Page 1 of 2
Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 10:12 am
by heritages
Hello,
I'm having troubles monitoring an internal HTTPS site. This site is used by WebMethods B2B server to validate the internal path connectivity from a DMZ to an internal server cluster. Example of the URL is
https://server.domain.com:1250/invoke/wm.server/ping. When the test is successful it will resolve the date and time. E.G. "date Tue Aug 12 10:24:48 EDT 2014"
I've attempted to setup a website monitor and receive the response "connect to address 172.20.2.11 and port 1250: Connection refused"
Config used...
Host Name: server.domain.com
Check command: check_xi_service_http
$ARG$: -f ok -I ###.###.###.### -u "/invoke/wm.server/ping" -S -p 1250
What I would like to accomplish is for Nagios to monitor the URL and tell me when it doesn't respond with the date.
Thanks
Re: Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 10:33 am
by heritages
Possibly need a firewall rule to get in the DMZ. Waiting for network team to config.
Re: Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 10:48 am
by abrist
Yeah, I would say that this definitely looks like a port forward/firewall issue.
Re: Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 12:09 pm
by heritages
Corrected the firewall issue and now presented with a message "CRITICAL - Cannot make SSL connection."
Not sure where to go from here
Re: Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 12:10 pm
by heritages
When I navigated to the URL from my browser I had to install the certificate before I was able to connect without issue. Is there a way to do the same for Nagios?
Re: Monitor HTTPS site - Response Connection Refused
Posted: Tue Aug 12, 2014 4:22 pm
by abrist
Re: Monitor HTTPS site - Response Connection Refused
Posted: Wed Aug 13, 2014 8:14 am
by heritages
Am i supposed to save the certificate locally on the Nagios VM? If so where would you suggest?
Re: Monitor HTTPS site - Response Connection Refused
Posted: Wed Aug 13, 2014 9:14 am
by tmcdonald
For simplicity's sake, the libexec directory with the rest of your plugins should ensure that check_http can see it.
Security-wise, that depends on your company policy but really a public cert shouldn't need to be hidden too well.
Re: Monitor HTTPS site - Response Connection Refused
Posted: Wed Aug 13, 2014 9:49 am
by heritages
Ok made some progress. I noticed that the error previously was referring to "alert handshake failure"
Added --ssl=3 to the argument and now works.
-f ok -u "/invoke/wm.server/ping" -S --ssl=3 -p 1250
Next I want to validate that when the page is checked that the pages response would have "date" in it. I attempted to use the <-R "Date"> option to which I would have expected to fail due to a case issue but it passed. The website response to has the word "date" all lowercase on it.
COMMAND: /usr/local/nagios/libexec/check_http -H server.domain.com -R "Date" -f ok -I 172.20.2.15 -u "/invoke/wm.server/ping" -S --ssl=3 -p 1243
OUTPUT: HTTP OK: HTTP/1.1 200 OK - 327 bytes in 0.174 second response time |time=0.174383s;;;0.000000 size=327B;;;0
Any idea why this is not reporting an error?
Re: Monitor HTTPS site - Response Connection Refused
Posted: Wed Aug 13, 2014 9:58 am
by tmcdonald
Try "-s" instead of "-R".