Monitor HTTPS site - Response Connection Refused

heritages · Post by **heritages** » Tue Aug 12, 2014 10:12 am

Hello,
I'm having troubles monitoring an internal HTTPS site. This site is used by WebMethods B2B server to validate the internal path connectivity from a DMZ to an internal server cluster. Example of the URL is https://server.domain.com:1250/invoke/wm.server/ping. When the test is successful it will resolve the date and time. E.G. "date Tue Aug 12 10:24:48 EDT 2014"

I've attempted to setup a website monitor and receive the response "connect to address 172.20.2.11 and port 1250: Connection refused"

Config used...
Host Name: server.domain.com
Check command: check_xi_service_http
$ARG$: -f ok -I ###.###.###.### -u "/invoke/wm.server/ping" -S -p 1250

What I would like to accomplish is for Nagios to monitor the URL and tell me when it doesn't respond with the date.

Thanks

heritages · Post by **heritages** » Tue Aug 12, 2014 10:33 am

Possibly need a firewall rule to get in the DMZ. Waiting for network team to config.

abrist · Post by **abrist** » Tue Aug 12, 2014 10:48 am

Yeah, I would say that this definitely looks like a port forward/firewall issue.

heritages · Post by **heritages** » Tue Aug 12, 2014 12:09 pm

Corrected the firewall issue and now presented with a message "CRITICAL - Cannot make SSL connection."

Not sure where to go from here

heritages · Post by **heritages** » Tue Aug 12, 2014 12:10 pm

When I navigated to the URL from my browser I had to install the certificate before I was able to connect without issue. Is there a way to do the same for Nagios?

abrist · Post by **abrist** » Tue Aug 12, 2014 4:22 pm

You can specify a cert file with check_http:
http://nagios-plugins.org/doc/man/check_http.html

heritages · Post by **heritages** » Wed Aug 13, 2014 8:14 am

Am i supposed to save the certificate locally on the Nagios VM? If so where would you suggest?

tmcdonald · Post by **tmcdonald** » Wed Aug 13, 2014 9:14 am

For simplicity's sake, the libexec directory with the rest of your plugins should ensure that check_http can see it.

Security-wise, that depends on your company policy but really a public cert shouldn't need to be hidden too well.

heritages · Post by **heritages** » Wed Aug 13, 2014 9:49 am

Ok made some progress. I noticed that the error previously was referring to "alert handshake failure"
Added --ssl=3 to the argument and now works.

-f ok -u "/invoke/wm.server/ping" -S --ssl=3 -p 1250

Next I want to validate that when the page is checked that the pages response would have "date" in it. I attempted to use the <-R "Date"> option to which I would have expected to fail due to a case issue but it passed. The website response to has the word "date" all lowercase on it.

COMMAND: /usr/local/nagios/libexec/check_http -H server.domain.com -R "Date" -f ok -I 172.20.2.15 -u "/invoke/wm.server/ping" -S --ssl=3 -p 1243
OUTPUT: HTTP OK: HTTP/1.1 200 OK - 327 bytes in 0.174 second response time |time=0.174383s;;;0.000000 size=327B;;;0

Any idea why this is not reporting an error?

tmcdonald · Post by **tmcdonald** » Wed Aug 13, 2014 9:58 am

Try "-s" instead of "-R".

Nagios Support Forum

Monitor HTTPS site - Response Connection Refused

Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused

Re: Monitor HTTPS site - Response Connection Refused