Nagios Support Forum

Hello ,
I am new to nagios.I am trying to check the https connection on a remote host using nrpe.
The plugin is the same as the one found on the Nagios website.


#!/bin/bash
wget='/usr/bin/wget --output-document=/tmp_html -S'
add_uri='https://'
end_uri='/'

if ($wget $add_uri$1$end_uri$2 2> /tmp_rep) then
cat /tmp_rep | grep " 1 " || echo 'HTTPS OK':q!
rm /tmp_rep
rm /tmp_html
exit 0
else
cat /tmp_rep | grep " 1 "|| echo 'Connection refused by host'
rm /tmp_rep
rm /tmp_html
exit 2
fi;

When I run the script on the remote machine ,
mobile01:/usr/lib/nagios/plugins# ./check_https.sh
Connection refused by host

Permissions
-rwxr-xr-x 1 root root 336 2012-05-15 17:26 check_https.sh

Is there anything that I am missing?Can anyone let me know how to correct it?Your help is appreciated.

You need to specify a domain name of some kind as the first argument to this command, and a hierarchical part afterwards. The 'Connection refused by host' error is misleading because it is displayed even if the script has an error of some other kind. For example:
Notice that there is a space after redhat.com instead of a slash. This checks the web page at redhat.com/contact/sales.html.

I tried to give a domain name as mentioned,but in vain.


mobile01:~# /usr/lib/nagios/plugins/check_https.sh google.com
Connection refused by host


The script is the one shown above in the previous post.Can you let me know if there is a way to check the https connection on the remote host?

mobile01:~# /usr/lib/nagios/plugins/check_https.sh redhat.com contact/sales.html l
Connection refused by host

I just tried this myself, and you're right, that example fails because the domain doesn't match the certificate. But if I add www to the domain, it works fine.

Can we have any standard domain name with https extension to check the https port on the remote host or it needs to be the domain name running on the remote server?

It needs to be serving something over https and have a valid certificate assigned to that domain name. If the server is not configured to do this correctly the plugin will fail.

Can I do this,On the remote host ,I just check the port 443 by telnet localhost,if it fails,then https connection problem,
Will this logic work correctly always?
This script is run on the remote host on which https port needs to be monitored.


#!/bin/bash
### This script does a verification on port 443 ###
### After 2 failed check it will send a mail notification ###

######To be modified######
###HTTPS###
HTTPSSERVERIP="127.0.0.1"
HTTPSSERVERPORT="443"

######End to be modified######
TELNET=/usr/bin/telnet

# Nagios return codes
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4

if [ ! -x "${TELNET}" ]
then
echo "UNKNOWN: $TELNET not found or is not executable by the nagios user"
exitstatus=$STATE_UNKNOWN
exit $exitstatus
fi


PROGNAME=`basename $0`
age() {
echo "Usage: $PROGNAME -H <hostname>"
echo ""
echo "Notes:"
echo "-H: Hostname - Can be a hostname or IP address"
echo ""
}

print_help() {
print_usage
echo ""
echo "This plugin will check the HTTPS port 443."
echo ""
exit 0
}


while test -n "$1"; do
case "$1" in
--help)
print_help
exit $STATE_OK
;;
-h)
print_help
exit $STATE_OK
;;
esac
shift
done


# check arguments for validity
if [ -z ${HTTPSSERVERIP} ]
then
echo "You must specify a SERVER IP (or localhost to test the local system)"
print_usage
exitstatus=$STATE_UNKNOWN
exit $exitstatus
fi


## HTTPS CHECK###

#CHECKHTTPS_OUTPUT= $TELNET $HTTPSSERVERIP $HTTPSSERVERPORT | grep Connected > /dev/null 2>&1


(
echo "quit"
) | $TELNET $HTTPSSERVERIP $HTTPSSERVERPORT | grep Connected > /dev/null 2>&1

if [ "$?" -ne "1" ]
then
#Ok
echo "HTTPS Check OK"
exitstatus=${STATE_OK}

#Connection failure
elif [ -f server_problem_first_time_https.txt ]
then
#Second time, send notification below--Warning
echo "HTTPS Port not Connecting" >> server_problem.txt
rm -rf server_problem_first_time_https.txt
exitstatus=${STATE_WARNING}

else #First notification
echo "HTTPS Check CRITICAL"
exitstatus=${STATE_CRITICAL}

fi
exit $exitstatus

Yeah, that approach should work. I haven't specifically tested the code you posted, though.

Thanks a lot.