[Nagiosplug-devel] [ nagiosplug-Patches-660973 ] check_tcp refusals okay

SourceForge.net noreply at sourceforge.net
Sun Mar 16 15:36:10 CET 2003

Previous message: [Nagiosplug-devel] [ nagiosplug-Patches-660973 ] check_tcp refusals okay
Next message: [Nagiosplug-devel] check_ping - perfdata
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patches item #660973, was opened at 2003-01-01 23:12
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=660973&group_id=29880

>Category: Enhancement
Group: None
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Rodger Allen (derais)
Assigned to: Jeremy T. Bouse (undrgrid)
Summary: check_tcp refusals okay

Initial Comment:
The accompanying patch adds an interface to netutils
and an option to check_tcp to allow for different STATE
returns when the the tcp connection receives a
connection refused (ECONNREFUSED).

This may be useful in a heavily firewalled environment
where ICMP may be denied and there are restrictions on
which ports are allowed access to certain machines. 
Receiving a connection refused is an indication that
the ip stack on the machine is working okay, and
therefore may be read in a similar manner to a ping,
viz, the machine is alive and able to respond, even
though there may not be a service running on that port
at that time.

It can be used in place of check_ping in a
check-host-alive command.  (In our situation we only
allow ssh to particular servers, and would like to know
if the machine is actually "up" even though the sshd
may be down.)


The default behaviour is to act as it does now, issuing
a CRITICAl if the connection is refused.  The behviour
can be changed to issue an OK or a WARNING when the
connection is refused, and it will also indicate if it
has been refused as well as returning the requested
state.

The option added to check_tcp:

" -r, --refuse=ok|warn|crit
    Accept tcp refusals with states ok,warn, crit
(default: crit)"

eg:

$ ./check_tcp -H foo -p 443; echo $?
Connection refused by host
2

$ ./check_tcp -H foo -p 443 --refuse=crit; echo $?
Connection refused by host
2

$ ./check_tcp -H foo -p 443 --refuse=warn; echo $?
TCP WARNING (refused) - ...
1

$ ./check_tcp -H foo -p 443 --refuse=ok; echo $?
TCP OK (refused) - ...
0






----------------------------------------------------------------------

>Comment By: Jeremy T. Bouse (undrgrid)
Date: 2003-03-16 15:47

Message:
Logged In: YES 
user_id=10485

Patch applied and closing tracker report

----------------------------------------------------------------------

Comment By: Jeremy T. Bouse (undrgrid)
Date: 2003-03-16 15:39

Message:
Logged In: YES 
user_id=10485

Committing modified patch to repository at this time... 

$ ./check_tcp -H theone -p 443; echo $?
Connection refused
2

$ ./check_tcp -H theone -p 443 --refuse=crit; echo $?
Connection refused
2

$ ./check_tcp -H theone -p 443 --refuse=warn; echo $?
TCP WARNING (refused) - 0.010 second response time on port
443|time=0.010
1

$ ./check_tcp -H theone -p 443 --refuse=ok; echo $?
TCP OK (refused) - 0.010 second response time on port
443|time=0.010
0


----------------------------------------------------------------------

Comment By: Rodger Allen (derais)
Date: 2003-03-13 14:41

Message:
Logged In: YES 
user_id=215096

I think the difference from "negate" is that the patch will
allow you to accept as okay a connnection or a refusal, but
will still warn/crit[1] if it times-out.  Currently, the
code base makes no distinction between a timeout and
econnrefused, so negate would then treat both of those as
okay and a connection as not okay.

I'm willing to help with anything here, if needed, so just ask.

[1] the little used verb: to crit :-)

----------------------------------------------------------------------

Comment By: Jeremy T. Bouse (undrgrid)
Date: 2003-03-13 14:22

Message:
Logged In: YES 
user_id=10485

I'll take a look at this one and see if I can't evaluate it while 
working with the IPv6 stuff...  

----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2003-03-13 14:19

Message:
Logged In: YES 
user_id=664364

Blimey - I know when I'm beat! Tried to apply this, but I'm lost in the IPv6 changes. I'll leave this open for someone else.

----------------------------------------------------------------------

Comment By: Subhendu Ghosh (sghosh)
Date: 2003-03-13 14:14

Message:
Logged In: YES 
user_id=46572

Umm - isn't this why we have negate ?? 

----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2003-03-13 14:10

Message:
Logged In: YES 
user_id=664364

Blimey - I know when I'm beat! Tried to apply this, but I'm lost in the IPv6 changes. I'll leave this open for someone else.

----------------------------------------------------------------------

Comment By: Jeremy T. Bouse (undrgrid)
Date: 2003-02-11 10:40

Message:
Logged In: YES 
user_id=10485

I would recommend holding this off until after 1.3 has
released and work it into the 1.4 code base.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=660973&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Patches-660973 ] check_tcp refusals okay
Next message: [Nagiosplug-devel] check_ping - perfdata
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list