We moved to a new server and the IP and the DNS stayued the samenow we get the following
Running the following command I get
[
[email protected]
~]$ /usr/local/nagios/libexec/check_http -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443
CRITICAL - Socket timeout
I can get to the web page in a browser
https://mrt.med.umich.edu/MRTWeb/login.do
Hello @btayl
Thanks for reaching out, typically see socket timeout when there is a interruption. It is connecting but the established connection is interrupted due to invalid security check or other reason.
Do you have Selinux or any other security application enabled?
Let's go ahead and run the check_http command with verbose output so we can see what is going on:
Code:
Select all
/usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443
Good idea to append a redirect as this will scroll through by:
/usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443 > /tmp/results.txt
Please also verify that this one passes:
Code:
Select all
/usr/local/nagios/libexec/check_http -w 5 -c 10 --ssl -H www.verisign.com
Please let me know the results,
Perry
CODE: SELECT ALL
/usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443
Good idea to append a redirect as this will scroll through by: /usr/local/nagios/libexec/check_http --verbose -H mrt.med.umich.edu -f ok -I 172.20.175.86 -u '/MRTWeb/login.do' -S --sni -p 443 > /tmp/results.txt
Please also verify that this one passes:
CODE: SELECT ALL
/usr/local/nagios/libexec/check_http -w 5 -c 10 --ssl -H
http://www.verisign.com
Thanks,
Perry
Hello @btayl
Looks like we are not able to get results back from
'mrt.med.umich.edu'
. Are we able to return a connection status ok with SSL stats:
Code:
Select all
openssl s_client -connect mrt.med.umich.edu:443
Code:
Select all
openssl s_client -connect mrt.med.umich.edu:443 -showcerts
Just checking on this:
Code:
Select all
openssl s_client -connect mrt.med.umich.edu:80
Please let me know what you get for results,
Perry
No client certificate CA names sent
SSL handshake has read 0 bytes and written 289 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900387
Timeout : 300 (sec)
Verify return code: 0 (ok)
openssl s_client -connect mrt.med.umich.edu:443 -showcerts
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 289 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1631900459
Timeout : 300 (sec)
Verify return code: 0 (ok)
openssl s_client -connect mrt.med.umich.edu:80
socket: Bad file descriptor
connect:errno=9
Hello @btayl
Thanks for following up with the results, looks like there is no cert used which is failing the check.
Let's see what the
alternate HTTP check does; which is attached
. Download, move to your plugins and
chmod +x check_http_alt
on it.
The test command looks like this:
Code:
Select all
check_http_alt -I <ipaddressofyournagios> -u localhost/nagiosxi -p 443
We are looking for results that look like this:
If it does not establish a connection we will see this:
Let me know the results,
Perry
