How to Monitor URL certificate Expiration

[jbrunkow]

It appears that you have not installed it yet.

Please start by downloading the modified plugin attached to this reply. This way you won't have to make the edits I specified earlier.

Then navigate to the Admin section of XI using the bar on top > click Manage Plugins under System Extensions on the left pane > then click Browse... to upload the very same script you just downloaded.

You will also need to download the .crl file to the XI machine. You could do so with wget. Note the location so that you can pass it as an argument in the command later.

You should then see the plugin available in /usr/local/nagios/libexec. You could also have downloaded the script to that directory using wget, or moved it there using mv. Please run the script from the command line on your Nagios XI server to make sure it works before configuring a scheduled check.

Code: Select all

LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f <location of certificate revocation list>.crl

Once the plugin is installed and verified to be working, you can use it in a command. Navigate to the Configure section of XI > click >_Commands under Commands on the left pane > then click + Add New and enter a name, line, and type for the command. The command line should be whatever you got working in the terminal earlier, and the other two values can be whatever makes sense to you.
DOC

[lgaddam]

And also a critical alert need to be generated @30 days before expiration.

[ssax]

You would specify these options:

Code: Select all

-w, --warning=INTEGER
Number of days left (Defaults: 10 days)


-c, --critical=INTEGER
Number of days left (Defaults: 4 days) 

I would probably do this:

Code: Select all

LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f <location of certificate revocation list>.crl -w 30 -c 15

But for your requirement, you can do this:

Code: Select all

LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f <location of certificate revocation list>.crl -c 30

[lgaddam]

Thank you for the update.
I am not able to see the updated downloadable plugin file attached in earlier post.
Can you check and attach again.

[ssax]

Neither can I.

This is the one we are talking about, use this (it's different):

https://exchange.nagios.org/directory/P ... rl/details

Then make the modifications listed here:

https://support.nagios.com/forum/viewto ... 13#p309813

[lgaddam]

Below link returns the code. Do I have to copy the code in wordpad and save it and upload in Nagiosxi in Manage plugins or do I have to do in another way.

https://exchange.nagios.org/directory/P ... rl/details

[ssax]

To download it, click the link, then choose File > Save As.

Or do this on the XI system:

Code: Select all

curl -k -L 'https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1366&cf_id=24' -o /usr/local/nagios/libexec/check_crl
chown apache.nagios /usr/local/nagios/libexec/check_crl
chmod og+x /usr/local/nagios/libexec/check_crl

Then the file will be here:

Code: Select all

/usr/local/nagios/libexec/check_crl

[lgaddam]

Hi,

While I try to download CA, I am getting below error. Please check and assist

[root@p01 work]# wget <URL.crl>
--2020-05-23 00:13:44-- <URL.crl>
Resolving XXXXX.com... 192.168.xxx.xxx
Connecting to XXXXX.com|192.168.xxx.xxx|:80... connected.
HTTP request sent, awaiting response... 502 Proxy Error
2020-05-23 00:13:44 ERROR 502: Proxy Error.
[root@p01 work]#

[ssax]

Try this:

Code: Select all

wget --no-proxy <URL.crl>

[lgaddam]

Thanks for the update. It worked, now I am able to download it.
I ahve done modifications in check_crl plugin as suggested earlier.
I tested with commad provided earlier, Below is the output
.

[root@p01 ~]# LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f CA.crl
OK CRL Restzeit: 56 Tage, 12 Stunden, 18 Minuten und 22 Sekunden.
[root@glnagiosp01 ~]#


Looks it is working, kindly help me now how to implement in nagiosxi to generate alerts.