0
[/usr/lib64/nagios/plugins]# ./check_http -H secure.website.com
HTTP OK HTTP/1.1 200 OK - 31984 bytes in 0.166 seconds |time=0.166074s;;;0.000000 size=31984B;;;0

Open in new window

0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24427183
secure.website.com was just an example :)
As far as I understand, correct address is secure.qualution.com.
Little 'investigation' shows, that it accepts SSLv3 only - that's the reason of your errors. I just can't find any information about SSLv3 issue in check_http plugin.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427216
it wont work from an external area.  It is a private address.  when you go to it out of the network you get the one on port 80, which is why you are getting these mresponses.  But when i do it i cannot reach port 80- and CAN reach port 443 but not wit nagios.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427229
those aren't the reasons.  Secure.qualution.com is an internal site for testing here.  
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427237
ive also tried the same exact command on a website that IS public.   https://mylibertywireless.com
try that one and see how it does the exact same thing.
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24427251
So, if we cannot check this particular website, try running this commands:
1. check_http -S -H your.website.name.not.ip -P "usernameFieldName=username&passwordFieldName=pass" -v
2. openssl s_client -connect your.website.name:443
after connecting you should get certificate dump. Then enter this:
GET / HTTP/1.0
Hit enter once, or twice.

Paste output of both these commands.

What webserver are you using? What kind of authentication you are using (server-side, or some form based)?
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24427283
Hm.. secure.qualution.com IS reachable externally.
Anyway - I checked https://mylibertywireless.com, and I see the same issue.
Checked this with curl - doesn't work by default, but if I force curl to use SSLv3 it gives mi website.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427346
1)[root@localhost libexec]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com -P "P101_USERNAME=test&P101_PASSWORD=crappy1" -v
POST / HTTP/1.0
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Connection: close
Host: secure.qualution.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 40

P101_USERNAME=test&P101_PASSWORD=crappy1

HTTP CRITICAL - No data received from host


2) [root@localhost libexec]# openssl s_client -connect secure.qualution:443
getaddrinfo: Name or service not known
connect:errno=2




im using tomcat, form based, here is a screenshot.....
Screenshot.png
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427366
sorry wrong screenshot, but it just says username and password to login.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427481
it IS reachable but its not the right site......it goes to our generic homepage.  Doing in house, makes it go to a different login screen.  Also when you tried the other website, you said it still didn't work correct?  that means that check_http -S does not work!?  is this correct??
0
 
LVL 23

Expert Comment

by:Maciej S
ID: 24427680
Yupp. It looks, that there is something wrong with check_http over SSL in _this_ case (we checked the same application all the time, right?).
I found something via google, saying, that there is (or was) some problem with check_http over SSL for checking tomcat application, but this post was from 2006, so quite old.
0
 

Author Comment

by:THEROMPSTER2000
ID: 24427705
so what can i do?
0
 
LVL 9

Expert Comment

by:svs
ID: 24436636
It doesn't like the POST request.  Does this work?

/usr/local/nagios/libexec/check_http -S -H secure.qualution.com -v
0
 

Author Comment

by:THEROMPSTER2000
ID: 24436868
[root@localhost objects]# /usr/local/nagios/libexec/check_http -S -H secure.qualution.com -v
GET / HTTP/1.0
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Connection: close
Host: secure.qualution.com


HTTP CRITICAL - No data received from host

thats what it says
0
 

Author Comment

by:THEROMPSTER2000
ID: 24503459
anyone?
0
 
LVL 10

Expert Comment

by:elf_bin
ID: 24792077
Hi,

Are you mandating client side SSL certificates from your webserver (it is an optional part of the spec)?
I also note that the network path to the host was wrong, as in:
"openssl s_client -connect secure.qualution:443
getaddrinfo: Name or service not known
connect:errno=2"
Try that again, this time using the correct host-name  (so something like openssl s_client -connect secure.qualution.com:443) & provide the output of that.
When you compiled check_http, did you link in the OpenSSL libraries and so on?
Also, does tomcat actually redirect the connect stream (and you'd have to tell nagios to follow that redirection).
There's a FAQ about monitoring nagios here: http://support.nagios.com/knowledge-base/faq/index.php?option=com_content&view=article&id=52&catid=35&faq_id=310&expand=false&showdesc=true
You could use either wget or curl to retrieve pages and return a warning level (critical, warning or okay).

Hope this helps.
0
 

Accepted Solution

by:
THEROMPSTER2000 earned 0 total points
ID: 24795703
I dont understand, i didnt compile check_http, i just instaleld nagios and it was already there.
0
 
LVL 10

Expert Comment

by:elf_bin
ID: 24801311
How did you install it then?
The plugins are a separate thing to nagios.  Nagios is the engine, the plugins perform tasks for the engine.  When the plugins executes and you require SSL facilities, the plugins will call upon OpenSSL libraries to provide the necessary SSL bits.  
So once again:
Are you mandating client side SSL certificates from your webserver?
Try using the correct host-name to the OpenSSL "client" (so something like openssl s_client -connect secure.qualution.com:443) & provide the output of that.
Check you have all the required SSL libraries.
Does tomcat actually redirect the connect stream?
And if all this fails (for some reason), you could use curl or wget.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question