Hello:
We use Nagios XI 5.4.13 on RHEL 6.x. Having no issues with Nagios XI or server.
We monitor an externally-hosted website, HTTPS://<website name>/<page>/<to>/<monitor>
and the host decided to turn off port 80, which is now causing an error:
connect to address <website name> and port 80: Connection refused
HTTP CRITICAL - Unable to open TCP socket
I have deleted the monitoring checks for the website and page (Host and Service) in Nagios Xi and tried adding the check back in using the Website URL wizard. The URL contains HTTPS, URL Option is configured to use SSL with port 443, but the error still appears.
How can I get the Host check to not fail and correctly check on port 443?
connect to address <website name.external.domain> refused
Re: connect to address <website name.external.domain> refuse
Can you show us the actual command that you are currently using, run from the command line along with the output of it?
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: connect to address <website name.external.domain> refuse
When I used the Website URL Wizard, I entered the following (the Wizard initially provides "http://" and I change it by adding an "s" - "https://):
https://<hostname FQDN>/<parent path>/<child path>/<sub-child path>/, so for example:
https://sitename.wisconsin.com/parent/e ... epartment/
The Wizard identifies the following (for example):
Host Name: sitename.wisconsin.com
Service Name Prefix: "_parent_employee_department_" (without the quotes)
IP Address: <-- the Wizard uses a DNS lookup and adds this correctly.
URL Options
I select "Use SSL: Monitor the URL using SSL/HTTPS."
Port: 443 <-- this is the default
URL Services
I select "URL Status"
I configure the monitoring settings, groups, etc. as needed.
Nagios identifies the following: Configure - Core Config Manager - Monitoring - Services
sitename.wisconsin.com/parent/employee/department/
Common Settings tab:
Config Name: sitename.wisconsin.com
Description: "_parent_employee_department_ URL Status" (without the quotes)
Check command: check_xi_service_http <---- I think this is the culprit of why the Host check fails.
Command view: $USER1$/check_http -H $HOSTADDRESS$ $ARG1$
$ARG1$: " -f ok -I <HOST_IP> -u "/parent/employee/department/" -S -p 443 -a "<user>:<pass>""
https://<hostname FQDN>/<parent path>/<child path>/<sub-child path>/, so for example:
https://sitename.wisconsin.com/parent/e ... epartment/
The Wizard identifies the following (for example):
Host Name: sitename.wisconsin.com
Service Name Prefix: "_parent_employee_department_" (without the quotes)
IP Address: <-- the Wizard uses a DNS lookup and adds this correctly.
URL Options
I select "Use SSL: Monitor the URL using SSL/HTTPS."
Port: 443 <-- this is the default
URL Services
I select "URL Status"
I configure the monitoring settings, groups, etc. as needed.
Nagios identifies the following: Configure - Core Config Manager - Monitoring - Services
sitename.wisconsin.com/parent/employee/department/
Common Settings tab:
Config Name: sitename.wisconsin.com
Description: "_parent_employee_department_ URL Status" (without the quotes)
Check command: check_xi_service_http <---- I think this is the culprit of why the Host check fails.
Command view: $USER1$/check_http -H $HOSTADDRESS$ $ARG1$
$ARG1$: " -f ok -I <HOST_IP> -u "/parent/employee/department/" -S -p 443 -a "<user>:<pass>""
Newbie '14
Re: connect to address <website name.external.domain> refuse
You didn't show us the actual command, run from the command line along with the output of it as requested.
Note: you can view the command by going to the CCM > Services > <your service> > Common Settings tab > Run Check Command.
Please hide sensitive info!
Just to rule out a firewall issue, run the following command and show the output:
Example:
Note: you can view the command by going to the CCM > Services > <your service> > Common Settings tab > Run Check Command.
Please hide sensitive info!
Just to rule out a firewall issue, run the following command and show the output:
Code: Select all
nmap <URL to your website> -p 443Code: Select all
nmap www.amazon.com -p 443
Starting Nmap 6.47 ( http://nmap.org ) at 2018-08-01 13:16 CDT
Nmap scan report for www.amazon.com (54.230.55.208)
Host is up (0.0040s latency).
rDNS record for 54.230.55.208: server-54-230-55-208.jfk6.r.cloudfront.net
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.10 secondsBe sure to check out our Knowledgebase for helpful articles and solutions!
Re: connect to address <website name.external.domain> refuse
Run check command:
/usr/local/nagios/libexec/check_http -H <FQDN Hostname> -f ok -I <Hostname IP> -u '/<parent_folder>/<child folder>/<sub-folder>/' -S -p 443
HTTP OK: HTTP/1.1 302 Moved Temporarily - 735 bytes in 0.056 second response time |time=0.055935s;;;0.000000 size=735B;;;0
NMAP command:
Starting Nmap 6.47 ( http://nmap.org ) at 2018-08-01 16:17 CDT
Nmap scan report for <FQDN Hostname> (<Hostname IP>)
Host is up (0.00028s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
Running NMAP and using port 80:
Host is up (0.00029s latency).
PORT STATE SERVICE
80/tcp closed http
The problem is that the Host is red (critical) but the service is green (ok). Service checks via port 443, the Host must be checked via port 80 (snapshot attached).
The external Host Admin shutoff port 80 on their server this morning, Wed. Aug. 1, 2018.
/usr/local/nagios/libexec/check_http -H <FQDN Hostname> -f ok -I <Hostname IP> -u '/<parent_folder>/<child folder>/<sub-folder>/' -S -p 443
HTTP OK: HTTP/1.1 302 Moved Temporarily - 735 bytes in 0.056 second response time |time=0.055935s;;;0.000000 size=735B;;;0
NMAP command:
Starting Nmap 6.47 ( http://nmap.org ) at 2018-08-01 16:17 CDT
Nmap scan report for <FQDN Hostname> (<Hostname IP>)
Host is up (0.00028s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
Running NMAP and using port 80:
Host is up (0.00029s latency).
PORT STATE SERVICE
80/tcp closed http
The problem is that the Host is red (critical) but the service is green (ok). Service checks via port 443, the Host must be checked via port 80 (snapshot attached).
The external Host Admin shutoff port 80 on their server this morning, Wed. Aug. 1, 2018.
You do not have the required permissions to view the files attached to this post.
Newbie '14
Re: connect to address <website name.external.domain> refuse
Oh, I see. In this case, you could change your host's check command. It currently uses check_http from a template. You can change that in the CCM. Go to CCM > Hosts > <your host>. Under the "Common Settings" tab, select "check_tcp" from the "Check command" drop-down menu, type 443 in the $ARG1$ field, click on Save and Apply Configuration.
Example: You know that port 443 is open, and you could use check_tcp to monitor it, and report OK when the check succeeds.
Let us know if this workaround worked for you.
Example: You know that port 443 is open, and you could use check_tcp to monitor it, and report OK when the check succeeds.
Let us know if this workaround worked for you.
You do not have the required permissions to view the files attached to this post.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: connect to address <website name.external.domain> refuse
Your solution worked perfectly!
Thank you!
The Wizard uses one check, but due to circumstances we needed to modify/change/update the check that the Wizard uses. Perhaps a Wizard modification selection change??
Thanks, again, for your assistance!
You may freeze this post.
Thank you!
The Wizard uses one check, but due to circumstances we needed to modify/change/update the check that the Wizard uses. Perhaps a Wizard modification selection change??
Thanks, again, for your assistance!
You may freeze this post.
Newbie '14
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: connect to address <website name.external.domain> refuse
Great!
Locking
Locking