Hi,
I created a check :
[nagios@nagiosxi.cg.ahp ~]# /usr/local/nagios/libexec/check_tomcat.pl -H xxxxxxxxxx -p 8080 -l xxxxxx -a xxxxxxx -w 25%,10% -c 10%,5%
But when I try to run It, I've got :
CRITICAL: http://xxxxxxxxxxxx:8080/manager/status?XML=true HTTP/1.1 403 Forbidden
From the server I can access Tomcat manager with the url http://localhost:8080/manager/ and using the tomcat user and password (configured in tomcat-users.xml)
Could you please help me ?
Rgds,
Frederic
check_tomcat.pl doesn't work
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_tomcat.pl doesn't work
you may need to put single quotes around the username and password fields if they contain special chars.
Also, can you confirm you can connect to the http://xxxxxxxxxx:8080/manager/ from a remote server (not localhost)?
Also, can you confirm you can connect to the http://xxxxxxxxxx:8080/manager/ from a remote server (not localhost)?
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: check_tomcat.pl doesn't work
Hi,
you may need to put single quotes around the username and password fields if they contain special chars.
=> No special chars, I use the same configuration (without single quote) for another check that works
From the server I can access Tomcat manager with the url http://localhost:8080/manager/ and using the tomcat user and password (configured in tomcat-users.xml)
=> Cannot run the manager from another machine
"403 Access Denied
You are not authorized to view this page.
By default the Manager is only accessible from a browser running on the same machine as Tomcat."
you may need to put single quotes around the username and password fields if they contain special chars.
=> No special chars, I use the same configuration (without single quote) for another check that works
From the server I can access Tomcat manager with the url http://localhost:8080/manager/ and using the tomcat user and password (configured in tomcat-users.xml)
=> Cannot run the manager from another machine
"403 Access Denied
You are not authorized to view this page.
By default the Manager is only accessible from a browser running on the same machine as Tomcat."
Re: check_tomcat.pl doesn't work
If you want to "whitelist" other IP addresses for the Tomcat manager, you need to do so in the manager's config (CATALINA_HOME/conf/Catalina/localhost/manager.xml):
https://www.owasp.org/index.php/Securin ... ger_WebApp
Adding the Nagios XI server's IP address in the manner described in that document should do the trick.
An alternative option -- One that uses a different plugin.
However, if you followed the instructions mentioned in the previous thread by @npolovenko:
https://community.jaspersoft.com/wiki/h ... ng-service
You should be able to use check_jmx to connect to the remote JMX server instead of going through Tomcat's manager:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://www.owasp.org/index.php/Securin ... ger_WebApp
Adding the Nagios XI server's IP address in the manner described in that document should do the trick.
An alternative option -- One that uses a different plugin.
However, if you followed the instructions mentioned in the previous thread by @npolovenko:
https://community.jaspersoft.com/wiki/h ... ng-service
You should be able to use check_jmx to connect to the remote JMX server instead of going through Tomcat's manager:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
npolovenko
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: check_tomcat.pl doesn't work
Frédéric GRANAT, Let us know whether you got this to work.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: check_tomcat.pl doesn't work
Hi,
The directory \tomcat\conf\Catalina\localhost is empty.
Maybe I should create a manager.xml file.
Anyway, I looked at a manager.xml file on another server (the check_tomcat works on it), and manager.xml is the basic file.
So the first solution seems to be not necessary.
I 'm using check_tomcat and not check_jmx so the second solution is not usefull, isn't it ?
Rgds,
Frederic.
The directory \tomcat\conf\Catalina\localhost is empty.
Maybe I should create a manager.xml file.
Anyway, I looked at a manager.xml file on another server (the check_tomcat works on it), and manager.xml is the basic file.
So the first solution seems to be not necessary.
I 'm using check_tomcat and not check_jmx so the second solution is not usefull, isn't it ?
Rgds,
Frederic.
Re: check_tomcat.pl doesn't work
What is the version of tomcap that you are running on the remote machine, 7, 8, 9? I have a few test VMs with tomcat installed on them, where I can try to recreate the issue, and find a workaround. Can you zip up the entire /opt/tomcat directory, and PM me (or anyone on the Nagios support team) the zip file? Remove sensitive info if needed, e.g. passwords, etc.
FYI, I just tested the "check_tomcat.pl" plugin against one of my VMs, running tomcat 9.0.2, and it seemed to work just fine:
I set up this machine some time ago. I remember I had to make some tweaks to make it work, but it's been a while, so I don't remember what I changed. Anyway, I would like to compare your configs to mine, and see if we can get this resolved. Thanks!
FYI, I just tested the "check_tomcat.pl" plugin against one of my VMs, running tomcat 9.0.2, and it seemed to work just fine:
Code: Select all
[root@main-nagios-xi libexec]# ./check_tomcat.pl -H x.x.x.x -p 8080 -l tomcat -a mypassword -w 25%,10% -c 10%,5%
OK: memory in use 30 MiB (839 MiB); threads[http-nio-8080]=1(200);|used=32438488 free=847841064 max=880279552 currentThreadsBusy=1 currentThreadCount=10 maxThreads=200Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: check_tomcat.pl doesn't work
Hi,
What is the version of tomcap that you are running on the remote machine ?
=> Tomcat 8
Can you zip up the entire /opt/tomcat directory
=> The OS is Windows server 2012 R2, please give me the path in that context.
Rgds,
Frederic
What is the version of tomcap that you are running on the remote machine ?
=> Tomcat 8
Can you zip up the entire /opt/tomcat directory
=> The OS is Windows server 2012 R2, please give me the path in that context.
Rgds,
Frederic
Re: check_tomcat.pl doesn't work
The 403 Forbidden message is your Tomcat server telling you that it is blocking the connection and not allowing the Nagios server to connect to it.
There is probably a setting that has to be changed to allow the connections from a remote server.
So check through the Tomcat Manager to see if there is a setting that allows connections to be added beside the localhost entry.
You may have to search the server for one of these files to see if there is a setting to allow remote servers to access the Tomcat Application.
server.xml
web.xml
There is probably a setting that has to be changed to allow the connections from a remote server.
So check through the Tomcat Manager to see if there is a setting that allows connections to be added beside the localhost entry.
You may have to search the server for one of these files to see if there is a setting to allow remote servers to access the Tomcat Application.
server.xml
web.xml
Be sure to check out our Knowledgebase for helpful articles and solutions!