You've installed and tested it. Now continue the setup by following the guide starting on page 4:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
How to Monitor URL certificate Expiration
Re: How to Monitor URL certificate Expiration
Team,
Kindly help me how to implement in nagiosxi to generate alerts.
The file is downloaded in nagios server, how to use this CA file while defining the command.
Kindly help me how to implement in nagiosxi to generate alerts.
The file is downloaded in nagios server, how to use this CA file while defining the command.
Re: How to Monitor URL certificate Expiration
lgaddam, let's step back for a second.
The plugin that was recommended by the other technician (that I came in to bug fix) will only work against a file, not a network CRL resource.
Is it your intention to check the CRL over the network or locally on the system?
If you want to check it through the network (likely what I would want to do) then this plugin will not work for this and we'll need to find you a different one that does do what you'd like.
I'm going to search for one after my meeting today (shortly) and I'll let you know what I find. There has to be one that will work across the network.
Once I find one I will send you instructions on what you need to do to add the plugin, command, and setup a service for this so we can get this working for you.
The plugin that was recommended by the other technician (that I came in to bug fix) will only work against a file, not a network CRL resource.
Is it your intention to check the CRL over the network or locally on the system?
If you want to check it through the network (likely what I would want to do) then this plugin will not work for this and we'll need to find you a different one that does do what you'd like.
I'm going to search for one after my meeting today (shortly) and I'll let you know what I find. There has to be one that will work across the network.
Once I find one I will send you instructions on what you need to do to add the plugin, command, and setup a service for this so we can get this working for you.
Re: How to Monitor URL certificate Expiration
One question, are you just looking for the expiration date of the CRL or show the revoked certificates in the CRL?
The CRL plugins I'm finding only show when the CRL expires (they don't show the revoked certs).
The CRL plugins I'm finding only show when the CRL expires (they don't show the revoked certs).
Re: How to Monitor URL certificate Expiration
Hi Sean,
This is related to Network CRL.
Currently we got the request only to monitor CRL expiration.
This is related to Network CRL.
Currently we got the request only to monitor CRL expiration.
Re: How to Monitor URL certificate Expiration
ok, great, I found the original one (that supports over network), see attached.
Unzip that file and upload it in Admin > Manage Plugins.
Then go to Configure > Core Config Manager > Commands:
- Click the Add New button
- Set these:
- Save
Now create a new service or copy an existing service, set these:
- check_command: check_crl_url
- Set $ARG1$ to your CRL, I'm testing with: http://crl.geotrust.com/crls/gtglobal.crl
- Set $ARG2$ to your warning value: 15
- Set $ARG3$ to your critical value: 30
- Max sure to set check_interval, retry_inteval, max_check_attempts, and any other settings you want
- Test, should work
- Save, Apply Config, and Validate it's working by forcing a check.
You can also test from the CLI like so:
Unzip that file and upload it in Admin > Manage Plugins.
Then go to Configure > Core Config Manager > Commands:
- Click the Add New button
- Set these:
Code: Select all
command_name: check_crl_url
command_line: $USER1$/check_crl_url -U '$ARG1$' -w $ARG2$ -c $ARG3$Now create a new service or copy an existing service, set these:
- check_command: check_crl_url
- Set $ARG1$ to your CRL, I'm testing with: http://crl.geotrust.com/crls/gtglobal.crl
- Set $ARG2$ to your warning value: 15
- Set $ARG3$ to your critical value: 30
- Max sure to set check_interval, retry_inteval, max_check_attempts, and any other settings you want
- Test, should work
- Save, Apply Config, and Validate it's working by forcing a check.
You can also test from the CLI like so:
Code: Select all
/usr/local/nagios/libexec/check_crl_url -U 'http://crl.geotrust.com/crls/gtglobal.crl' -w 30 -c 15
CRL OK: Expires in 32 Day(s) 12 Hour(s) 43 Minute(s) 22 Second(s).You do not have the required permissions to view the files attached to this post.
Re: How to Monitor URL certificate Expiration
Wow !! Fantastic!!
No confusion, Direct steps, worked well. Monitoring configured sucessfully for our client request.
Many Thanks Sean.
No confusion, Direct steps, worked well. Monitoring configured sucessfully for our client request.
Many Thanks Sean.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: How to Monitor URL certificate Expiration
Great!lgaddam wrote:Wow !! Fantastic!!
No confusion, Direct steps, worked well. Monitoring configured sucessfully for our client request.
Many Thanks Sean.
Locking thread