We moved to a new server and the IP and the DNS stayued the samenow we get the following
Running the following command I get
[[email protected] ~]$ /usr/local/nagios/libexec/check_http -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443
CRITICAL - Socket timeout
I can get to the web page in a browser
https://mrt.med.umich.edu/MRTWeb/login.do
check_http CRITICAL - Socket timeout
Re: check_http CRITICAL - Socket timeout
Hello @btayl
Thanks for reaching out, typically see socket timeout when there is a interruption. It is connecting but the established connection is interrupted due to invalid security check or other reason.
Do you have Selinux or any other security application enabled?
Let's go ahead and run the check_http command with verbose output so we can see what is going on:
Good idea to append a redirect as this will scroll through by: /usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443 > /tmp/results.txt
Please also verify that this one passes:
Please let me know the results,
Perry
Thanks for reaching out, typically see socket timeout when there is a interruption. It is connecting but the established connection is interrupted due to invalid security check or other reason.
Do you have Selinux or any other security application enabled?
Code: Select all
sestatusCode: Select all
/usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443Please also verify that this one passes:
Code: Select all
/usr/local/nagios/libexec/check_http -w 5 -c 10 --ssl -H www.verisign.comPerry
Re: check_http CRITICAL - Socket timeout
This is running on an AIX machine through a load balancer
Re: check_http CRITICAL - Socket timeout
I was wrong they are behind a netscaler overbalancer but they are on rhel 8.4 wit selinux disabled
Re: check_http CRITICAL - Socket timeout
Hello @btayl
What do you get on these on the RHEL 8.4?
Perry
What do you get on these on the RHEL 8.4?
Thanks,CODE: SELECT ALL
/usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443
Good idea to append a redirect as this will scroll through by: /usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443 > /tmp/results.txt
Please also verify that this one passes:
CODE: SELECT ALL
/usr/local/nagios/libexec/check_http -w 5 -c 10 --ssl -H http://www.verisign.com
Perry
Re: check_http CRITICAL - Socket timeout
cat /tmp/results.txt
CRITICAL - Socket timeout
option f:0
also If I do a
./check_http -w 5 -c 10 --ssl -H www.verisign.com
HTTP OK: HTTP/1.1 200 OK - 149074 bytes in 0.283 second response time |time=0.282550s;5.000000;10.000000;0.000000 size=149074B;;;0
CRITICAL - Socket timeout
option f:0
also If I do a
./check_http -w 5 -c 10 --ssl -H www.verisign.com
HTTP OK: HTTP/1.1 200 OK - 149074 bytes in 0.283 second response time |time=0.282550s;5.000000;10.000000;0.000000 size=149074B;;;0
Re: check_http CRITICAL - Socket timeout
Hello @btayl
Looks like we are not able to get results back from 'mrt.med.umich.edu'. Are we able to return a connection status ok with SSL stats:
And
Just checking on this:
Please let me know what you get for results,
Perry
Looks like we are not able to get results back from 'mrt.med.umich.edu'. Are we able to return a connection status ok with SSL stats:
Code: Select all
openssl s_client -connect mrt.med.umich.edu:443Code: Select all
openssl s_client -connect mrt.med.umich.edu:443 -showcertsCode: Select all
openssl s_client -connect mrt.med.umich.edu:80Perry
Re: check_http CRITICAL - Socket timeout
openssl s_client -connect mrt.med.umich.edu:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900387
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
openssl s_client -connect mrt.med.umich.edu:443 -showcerts
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900459
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
openssl s_client -connect mrt.med.umich.edu:80
socket: Bad file descriptor
connect:errno=9
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900387
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
openssl s_client -connect mrt.med.umich.edu:443 -showcerts
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900459
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
openssl s_client -connect mrt.med.umich.edu:80
socket: Bad file descriptor
connect:errno=9
Re: check_http CRITICAL - Socket timeout
Hello @btayl
Thanks for following up with the results, looks like there is no cert used which is failing the check.
Let's see what the alternate HTTP check does; which is attached. Download, move to your plugins and chmod +x check_http_alt on it.
The test command looks like this:
We are looking for results that look like this:
Perry
Thanks for following up with the results, looks like there is no cert used which is failing the check.
Let's see what the alternate HTTP check does; which is attached. Download, move to your plugins and chmod +x check_http_alt on it.
The test command looks like this:
Code: Select all
check_http_alt -I <ipaddressofyournagios> -u localhost/nagiosxi -p 443If it does not establish a connection we will see this:code URL http://xxxxxxx.xxx/nagiosxi on xxx, got 400 expected 200. 0.181s, 362 bytes
Let me know the results,Could not check URL http://xxxxxxxx.xxx/nagiosxi on xxx, connection error: IO::Socket::INET: connect: Connection refused. 0.001s, 0 bytes
Perry
Re: check_http CRITICAL - Socket timeout
./check_http_alt -I 172.20.66.100 -u localhost/nagiosxi -p 443
Unknown status code URL http://localhost/nagiosxi on 172.20.66.100. 0.001s, 0 bytes. http://h.xy.no/bCWjCO
Unknown status code URL http://localhost/nagiosxi on 172.20.66.100. 0.001s, 0 bytes. http://h.xy.no/bCWjCO