Nagios plugin
“check_http” provides SSL Certificate monitoring to check certificates
expiration dates and Nagios generate alerts when SSL certificates near their
expiration date. So the same can renew their certificates before problems
occur.
Step 1: Setup EPEL repository and install “check_http” Nagios
plugin: Follow tutorial How
to install EPEL repository on Centos7 and Run the following command to
install the check_http nagios plugin if already not installed.
Most of the Nagios
plugins are available in EPEL repository (Extra Packages for Enterprise Linux)
for Cent OS 7 and RHEL.
Nagios Server: Centos/RHEL 6 (Compiled Nagios core
installed)
Nagios client OS: Centos/ RHEL 7 (NRPE agent
installed by Yum)
Step 1: Setup EPEL repository and install “check_http” Nagios
plugin: Follow tutorial How
to install EPEL repository on Centos7 and Run the following command to
install the check_http nagios plugin if already not installed.
[root@linuxcnf-client
~]# yum install nagios-plugins-http
Loaded
plugins: changelog, fastestmirror
……
Installed:
nagios-plugins-http.x86_64
0:2.2.1-9git5c7eb5b9.el7
Complete!
[root@linuxcnf-client
~]#
|
Step 2: Configure NRPE: add the below line
in NRPE configuration file in nagios and change the site name with your SSL configured site:
[root@linuxcnf-client
~]# vi /etc/nagios/nrpe.cfg
……
command[check_ssl_linuxcnf]=/usr/lib64/nagios/plugins/check_http -H www.linuxcnf.com -S --sni -C 30,14
[root@linuxcnf-client
~]#
|
Step 3: Run the following command to verify the
command working status:
[root@linuxcnf-client
~]# /usr/lib64/nagios/plugins/check_http -H www.linuxcnf.com -S --sni -C
30,14
SSL OK - Certificate 'www.linuxcnf.com' will expire in 72 days on 2019-08-20 16:43 +0530/IST.
[root@linuxcnf-client
~]#
|
Step 4: Restart NRPE service: Run the following
command to restart NREP service:
[root@linuxcnf-client
~]# service nrpe restart
Redirecting
to /bin/systemctl restart nrpe.service
[root@linuxcnf-client
~]#
|
Step 5: Integrate the command in Nagios server: Add the
below service definition in host configuration file and define host
configuration(Assuming that server already integrated in Nagios server and the command check command defined.).
define
service {
use generic-service
host_name <Server_Hostname>
contacts nagiosadmin
service_description www.linuxcnf.com SSL Check
check_command check_nrpe!check_ssl_linuxcnf
}
|
Step 6: Pre-flight check and reload Nagios service: Run the following
command to check configuration syntax check:
[root@linuxcnf-server
~]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
……
Total
Warnings: 0
Total
Errors: 0
Things look
okay - No serious problems were detected during the pre-flight check
[root@linuxcnf-server
~]#
|
In above output, No
errors are detected during the pre-flight check and can reload the nagios
service:
[root@linuxcnf-server
~]# service nagios reload
Reloading
nagios configuration (via systemctl): [
OK ]
[root@linuxcnf-server
~]#
|
It’s done. Now
check the SSL certificate expiry status on Nagios console and Nagios also will generate
alerts [warning, critical] when SSL certificates near their expiration date.
No comments:
Post a Comment