Hi,
When I test the following command :
[[email protected] ~]# /usr/local/nagios/libexec/check_apachestatus.pl -H xxxxx -p 80
I've got :
CRITICAL 403 Forbidden
Disabling the firewall on monitored server doesn't solve my problem.
Do you have any idea ?
Frederic
Error with check_apachestatus.pl
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Error with check_apachestatus.pl
Hi Frederic,
Did you enable the Apache status module on the server. If so, please check your configuration file (or upload the file) so you are allowing access by the Nagios XI server. You'll find the file in /etc/httpd/conf/httpd.conf.
Did you enable the Apache status module on the server. If so, please check your configuration file (or upload the file) so you are allowing access by the Nagios XI server. You'll find the file in /etc/httpd/conf/httpd.conf.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: Error with check_apachestatus.pl
Hi,
I don't know if apache status module is enabled and on which server you ask me to enable it (monitored one or NagiosXI
Please find attached the httpd.conf file on the monitored server (windows server) and the httpd.conf of the Nagiosxi server
I don't know if apache status module is enabled and on which server you ask me to enable it (monitored one or NagiosXI
Please find attached the httpd.conf file on the monitored server (windows server) and the httpd.conf of the Nagiosxi server
You do not have the required permissions to view the files attached to this post.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Error with check_apachestatus.pl
Hi Frederic,
I looked at the apache configuration file on the monitored host and it looks ok. However, you'll want to make sure you have the correct ip address of the Nagios Server in the Allow from option.
Are you able to communicate with the host from the Nagios Server, what is the output of:
You can verify http communication with:
I looked at the apache configuration file on the monitored host and it looks ok. However, you'll want to make sure you have the correct ip address of the Nagios Server in the Allow from option.
Are you able to communicate with the host from the Nagios Server, what is the output of:
Code: Select all
nmap <remote host ip address>
You can verify http communication with:
Code: Select all
wget http://<remote host ip address>
wget https://<remote host ip address>
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: Error with check_apachestatus.pl
Hi,
Here's the ouptut of the commands :
Here's the ouptut of the commands :
Code: Select all
[root@nagiosxi ~]# nmap xxxxxxxxxx
Starting Nmap 6.47 ( http://nmap.org ) at 2019-05-13 09:45 CEST
Nmap scan report for xxxxxxxxxxx (xxxxxxxxxx)
Host is up (0.00021s latency).
Not shown: 987 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1500/tcp open vlsi-lm
3389/tcp open ms-wbt-server
5432/tcp open postgresql
8000/tcp open http-alt
8080/tcp open http-proxy
8082/tcp open blackice-alerts
8083/tcp open us-srv
8085/tcp open unknown
55555/tcp open unknown
MAC Address: 00:50:56:B1:76:81 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 3.98 seconds
Code: Select all
[root@nagiosxi ~]# wget http://172.16.4.7
--2019-05-13 09:47:11-- http://172.16.4.7/
Connecting to 172.16.4.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4770 (4.7K) [text/html]
Saving to: “index.html”
100%[======================================>] 4,770 --.-K/s in 0s
2019-05-13 09:47:12 (338 MB/s) - “index.html” saved [4770/4770]
[root@nagiosxi ~]# wget https://172.16.4.7
--2019-05-13 09:47:48-- https://172.16.4.7/
Connecting to 172.16.4.7:443... failed: Connection timed out.
Retrying.
--2019-05-13 09:48:52-- (try: 2) https://172.16.4.7/
Connecting to 172.16.4.7:443...
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Error with check_apachestatus.pl
Hi Frederic,
It looks the ports are open, and the wget command is successful for http but not for https. You should be able to access the server status page at:
Are you using a proxy server?
It looks the ports are open, and the wget command is successful for http but not for https. You should be able to access the server status page at:
Code: Select all
http://<remote host ip address>/server-statusAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: Error with check_apachestatus.pl
I tried to access http://xxxxxxxx/server-status from my PC and got :
"Forbidden
You don't have permission to access /server-status on this server."
I confirm that proxy isn't accessed when performing the http query from Nagios
"Forbidden
You don't have permission to access /server-status on this server."
I confirm that proxy isn't accessed when performing the http query from Nagios
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Error with check_apachestatus.pl
Hi Frederic
You are using the domain name of the Nagios server in the server-status modules and it may not be able to resolve the ip address. Try to change the Allow from option to use the IP address of the Nagios Server, re-start apache and test again ( or test with Allow from all)
If a firewall is blocking access from the Nagios server, check to see if the sysetem status page is up from the remote host.
You are using the domain name of the Nagios server in the server-status modules and it may not be able to resolve the ip address. Try to change the Allow from option to use the IP address of the Nagios Server, re-start apache and test again ( or test with Allow from all)
Code: Select all
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 <IP address Nagios>
</Location>
Code: Select all
curl -v http://127.0.0.1/server-status
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Frédéric GRANAT
- Posts: 445
- Joined: Mon Nov 19, 2012 11:36 am
Re: Error with check_apachestatus.pl
Try to change the Allow from option to use the IP address of the Nagios Server, re-start apache and test again
=> Done without success (even with Allow from all)
curl command unknown on monitored host
But we already tried the test of disabling the firewall without success
=> Done without success (even with Allow from all)
curl command unknown on monitored host
But we already tried the test of disabling the firewall without success
Re: Error with check_apachestatus.pl
For what its worth, this is my directive in apache 2.4.6 on rhel7.5. It works perfectly, but I encountered similar issues to those reported until I removed the "deny,allow". From what I read, this was due to changes in the way apache handles the interaction.
Code: Select all
<Location "/server-status">
SetHandler server-status
Require ip XXX.XXX.XXX.XXX
Require ip XXX.XXX.XXX.XXX
Require ip XXX.XXX.XXX.XXX
</Location>
--
Griffin Wakem
Griffin Wakem