Nagios checking Exchange URL (login required)

[RyanMule]

Hello All,

I have somewhat of an odd request. To begin we are running Nagios XI 5.5.7 and NSClient++ 5.3.

On our Exchange frontend servers I need to monitor this address https://SERVER/ews/exchange.asmx/wssecurity. Browsing to this address prompts for a login and brings you to a XML page. When that happens all is working. If the XWL page does not load I need to restart the MSExchangeServicesAppPool.

So I need a script/plugin that points to that address, inputs logins info and check XML page.

I apologize for the odd request but any help on talking this will be greatly appreciated.

Thank you
Ryan

[mcapra]

this address prompts for a login

A very important question; How is it prompting for a login? Is it using basic authentication? Some sort of form based authentication?

The check_http plugin supports basic authentication via the -a argument:

Code: Select all

     -a, --authorization=AUTH_PAIR
        Username:password on sites with basic authentication

In terms of answering the "did the XML page generate" question, hoo boy there's a lot of options starting with checking response codes (200, 400, 503, etc)

Code: Select all

     -e, --expect=STRING
        Comma-delimited list of strings, at least one of them is expected in
        the first (status) line of the server response (default: HTTP/1.)
        If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)

Checking response headers (Content-Type, XSS, etc):

Code: Select all

     -d, --header-string=STRING
        String to expect in the response headers

Checking body contents (specific XML key/value pairs maybe?):

Code: Select all

     -s, --string=STRING
        String to expect in the content

...

     -l, --linespan
        Allow regex to span newlines (must precede -r or -R)
     -r, --regex, --ereg=STRING
        Search page for regex STRING
     -R, --eregi=STRING
        Search page for case-insensitive regex STRING
     --invert-regex
        Return CRITICAL if found, OK if not

Really depends on the specific site, but check_http can cover an awful lot of ground by itself assuming basic auth is the authentication mechanism.

If you're having to navigate forms-based authentication, I'd recommend the following documentation (specifically the bit about the "web transaction" wizard):
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

I apologize for the odd request

Doesn't strike me as odd Login checks are super handy for multiple reasons.

[RyanMule]

Hello Mcapra,

Thank you for the quick response!
Yes... I missed that key part... It is form based authentication, so it does complicate it a bit.

I am not looking for anything specific in the XML document just as long as is generated.

This is all great information! I have some work to do and I will provide an update asap

Thank you!

this address prompts for a login

A very important question; How is it prompting for a login? Is it using basic authentication? Some sort of form based authentication?

The check_http plugin supports basic authentication via the -a argument:

Code: Select all

     -a, --authorization=AUTH_PAIR
        Username:password on sites with basic authentication

In terms of answering the "did the XML page generate" question, hoo boy there's a lot of options starting with checking response codes (200, 400, 503, etc)

Code: Select all

     -e, --expect=STRING
        Comma-delimited list of strings, at least one of them is expected in
        the first (status) line of the server response (default: HTTP/1.)
        If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)

Checking response headers (Content-Type, XSS, etc):

Code: Select all

     -d, --header-string=STRING
        String to expect in the response headers

Checking body contents (specific XML key/value pairs maybe?):

Code: Select all

     -s, --string=STRING
        String to expect in the content

...

     -l, --linespan
        Allow regex to span newlines (must precede -r or -R)
     -r, --regex, --ereg=STRING
        Search page for regex STRING
     -R, --eregi=STRING
        Search page for case-insensitive regex STRING
     --invert-regex
        Return CRITICAL if found, OK if not

Really depends on the specific site, but check_http can cover an awful lot of ground by itself assuming basic auth is the authentication mechanism.

If you're having to navigate forms-based authentication, I'd recommend the following documentation (specifically the bit about the "web transaction" wizard):
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

I apologize for the odd request

Doesn't strike me as odd Login checks are super handy for multiple reasons.

[ssax]

If it is using form based authentication you will need to use the check_http -P option:

Code: Select all

 -P, --post=STRING
    URL encoded http POST data

You will need to URL encode the data:

https://www.urlencoder.org/

You will need to work with your application developers to determine what POST data you need to submit such as username/pass/etc.

Something like this may work:

Code: Select all

/usr/local/nagios/libexec/check_http -H SERVER -f follow -u '/ews/exchange.asmx/wssecurity' --method=POST -P 'username=USER&password=PASS&loginButton=' -s 'TEXT TO SEARCH FOR' -S -p 443 --sni

[optionstechnology]

FYI: I came across a very similar issue and resolved by monitoring the IIS AppPool itself with check_iis -

https://exchange.nagios.org/directory/P ... ol/details

[cdienger]

Glad to hear you found another plugin that seems to work. Are we good to lock this one up?

[RyanMule]

Thank you ssax!

I will look into this option as well.

If it is using form based authentication you will need to use the check_http -P option:

Code: Select all

 -P, --post=STRING
    URL encoded http POST data

You will need to URL encode the data:

https://www.urlencoder.org/

You will need to work with your application developers to determine what POST data you need to submit such as username/pass/etc.

Something like this may work:

Code: Select all

/usr/local/nagios/libexec/check_http -H SERVER -f follow -u '/ews/exchange.asmx/wssecurity' --method=POST -P 'username=USER&password=PASS&loginButton=' -s 'TEXT TO SEARCH FOR' -S -p 443 --sni

[RyanMule]

Yes, this can be locked for now.

Glad to hear you found another plugin that seems to work. Are we good to lock this one up?

[scottwilkerson]

Yes, this can be locked for now.

Glad to hear you found another plugin that seems to work. Are we good to lock this one up?

Locking