Nagios Support Forum

Hi guys

Really hope you can help me with this.

Whenever I try to monitor an external website the check on the HTTP(s) service it fails. When I try this on internal HTTP(s) sites it works fine.

I've read in a couple of forums online that I need to raise the timeout by adding the "-t" parameter to $ARG1$ and add whatever time in seconds I want. When I do this with "-t 30" it just fails after 30 seconds.

The exact error is: CRITICAL - Socket timeout after 30 seconds

Even my test check on google.com fails

It seems that it's only external webservices that face-plant so figured that I needed to configure my HTTP Proxy.

I configured the proxy in the following places:

• http://nagios-server/nagiosxi/includes/ ... config.php
  /etc/yum.conf
  /etc/wgetrc

This allows me to download new programs and packages using the yum install command, download files using wget and check for Nagios updates from the webinterface but I still cannot monitor external websites.

Am I missing something really obvious here?

Are you able to ping those sites? I suspect not.

From what I can tell, you have a couple of options:
1) talk to your network admin about giving XI access to the Internet...or at least the sites you want to monitor.
2) use NRPE (or NCPA) to check those sites from another host, which does have Internet access. If you haven't ever used NRPE, you should take a look at https://assets.nagios.com/downloads/nag ... g_NRPE.pdf. It's up to you whether you want to use the NRPE wizard or not. If not, you'd need to set things up using the Core Config Manager (CCM).

Since this is your first post, you won't be able to PM a profile, but once your second post is approved, please PM me your profile. You can download it by going to Admin > System Config > System Profile and click the ***Download Profile*** button towards the top. If for whatever reason you *cannot* download the profile, please put the output of View System Info (5.3.4+, Show Profile if older) in the thread (that will at least get us some info). This will give us access to many of the logs we would otherwise ask for individually. If security is a concern, you can unzip the profile take out what you like, and then zip it up again. We may end up needing something you remove, but we can ask for that specifically.

You can also generate a profile manually using the script at /usr/local/nagiosxi/html/includes/components/profile/getprofile.sh

That should generate a profile in /usr/local/nagiosxi/var/components/ which you can get off the server with an application such as FileZilla.

After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.

If you get an error that PROFILE BUILD FAILED, please see https://support.nagios.com/kb/article.p ... ategory=44

Thanks for your swift reply.

The Nagios server is perfectly able to access the Internet. Ping, DNS resolutions, publicly reachable FTP's, ... are not posing any problem. (see attached)

I'll PM you the profile

I suspect your DNS check is using a different DNS than the check itself. What's the output of cat /etc/resolv.conf?

If you go to the command line to run the check, what output do you get?

Here's what I get from my machine. This mimics the browser, where squid is not accessible. Also, if you tried to PM the profile, I haven't gotten it yet.

I think we're on to something here. All check_http attempts fail. Pings succeed. I must have screwed up the http proxy configuration somewhere. I will try to figure out where I made the mistake.
I'll revert back to you.

We don't get the following info in the profile. I think they would be helpful (although since we aren't in your environment, they won't likely be conclusive)

http://nagios-server/nagiosxi/includes/ ... config.php
/etc/yum.conf
/etc/wgetrc

Hi

After some further troubleshooting we've found out that normal external HTTP checks work. SSL encrypted sites however do not.

All internal HTTPS checks works flawlessly. We have some SSL certificate spoofing going on our border gateway proxy, that's most definitely the problem.

I will just have to see with our networkteam if we can bypass it.

This issue is resolved for me, I have my answer, the post can be closed.