This is more flexible and the recommended way to connect to a PostgreSQL
database.
Also, the verbose output now includes detailed information about the
connection.
The query result (the double value of the first column in the first row, to be
precise) will be checked against threshold ranges specified using the -C and
-W options.
Note that this also allows to query PostgreSQL internal values using the
information available from the database daemon's "statistics collector" -- see
the chapter "Monitoring Database Activity" in the PostgreSQL manual for
details.
A recent update removed the declarations for a couple variables in
check_smtp.c that are still being used, which caused a failure
in the compilation of check_smtp.c. This commit restores those variable
declarations so the check_smtp.c will again compile.
Earlier versions of check_smtp generated an (invalid) "MAIL FROM"
command without arguments by default. These days, a "MAIL FROM" command
is only sent if the --from option is specified.
This commit removes a comment which explains the old behaviour, and it
updates a variable name accordingly.
Fixes many instances of
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Apparently some people used -f '<nagios@example.com>' to work around
the bug I just fixed in the MAIL FROM: command generation. Although
the resulting command wasn't RFC-compliant, it was working with some
MTAs, so let's continue to support this syntax now that we generate
RFC-compliant commands.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Every version of the SMTP standard (from RFC 821 to the current RFC
5321) requires the address following MAIL FROM: to follow the colon
immediately (with no space) and to be surrounded by angle brackets.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
When using the 1.4.15 release of the Nagios Plugins, a command such as
check_tcp -H pop.example.com -p 995 -D 14
usually produced two lines of output, e.g.:
OK - Certificate will expire on 12/13/2014 23:59.
TCP OK - 0.009 second response time on port 995|time=0.008849s;;;0.000000;10.000000
The second line was removed by 4d06603060.
However, as the old two-line output is a valid (though in this case
unintended) way to spit out performance data, removing the second line
might break current setups. Therefore, we revert to the old behaviour,
at least for the moment.
The issue was reported by Jochen Bern on the "nagiosplug-devel" mailing
list (Message-ID: <4FEAE812.8030309@LINworks.de>).
Don't return a WARNING state if the number of lost packets is greater
than zero but below the specified warning threshold. This happened
because the check_ping plugin used the exit status of the ping(1)
utility. (#3535140 - Tobias Brox)
In the C shell and in the Z shell, the "?" character must be quoted or
backslash-escaped in order to use it verbatim. Therefore, a command
such as
check_by_ssh -H test.example.com -l joe echo huh?
might fail, depending on joe's login shell on test.example.com.
Just to make sure, this commit removes most punctuation characters from
our test strings.
The ping6(1) implementation provided by Debian's iputils-ping package
may produce output such as the following:
| 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2009ms
There's a corresponding pattern in check_ping.c:458:
| "%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss"
Without this fix, the pattern in check_ping.c:456 matched first (as
sscanf(3) interprets "+3" as a match for "%d"):
| "%*d packets transmitted, %*d received, %d%% loss, time"
(#1894850 - Debian bug report #514588 - Matej Vela)
This metric compares the database engine server version with the specified
ranges. The version string [[[[A.]B.]C.]D.]E[.] is returned as E + D*100 +
C*10000 + B*1000000 + A*100000000 (see libdbi's dbi_conn_get_engine_version()
documentation).
These options may be used to specify an extended POSIX regular expression that
is applied to the query result. When using -R, a case-insensitive match is
done.
The options may not be mixed with -w/-c/-e.
This option may be used to specify a string that is expected as the query
return value. The string is compared to the query result using strcmp().
The option may not be mixed with -w/-c.
This metric checks the execution time of the specified query. In case the
query does not return any (parsable) data, this is not treated as an error
when using this metric.
The -m option may be used to specify a metric to check the thresholds against.
This is more flexible than --conntime-warning/--conntime-critical (-W/-C) as
it may be extended to support further metrics without introducing tons of
arguments. Also, it does not make much sense to check the conntime and query
result at the same time.
Currently, the metrics CONN_TIME and QUERY_RESULT are available.
A query is no longer required unless QUERY_RESULT (the default) is used.
This plugin connects to an SQL database using libdbi, thus supporting all
database backends supported by libdbi. It will then issue the specified SQL
query and check the result (the numeric value of the first column of the first
row to be precise) against the specified warning/critical ranges.
The performance data includes the connection time (µs-resolution as provided
by gettimeofday()) and the query result.
Some versions of OpenSSL fail to negotiate the SSL connection with at
least some versions of Tomcat if stateless SSL session resumption
support (see RFC4507) is enabled:
| CRITICAL - Cannot make SSL connection
| 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10
The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL
0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by
disabling the RFC4507 functionality when using OpenSSL versions which
support it.
Thanks to Dag Bakke for reporting the issue and for giving me access to
a server I could use to reproduce the problem.
Add a note to the --help output which clarifies that check_http doesn't
perform certificate verification (beyond what the "-C" option does).
(Suggested by Michael Renner in Debian bug report #644627, forwarded by
Jan Wagner.)
