Nagios Support Forum

Hi All,

I am running Nagios core 4.4.6 version (https://www.nagios.org/downloads/nagios-core/thanks/) on CentOS Linux release 8.3.2011. Is there a way to check if the login is working on a website using Nagios Core? I checked https://www.monitoring-plugins.org/doc/ ... _http.html but unable to see any option.

For example:- https://developerportal.mydomain.com/login using the below login credentials if the login is successful. If login fails then Nagios Core will trigger an alert saying login failure.

URL :- https://developerportal.mydomain.com/login
Username :- [email protected]
Password :- xxxxxxxxxxxxxxxxxx

Thanks in Advance. I look forward to hearing from you.

Best Regards,

Kaushal

It depends on the form's behavior.

If there's something like a POST request that is being submit to /login as the login form's action, check_http supports setting the request method and providing request data: If it's not just a generic HTTP POST request that the form is submitting, you would need to leverage something like Mechanize, Selenium, Cypress, Playwright, or similar utilities to handle driving the web browser.

Selenium used to have official support within Nagios XI for stuff like this, but it appears as though many of the Nagios+Selenium plugins are quite out of date.

I wrote this to run CasperJS based tests a while ago:
https://github.com/mcapra/nagios-check_casperjs

I have no idea if it still works. I only ever tested it on PhantomJS, which had development halted a few years ago.

Thanks mcapra for the reply. I did the below config

./check_http -a "[email protected]:xxxxxxxxxx" develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.018 second response time |time=0.018391s;;;0.000000;10.000000 size=437B;;;0

$./check_http -a “[email protected]:xxxxxxxxxx” develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.024 second response time |time=0.024078s;;;0.000000;10.000000 size=437B;;;0

I tested it using the wrong email id and password, I see the same result. Ideally, it should return Unauthenticated. Am I missing anything?

Best Regards,

Kaushal

You can also ask check_http to follow 3xx redirects, give that a try if you're expecting either a 200 or 401: I'm not sure what the plugin's behavior is for 401 responses. You may need to look for 401 in the header:

Thanks for the reply. I use [email protected]:test@1234 to log in to https://develop.mydomain.com/user/login. It works without issue.I am attaching the screenshot for your reference. [img][/img]

If I use the wrong password it will report an Unrecognized username or password. Forgot your password? I am attaching the screenshot for your reference.

[img][/img]


./check_http -vvv -a "[email protected]:test@1234" --ssl -u /user/login -H develop.mydomain.com
HTTP OK: HTTP/1.1 200 OK - 334002 bytes in 0.088 second response time |time=0.087709s;;;0.000000;10.000000 size=334002B;;;0

./check_http -vvv -a "[email protected]:**t1234**" --ssl -u /user/login -H develop.mydomain.com
HTTP OK: HTTP/1.1 200 OK - 334034 bytes in 0.089 second response time |time=0.088863s;;;0.000000;10.000000 size=334034B;;;0

When I use the wrong password I still get 200 OK instead of 401 Unauthorized.

Please suggest further. Thanks in Advance.

Best Regards,

You can try adding the -v flag to get more verbose output for what exactly check_http is doing: You can also use -e flag to instead look for that "Unrecognized username or password" message in the response body: Without knowing specifically how the form is meant to behave (like what the actual code being executed is), it's hard for me to offer much insight.