Checking NRPE certificate expiry without flooding logs
Posted: Mon Aug 19, 2024 9:35 am
For a while I've been using check_http to check the expiry of the TLS certificate and general health of my NRPE daemon with the command:
/usr/lib/nagios/plugins/check_http --ssl -H '$HOSTADDRESS$' -I '$HOSTADDRESS$' -p 5666 -C 30,7
This largely works fine, although has the mildly annoying side effect of generating the following in the log file:
Could not read request from client 192.168.0.116, bailing out...
INFO: SSL Socket Shutdown.
I guess this is because check_http doesn't speak NRPE and that upsets it. I Googled the protocol and it looks like it's not terribly easy to configure an existing tool to play nicely. That said, I thought I'd ask the question: Anyone know how to check the cert expiry without causing the log file noise?
It occures to me that I could create two checks and use check_nrpe to check the health of NRPE and check_http every 12 hours or so to check the cert. Alternatively I could just learn to live with the log noise. Does anyone have any other suggestions, please?
/usr/lib/nagios/plugins/check_http --ssl -H '$HOSTADDRESS$' -I '$HOSTADDRESS$' -p 5666 -C 30,7
This largely works fine, although has the mildly annoying side effect of generating the following in the log file:
Could not read request from client 192.168.0.116, bailing out...
INFO: SSL Socket Shutdown.
I guess this is because check_http doesn't speak NRPE and that upsets it. I Googled the protocol and it looks like it's not terribly easy to configure an existing tool to play nicely. That said, I thought I'd ask the question: Anyone know how to check the cert expiry without causing the log file noise?
It occures to me that I could create two checks and use check_nrpe to check the health of NRPE and check_http every 12 hours or so to check the cert. Alternatively I could just learn to live with the log noise. Does anyone have any other suggestions, please?