Solved

Can't get Icinga / Nagios SSL expire check to work

Posted on 2011-02-21
5
1,117 Views
Last Modified: 2013-11-18
I have seen the check working on a demo and see it in their man page but can't get it to work.

I have the default command defined.

# 'check_http' command definition
define command{
        command_name    check_http
        command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
        }

I have created the service

define service{
        use                     local-service         ; Name of service template to use
        host_name               host
        service_description     description
            check_command                  check_http! -H www.domain.com -C 30
            }

When I do the check from the command line it works

/usr/local/icinga/libexec$ sudo ./check_http -H www.domain.com -C 30
OK - Certificate will expire on 03/05/2012 23:59.

But in Icinga (Nagios) it just says connection refused.

http://nagiosplugins.org/man/check_http
0
Comment
Question by:ThorinO
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
group0 earned 500 total points
Comment Utility
Your command definition results in a different execution than your CLI tests.  You can either drop "-I $HOSTADDRESS$" from your command definition to match your CLI test, or make sure the host definition that the service belongs to has a valid IP that responds on port 80 (ie. same IP that the FQDN resolves to).
0
 
LVL 10

Author Comment

by:ThorinO
Comment Utility
I use this command to check stuff elsewhere, do you think I should remove the -I, change it to -H, or create a new command for SSL checking?
0
 
LVL 10

Author Comment

by:ThorinO
Comment Utility
I created a check_ssl command and changed it to -H and that fixed the problem. Thank you.

Another question if you don't mind. I am trying to create another check for an external website as follows and it isn't working but works from the command line again.

# 'check_http_external' command definition
define command{
        command_name    check_http_external
        command_line    $USER1$/check_http -H $HOSTADDRESS$ $ARG1$
        }


define service{
        use                     local-service         ; Name of service template to use
        host_name               HOST
        service_description     DESCRIPTION
            check_command                  check_http_external! www.domain.com -u /whatever -w5 -c 10
            }
0
 
LVL 5

Assisted Solution

by:group0
group0 earned 500 total points
Comment Utility
Your effective command resolves to (where x.x.x.x is the value of the address field for the associated host definition):

check_http -H x.x.x.x www.domain.com -u /whatever -w5 -c 10

Which isn't the correct syntax:

Usage: check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]
       [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]
       [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]
       [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string] [-k string]


Try:

# 'check_http_external' command definition
define command{
        command_name    check_http_external
        command_line    $USER1$/check_http $ARG1$
        }


define service{
        use                     local-service         ; Name of service template to use
        host_name               HOST
        service_description     DESCRIPTION
            check_command                  check_http_external! -H www.domain.com -u /whatever -w 5 -c 10
            }
0
 
LVL 10

Author Closing Comment

by:ThorinO
Comment Utility
Awesome, thanks you are the man!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now