This should help with figuring out ia problem at a glance when enabled for
healthz endpoints on web APIs, for example.
The content of the body can point to what the problem is and help with
diagnostics.
Fixes#1559
since CURLOPT_CONNECT_TO is only available in later curl versions, we do it the other way round now and
set the url from the address we want to connect to and then set the host header accordingly.
substituting PICOHTTPPARSER_DIR only when curl gets build, leads
to different dist tarballs depending on wether libcurl was available
or not. This then breaks later builds from this tarball because of
the missing files.
- added old style 'redir' function and options along to a new
libcurl internal 'follow' parameter 'curl'
- moved picohttpparser to it's own subdirectory
- added uriparser to be used instead of the home-grown parser in
'redir'
You need to read the docs carefully to realize that check_http has two
modes of operation: the regular HTTP checks, and a TLS certificate
check. Only one of these can be run in a single invocation.
Fixes#1553
-W, --print-top-warning
Print top consuming processes on WARNING status
-C, --print-top-critical
Print top consuming processes on CRITICAL status
-n, --procs-to-show=NUMBER_OF_PROCS
Number of processes to show when printing top consuming
processes. Not useful without -W or -C. Default value is 5
The check_disk fails if the build system has more than 100GB of free disk
space. Lets make this 100TB and we are safe for a couple more years.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
snmp tests fail if the snmp daemon runs systemd, then the process with 1 has arguments. Convert
the test into a regex which works for sysv and systemd.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
on sles (ex. 11sp1) systems the nslookup output for not found was not parsed correctly
and interpreted as ok when it should be critical:
./check_dns -H nosuchhost.nodomain -t 1 -vvv
/usr/bin/nslookup -sil nosuchhost.nodomain Server: 10.0.2.3
Address: 10.0.2.3#53
Non-authoritative answer:
*** Can't find nosuchhost.nodomain: No answer
DNS OK: 0.011 seconds response time. nosuchhost.nodomain returns |time=0.010892s;;;0.000000
Signed-off-by: Sven Nierlein <sven@nierlein.de>
changes:
- CRYPTO_lock detection replaced in configure.ac. We don't use that
function anywhere, so just replace it with the suggested one from
https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
- OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included.
Set it ourself using the suggested openssl 1.1 version check from
https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility
- openssl 1.1 sends a sigpipe if the connection is still open when
calling SSL_shutdown(), so move the close before the shutdown.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
After upgrading from an Ubuntu/15.10 to 16.04 installation, I noticed that
check_dig is always returning a WARNING:
$ /usr/lib/nagios/plugins/check_dig -l localhost -v
/usr/bin/dig -p 53 @127.0.0.1 localhost A +tries=3 +time=6
Looking for: 'localhost'
DNS WARNING - 0.008 seconds response time (dig returned an error status)|time=0.008274s;;;0.000000
The older Ubuntu installation got its check_dig from the
nagios-plugins-standard package[0] which did not include the +tries
option. The current Ubuntu version provides its check_dig from the
monitoring-plugins-standard package[1], which _does_ use the +tries
option that was introduced with df53473[2].
On my system, it so happens that /usr/bin/dig is provided not by the
(BIND) dnsutils package but by knot-dnsutils[3] from the Knot DNS project.
The Knot dig(1) command doesn't support the +tries option[4] but does
support +retry (which is also supported[5] by the BIND dig(1) command).
One way to fix that would be for me to install the BIND dnsutils package. But I did not
want to do that: it's so much larger in size and pulls in much more dependencies
than the knot-dnsutils package.
The patch below changes check_dig to use +retry instead of +tries. Both
options are similar, but not the same:
+retry - Sets the number of times to retry UDP queries to server to T
instead of the default, 2. Unlike +tries, this does not include
the initial query
As number_tries seems to be hard coded to 3, I've lowered DEFAULT_TRIES to
2 so check_dig should behave as before (with +tries=3).
Thanks,
Christian.
[0] http://packages.ubuntu.com/wily/nagios-plugins-standard
[1] http://packages.ubuntu.com/xenial/monitoring-plugins-standard
[2] https://github.com/monitoring-plugins/monitoring-plugins/commit/df53473
[3] http://packages.ubuntu.com/xenial/knot-dnsutils
[4] https://www.knot-dns.cz/docs/2.x/html/man_kdig.html#notes
[5] https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/man.dig.html
Signed-off-by: Christian Kujau <lists@nerdbynature.de>
Enabled snmp tests against snmpd on localhost. It was installed already
in the travis file, we just need to enable the tests by setting the
parameters in the answers file.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Change solution to display GMT time in the local display format with
the offset number of hours from GMT to be clear about what timezone
this is if the local display format does not include offset.
SSL certs are required to use times in GMT per
https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the
current timezone.
Fix the time_t conversion to be done assuming GMT with timegm() and
only do it once rather than twice.
Display the expiry date and time with ISO format years and give an
offset from GMT and a timezone to be very clear about exactly what time
is being displayed. Time given is correct and now in the machine’s
timezone.
The "-6" optarg now prepends the server_address with "udp6:" for the
snmpget external command as per the net-snmp syntax at:
http://www.net-snmp.org/wiki/index.php/FAQ:Applications_28
Thanks to DrydenK (Roberto Greiner) for the heads up.
This fix changes output of check_disk in case of --error-only/-e option
is used and state is ok
- Old output: DISK OK
- New output: DISK OK - free space: / 159731 MB (83% inode=61%);
/dev/shm 2926 MB (100% inode=99%); /boot 58 MB (32% inode=99%);
Resolves: #1420
right now it is not possible to print the command output of ssh. check_by_ssh
only prints the command itself. This patchs adds printing the output too. This
makes it possible to use ssh with verbose logging which helps debuging any
connection, key or other ssh problems.
Note: you must use -E,--skip-stderr=<high number>, otherwise check_by_ssh would
always exit with unknown state.
Example:
./check_by_ssh -H localhost -o LogLevel=DEBUG3 -C "sleep 1" -E 999 -v
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Thus recent Versions of bind will no longer change .IN-ADDR.ARPA to lowercase
as the uppercase version is also valid.
To have check_dns.c consider this fact change strstr to strcasestr
check_dig was casesensitive if an expected answer is given.
Switching strstr with strcasestr fixes this issue
While testing i noticed a bug where expected is not an exact match
New issue for that is opened #1385
This fix closes#1233
This reverts commit 6986aa1d0a. That
commit leads to issues on non-Linux systems, and it seems to not
(always) work as expected on Linux, either.
Conflicts:
plugins/Makefile.am
plugins/check_disk.c
Closes#1377 and closes#1329.
* maint:
sslutils: Remove superfluous parenthesis for sslv3 function too
sslutils: remove superfluous parenthesis
check_snmp: modified tests
check_snmp.c: switched DEFAULT_TIMEOUT to DEFAULT_SOCKET_TIMEOUT (provided by utils.h), already used by help description, see issue #1318
install snmpd on travis tests
enable libtab on travis builds
add perl snmp to travis dependencies
NEWS: Mention check_ups performance data fix
Fix incorrect performance data thresholds
check_dhcp: Fix option parsing
Fixes segfaults when running via monitoring worker (off-by-one)
travis: fix http test host
sslutils: Check if OpenSSL supports SSLv3.
Conflicts:
NEWS
plugins/sslutils.c
expect option (-e) supported only first response, so checking for
any other response like 250-xxx would never match. This fix stores
return of relevant buffer
closes#1381
- currently STARTTLS check does not work with -e if there's text
like '220 hostname ESMTP*'. This is caused by SMTP answer from
host. Postfix answer: 220 2.0.0 Ready to start TLS, Exchange
2010: 220 2.0.0 SMTP server ready. This fix checks against 220
closes#1093
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and
TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in
oder to also accept newer protocols than the specified version.
Closes#1338, and closes#1354, and closes#1359.
