You need to read the docs carefully to realize that check_http has two
modes of operation: the regular HTTP checks, and a TLS certificate
check. Only one of these can be run in a single invocation.
Fixes#1553
-W, --print-top-warning
Print top consuming processes on WARNING status
-C, --print-top-critical
Print top consuming processes on CRITICAL status
-n, --procs-to-show=NUMBER_OF_PROCS
Number of processes to show when printing top consuming
processes. Not useful without -W or -C. Default value is 5
The check_disk fails if the build system has more than 100GB of free disk
space. Lets make this 100TB and we are safe for a couple more years.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
snmp tests fail if the snmp daemon runs systemd, then the process with 1 has arguments. Convert
the test into a regex which works for sysv and systemd.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
on sles (ex. 11sp1) systems the nslookup output for not found was not parsed correctly
and interpreted as ok when it should be critical:
./check_dns -H nosuchhost.nodomain -t 1 -vvv
/usr/bin/nslookup -sil nosuchhost.nodomain Server: 10.0.2.3
Address: 10.0.2.3#53
Non-authoritative answer:
*** Can't find nosuchhost.nodomain: No answer
DNS OK: 0.011 seconds response time. nosuchhost.nodomain returns |time=0.010892s;;;0.000000
Signed-off-by: Sven Nierlein <sven@nierlein.de>
changes:
- CRYPTO_lock detection replaced in configure.ac. We don't use that
function anywhere, so just replace it with the suggested one from
https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
- OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included.
Set it ourself using the suggested openssl 1.1 version check from
https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility
- openssl 1.1 sends a sigpipe if the connection is still open when
calling SSL_shutdown(), so move the close before the shutdown.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
After upgrading from an Ubuntu/15.10 to 16.04 installation, I noticed that
check_dig is always returning a WARNING:
$ /usr/lib/nagios/plugins/check_dig -l localhost -v
/usr/bin/dig -p 53 @127.0.0.1 localhost A +tries=3 +time=6
Looking for: 'localhost'
DNS WARNING - 0.008 seconds response time (dig returned an error status)|time=0.008274s;;;0.000000
The older Ubuntu installation got its check_dig from the
nagios-plugins-standard package[0] which did not include the +tries
option. The current Ubuntu version provides its check_dig from the
monitoring-plugins-standard package[1], which _does_ use the +tries
option that was introduced with df53473[2].
On my system, it so happens that /usr/bin/dig is provided not by the
(BIND) dnsutils package but by knot-dnsutils[3] from the Knot DNS project.
The Knot dig(1) command doesn't support the +tries option[4] but does
support +retry (which is also supported[5] by the BIND dig(1) command).
One way to fix that would be for me to install the BIND dnsutils package. But I did not
want to do that: it's so much larger in size and pulls in much more dependencies
than the knot-dnsutils package.
The patch below changes check_dig to use +retry instead of +tries. Both
options are similar, but not the same:
+retry - Sets the number of times to retry UDP queries to server to T
instead of the default, 2. Unlike +tries, this does not include
the initial query
As number_tries seems to be hard coded to 3, I've lowered DEFAULT_TRIES to
2 so check_dig should behave as before (with +tries=3).
Thanks,
Christian.
[0] http://packages.ubuntu.com/wily/nagios-plugins-standard
[1] http://packages.ubuntu.com/xenial/monitoring-plugins-standard
[2] https://github.com/monitoring-plugins/monitoring-plugins/commit/df53473
[3] http://packages.ubuntu.com/xenial/knot-dnsutils
[4] https://www.knot-dns.cz/docs/2.x/html/man_kdig.html#notes
[5] https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/man.dig.html
Signed-off-by: Christian Kujau <lists@nerdbynature.de>
Enabled snmp tests against snmpd on localhost. It was installed already
in the travis file, we just need to enable the tests by setting the
parameters in the answers file.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Change solution to display GMT time in the local display format with
the offset number of hours from GMT to be clear about what timezone
this is if the local display format does not include offset.
SSL certs are required to use times in GMT per
https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the
current timezone.
Fix the time_t conversion to be done assuming GMT with timegm() and
only do it once rather than twice.
Display the expiry date and time with ISO format years and give an
offset from GMT and a timezone to be very clear about exactly what time
is being displayed. Time given is correct and now in the machine’s
timezone.
The "-6" optarg now prepends the server_address with "udp6:" for the
snmpget external command as per the net-snmp syntax at:
http://www.net-snmp.org/wiki/index.php/FAQ:Applications_28
Thanks to DrydenK (Roberto Greiner) for the heads up.
This fix changes output of check_disk in case of --error-only/-e option
is used and state is ok
- Old output: DISK OK
- New output: DISK OK - free space: / 159731 MB (83% inode=61%);
/dev/shm 2926 MB (100% inode=99%); /boot 58 MB (32% inode=99%);
Resolves: #1420
right now it is not possible to print the command output of ssh. check_by_ssh
only prints the command itself. This patchs adds printing the output too. This
makes it possible to use ssh with verbose logging which helps debuging any
connection, key or other ssh problems.
Note: you must use -E,--skip-stderr=<high number>, otherwise check_by_ssh would
always exit with unknown state.
Example:
./check_by_ssh -H localhost -o LogLevel=DEBUG3 -C "sleep 1" -E 999 -v
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Thus recent Versions of bind will no longer change .IN-ADDR.ARPA to lowercase
as the uppercase version is also valid.
To have check_dns.c consider this fact change strstr to strcasestr
check_dig was casesensitive if an expected answer is given.
Switching strstr with strcasestr fixes this issue
While testing i noticed a bug where expected is not an exact match
New issue for that is opened #1385
This fix closes#1233
This reverts commit 6986aa1d0a. That
commit leads to issues on non-Linux systems, and it seems to not
(always) work as expected on Linux, either.
Conflicts:
plugins/Makefile.am
plugins/check_disk.c
Closes#1377 and closes#1329.
* maint:
sslutils: Remove superfluous parenthesis for sslv3 function too
sslutils: remove superfluous parenthesis
check_snmp: modified tests
check_snmp.c: switched DEFAULT_TIMEOUT to DEFAULT_SOCKET_TIMEOUT (provided by utils.h), already used by help description, see issue #1318
install snmpd on travis tests
enable libtab on travis builds
add perl snmp to travis dependencies
NEWS: Mention check_ups performance data fix
Fix incorrect performance data thresholds
check_dhcp: Fix option parsing
Fixes segfaults when running via monitoring worker (off-by-one)
travis: fix http test host
sslutils: Check if OpenSSL supports SSLv3.
Conflicts:
NEWS
plugins/sslutils.c
expect option (-e) supported only first response, so checking for
any other response like 250-xxx would never match. This fix stores
return of relevant buffer
closes#1381
- currently STARTTLS check does not work with -e if there's text
like '220 hostname ESMTP*'. This is caused by SMTP answer from
host. Postfix answer: 220 2.0.0 Ready to start TLS, Exchange
2010: 220 2.0.0 SMTP server ready. This fix checks against 220
closes#1093
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and
TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in
oder to also accept newer protocols than the specified version.
Closes#1338, and closes#1354, and closes#1359.
Stole the logic in check_ping that allows it to autodetect whether an
address is ipv6 or not. Now the user does not have to specify -6 when
using check_fping with ipv6 addresses.
fix typo in threshold check. instead of setting the state always
to warning, use the result from the thresholds entry check.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
since 6623a1 check_snmp prints the thresholds along the performance data.
This adjust our test cases accordingly.
Signed-off-by: Sven Nierlein <Sven.Nierlein@consol.de>
* handle-hanging-nfs:
NEWS: Mention check_disk enhancement
Cosmetic change: s/THRLIBS/THREADLIBS/
configure.ac: Don't let pthread check depend on OS
check_disk: Seperate declarations from code
check_disk: Remove unused status variable
check_disk: Fix pthread start routine type
Don't let check_disk hang on hanging file systems
It makes more sense to exit critical if a explicit version/protocol is requested. This
would also be more consistent with other plugins. Other string matching plugins like
check_snmp or check_http exit critical if the result does not match.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Closes#1268
snmpget already supports using SNMPv3 contexts using the option "-n".
Thus all we need to do is introduce a new argument to check_snmp and
pass the argument on to snmpget using snmpget's option "-n".
Since "-n" is already in use for check_snmp for a different purpose,
we use "-N" instead.
s/t/jresult are not initialized if there is no corresponding threshold
supplied. So we shouldn't use them for calculating our result.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Fix automatic DNS server name detection to honor -4 and -6 switches
(default to 127.0.0.1 or ::1 respectively, i.e. if -6 is given ::1
is used instead of 127.0.0.1)
FreeBSD starting with version 10 is shipped with ldns instead of bind as
resolver. Consequently the dig tool in base is replaced by drill. While dig can
still be installed as a third party application, it would be nice to make do
with the tools available in the system already.
This patch rearranges the command line used to invoke dig slightly so that it
can be used with both dig and drill (tested with dig 9.8.3-P1 and 9.9.4 as well
as drill 1.6.16). It would be really neat if the configure script could be
changed to automatically pick up drill when dig is not available (or the other
way around), but my autotools-foo is not good enough for that.
This part of the patch is an extended version of the locally maintained patch
currently deployed in the FreeBSD ports tree by Dmitry Sivachenko.
I'm submitting a small patch to check_disk that will show which partitions are
actually causing the error state. This helps the human operator to quickly
identify the exact issue. I made it so a single -v flag is required so it
doesn't harm legacy code that may be parsing the original style of output.
Thanks to Jason Benguerel.
---
Closes#984Closes#1182
Not sure if this is of use or not - we have a strange requirement to run
certain servers 5 minutes fast. I've added a switch to the check_ntp_time
to allow for this offset.
Thanks to Patrick McAndrew.
thus simplify the problem debugging: no need to check for this information in
the Nagios configuration.
This function is only used by 'check_tcp.c'.
Without the patch:
$ ./plugins/check_tcp -H 127.0.0.1 -p 21
Connection refused
$ ./plugins/check_tcp -H /var/spool/nagios/cmd/nagios.cmd
Permission denied
With the patch:
$ ./plugins/check_tcp -H 127.0.0.1 -p 21
connect to address 127.0.0.1 and port 21: Connection refused
$ ./plugins/check_tcp -H /var/spool/nagios/cmd/nagios.cmd
connect to socket /var/spool/nagios/cmd/nagios.cmd: Permission denied
Thanks to Davide Madrisan.
---
Closes #1277
This patch allows checking if MySQL server is running without providing valid
username and password. Similar to check_ssh plugin it returns MySQL server
version string and protocol number.
Example:
check_mysql -n -H aaa.bbb.ccc.ddd
MySQL OK - Version: 5.0.51a-24+lenny5 (protocol 10)
This is useful for monitoring servers where one does not have administrator
privileges or does not want to grant any privileges for the monitoring station.
To enable this functionality new option --ignore-auth (-n) is added to
check_mysql plugin.
Thanks to Julius Kriukas
Closes#1020Closes#1178
sshutils prints the expiry time of certificates in US format
this patch uses the strftime %c, I don't know how portable that is
Thanks to Neil Prockter.
Closes#1188Closes#1161Closes#977Closes#976Closes#975Closes#840Closes#382
Forking raises a race condition, where the parent might run the
test before the child has had time to fork. If that happens,
an error similar to this is produced:
Failed test 'Output correct'
at ./t/check_procs.t line 32.
'PROCS OK: 0 processes with args 'sleep 7' | processes=0;;;0;'
doesn't match '/^PROCS OK: 1 process?/'
Sleeping a bit should avoid the problem. It might be enough to
sleep less than a second, but perl's built-in sleep function only
supports integer seconds.
In our build environment, the build failed 3 of 4 times before
this patch. After the patch it failed 0 of 7 times.
Signed-off-by: Mikael Falkvidd <mfalkvidd@op5.com>
