check_http perl script not working with SSL ?

[reinaldo.gomes]

I've been using default check_http for a while and it's been working fine:

./check_http -H myserver.com -u /myfolder/mydll.dll -S

Except for the fact that it's returning critical alarm upon socket timeouts, which causes me some trouble. So I tried to switch to an alternative perl script check_http:

./check_http.pl -H myserver.com -u /myfolder/mydll.dll -s

I got 3 distinct situations:

1 - It works fine with the http pages (without the -s option)
2 - It returns "500 read timeout" when I try to check https pages with TLSv1.0
3 - It returns "500 Server closed connection without sending any data back" when I try to check https pages with TLSv1.2

However, the exact same comand lines work with the default check_http, and also I can open such pages on my browser, by typing -H and -u's content. So I think it's not a typo issue.

Anyone out there successfully using check_http perl script with -s option? What is the main difference between these checks regarding the SSL option, that makes them work differently?

[abrist]

Well, the default check_http plugin with nagios plugins is a c file, not a perl script, so I would presume that your plugin is either very, very old, or in fact not a default nagios_plugins plugin. Could you post a link to this plugin script?

[reinaldo.gomes]

Obviously, I should have posted it before. Sorry about that.

http://exchange.nagios.org/directory/Pl ... pt/details

[abrist]

I just took a look at the script. It is not very robust. Is there a reason why you are using this over the nagios-plugins check_http plugin?

[reinaldo.gomes]

As I stated before, my only issue with the check_http plugin is that it returns Critical state upon socket timeout error. If there was a way to turn it into Unknown state, such as nrpe's -u option or something, I'd be fine with it.

[tmcdonald]

Two suggestions:

1.) Take a look at this: http://stackoverflow.com/questions/7871 ... 10-seconds

2.) Build a wrapper script that exits UNKNOWN if check_http outputs "Socket timeout"

[reinaldo.gomes]

I found a sample on the forum, but I cant test it until thursday:

Code: Select all

#!/bin/bash
HOST=$1
TIMEOUT=$2
COMMAND=$3

OUTPUT=$(/usr/local/nagios/libexec/check_by_ssh -H "$HOST" -t $TIMEOUT -C "$COMMAND")
EXIT=$(echo $?)
if $(echo "$OUTPUT" | grep -q  "CRITICAL - Plugin timed out after");then
    OUTPUT=$(echo "$OUTPUT" | sed 's/CRITICAL/UNKNOWN/g')
    echo "$OUTPUT"
    exit 3
else
    echo "$OUTPUT"
    exit $EXIT
fi

I know I have to make changes according to my needs, but does it replace the Critical state with the Unknown one, while retaining the original message (socket timeout) in the output as it is now?
Also, could this wrapper affect check_http negatively in any way?

[abrist]

As I stated before, my only issue with the check_http plugin is that it returns Critical state upon socket timeout error. If there was a way to turn it into Unknown state, such as nrpe's -u option or something, I'd be fine with it.

There in fact is a branch of the nagios-plugins source on github that includes the ability to set the timeout state in the check, by using new timeout switch syntax:

Code: Select all

./check_http <yada yada yada> -t :unknown

You can find the branch at: https://github.com/nagios-plugins/nagio ... eout_state
More explanation in the commit message at: https://github.com/nagios-plugins/nagio ... 7f1bed42fc

[reinaldo.gomes]

I made some changes to the wrapper and I got it working:

Code: Select all

#!/bin/bash
HOST=$1
URI=$2

OUTPUT=$(/usr/local/nagios/libexec/check_http -H "$HOST" -u "$URI" -s "__OK__" -S)
EXIT=$(echo $?)
if $(echo "$OUTPUT" | grep -q "CRITICAL - Socket timeout after");then
	OUTPUT=$(echo "$OUTPUT" | sed 's/CRITICAL/UNKNOWN/g')
	echo "$OUTPUT"
	exit 3
else
	echo "$OUTPUT"
	exit $EXIT
fi

I tried the GitHub's code, but I couldn't compile it. Gcc shows tens of errors when executed.

[tmcdonald]

Glad to see the wrapper script works. What errors did GCC throw, and what OS and version are you on?