From notifications at github.com Fri Aug 14 22:18:17 2015 From: notifications at github.com (Sami Kerola) Date: Fri, 14 Aug 2015 13:18:17 -0700 Subject: check_timex: add new plugin (#1344) Message-ID: This plugin uses ntp_adjtime() function to read and report system time using struct timex values. Check is similar to check_ntp_time, but with a difference being completely local execution. This has some desirable effects, such as: 1) This check runs very quickly. 2) The status of clock is reported from solely systems point of view, i.e., a small network hiccup or public DNS failure will not cause spurious failures 3) The check works when clock is syncronized with something else than ntp, such as ptp. Main difference of the check_timex and check_ntp_time is units used in --warning and --critical arguments. This check is using microseconds, while the check_ntp_time is using seconds. That means one should not interchange these checks without additional configuration changes. You can view, comment on, or merge this pull request online at: https://github.com/monitoring-plugins/monitoring-plugins/pull/1344 -- Commit Summary -- * check_timex: add new plugin -- File Changes -- M .gitignore (1) M THANKS.in (1) M configure.ac (5) M plugins/Makefile.am (5) A plugins/check_timex.c (174) M po/POTFILES.in (1) -- Patch Links -- https://github.com/monitoring-plugins/monitoring-plugins/pull/1344.patch https://github.com/monitoring-plugins/monitoring-plugins/pull/1344.diff -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/pull/1344 -------------- next part -------------- An HTML attachment was scrubbed... URL: From notifications at github.com Wed Aug 19 18:27:32 2015 From: notifications at github.com (waja) Date: Wed, 19 Aug 2015 09:27:32 -0700 Subject: Fixes segfaults when running via monitoring worker (#1345) Message-ID: (off-by-one) Grabed from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198318 This might also fix Debian Bug #784319 You can view, comment on, or merge this pull request online at: https://github.com/monitoring-plugins/monitoring-plugins/pull/1345 -- Commit Summary -- * Fixes segfaults when running via monitoring worker -- File Changes -- M plugins-root/check_dhcp.c (2) -- Patch Links -- https://github.com/monitoring-plugins/monitoring-plugins/pull/1345.patch https://github.com/monitoring-plugins/monitoring-plugins/pull/1345.diff -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/pull/1345 -------------- next part -------------- An HTML attachment was scrubbed... URL: From notifications at github.com Thu Aug 20 15:49:00 2015 From: notifications at github.com (odenbach) Date: Thu, 20 Aug 2015 06:49:00 -0700 Subject: check_http: Fix for checking http on different virtual port [sf#3442015] (#1026) In-Reply-To: References: Message-ID: Hi, sorry, I had not seen your reaction last year... It still does not work. Your validation above was invalid (the 'head -4' accidently stripped out the error message): odenbach at situla:/tmp/bp/usr/lib/nagios/plugins$ ./check_http -I lumen1 -p 5033 -H 'uni-paderborn.de:80' -v GET / HTTP/1.1 User-Agent: check_http/v2.1.1 (monitoring-plugins 2.1.1) Connection: close Host: uni-paderborn.de:80 CRITICAL - Socket timeout after 10 seconds If you look at the network traffic in parallel (tcpdump), you can see the reason: situla.uni-paderborn.de.37105 > lumen1.uni-paderborn.de.http So check_http still tries to reach the server at port 80, and not port 5033 as expected. Does the pull request from above still work? Or should I try to recreate the patch agains 2.1.1? Thanks, Christopher -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/issues/1026#issuecomment-133013078 -------------- next part -------------- An HTML attachment was scrubbed... URL: From notifications at github.com Thu Aug 20 21:29:58 2015 From: notifications at github.com (jeffadams) Date: Thu, 20 Aug 2015 12:29:58 -0700 Subject: check_http and time to first byte (#1346) Message-ID: I'd like the ability to alert on time to first byte. I've worked with more than one heavy weight application where TTFB was the most reliable way to know if the app was up. I understand that this use case might be relatively limited, but it could be very useful in these cases. A patch for this looks pretty simple. I'll be glad to submit it if there's interest. -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/issues/1346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ae at op5.se Fri Aug 21 14:30:16 2015 From: ae at op5.se (Andreas Ericsson) Date: Fri, 21 Aug 2015 14:30:16 +0200 Subject: check_http and time to first byte (#1346) In-Reply-To: References: Message-ID: <55D719D8.1030705@op5.se> On 2015-08-20 21:29, jeffadams wrote: > I'd like the ability to alert on time to first byte. I've worked with more > than one heavy weight application where TTFB was the most reliable way to > know if the app was up. I understand that this use case might be relatively > limited, but it could be very useful in these cases. > > A patch for this looks pretty simple. I'll be glad to submit it if there's > interest. > Well, you're interested, so if you submit a patch I'll at least look at it :-) -- Andreas Ericsson andreas.ericsson at op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. From bryair01 at noa.nintendo.com Fri Aug 21 18:51:18 2015 From: bryair01 at noa.nintendo.com (Bryan Irvine) Date: Fri, 21 Aug 2015 16:51:18 +0000 Subject: check_http and time to first byte (#1346) In-Reply-To: <55D719D8.1030705@op5.se> References: <55D719D8.1030705@op5.se> Message-ID: I'd be interested in seeing something like that. Monitoring is hard and if you notice something that others are not doing but has been useful in your environment - I think submitting a patch along with your use-case and results of your experiments are always welcome in the community (not to put words in the mouths of the official maintainers - which I am not.) Others may then also experiment and build off of it. Or abandon it if proves not to be useful. Ultimately, monitoring is a science - so I'd suggest you approach it that way. You've observed something. Now create a test to prove or disprove and submit your patch for peer review. :) -B -----Original Message----- From: Devel [mailto:devel-bounces+bryair01=noa.nintendo.com at monitoring-plugins.org] On Behalf Of Andreas Ericsson Sent: Friday, August 21, 2015 5:30 AM To: Monitoring Plugins Development Subject: Re: check_http and time to first byte (#1346) On 2015-08-20 21:29, jeffadams wrote: > I'd like the ability to alert on time to first byte. I've worked with more > than one heavy weight application where TTFB was the most reliable way to > know if the app was up. I understand that this use case might be relatively > limited, but it could be very useful in these cases. > > A patch for this looks pretty simple. I'll be glad to submit it if there's > interest. > Well, you're interested, so if you submit a patch I'll at least look at it :-) -- Andreas Ericsson andreas.ericsson at op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. From notifications at github.com Tue Aug 25 13:35:40 2015 From: notifications at github.com (jeffadams) Date: Tue, 25 Aug 2015 04:35:40 -0700 Subject: Issue 1346, allow to alert on ttfb. (#1347) Message-ID: You can view, comment on, or merge this pull request online at: https://github.com/monitoring-plugins/monitoring-plugins/pull/1347 -- Commit Summary -- * Issue 1346, allow to alert on ttfb. -- File Changes -- M plugins/check_http.c (45) -- Patch Links -- https://github.com/monitoring-plugins/monitoring-plugins/pull/1347.patch https://github.com/monitoring-plugins/monitoring-plugins/pull/1347.diff -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/pull/1347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From pacetownsley at gmail.com Tue Aug 25 13:36:20 2015 From: pacetownsley at gmail.com (J Adams) Date: Tue, 25 Aug 2015 07:36:20 -0400 Subject: check_http and time to first byte (#1346) In-Reply-To: References: <55D719D8.1030705@op5.se> Message-ID: Pull request submitted. On Fri, Aug 21, 2015 at 12:51 PM, Bryan Irvine wrote: > I'd be interested in seeing something like that. > > Monitoring is hard and if you notice something that others are not doing but has been useful in your environment - I think submitting a patch along with your use-case and results of your experiments are always welcome in the community (not to put words in the mouths of the official maintainers - which I am not.) Others may then also experiment and build off of it. Or abandon it if proves not to be useful. > > Ultimately, monitoring is a science - so I'd suggest you approach it that way. You've observed something. Now create a test to prove or disprove and submit your patch for peer review. :) > > -B > > -----Original Message----- > From: Devel [mailto:devel-bounces+bryair01=noa.nintendo.com at monitoring-plugins.org] On Behalf Of Andreas Ericsson > Sent: Friday, August 21, 2015 5:30 AM > To: Monitoring Plugins Development > Subject: Re: check_http and time to first byte (#1346) > > On 2015-08-20 21:29, jeffadams wrote: >> I'd like the ability to alert on time to first byte. I've worked with more >> than one heavy weight application where TTFB was the most reliable way to >> know if the app was up. I understand that this use case might be relatively >> limited, but it could be very useful in these cases. >> >> A patch for this looks pretty simple. I'll be glad to submit it if there's >> interest. >> > > Well, you're interested, so if you submit a patch I'll at least look at > it :-) > > -- > Andreas Ericsson andreas.ericsson at op5.se > OP5 AB www.op5.se > Tel: +46 8-230225 Fax: +46 8-230231 > > Considering the successes of the wars on alcohol, poverty, drugs and > terror, I think we should give some serious thought to declaring war > on peace. From notifications at github.com Tue Aug 25 13:56:19 2015 From: notifications at github.com (Christopher Odenbach) Date: Tue, 25 Aug 2015 04:56:19 -0700 Subject: check_http: Fix for checking http on different virtual port (#1348) Message-ID: Hi, a few days ago I added a comment to issue #1026 which was marked as closed but is not. Please have a look. If you want me to recreate the patch I will give it a try. Thanks, Christopher -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/issues/1348 -------------- next part -------------- An HTML attachment was scrubbed... URL: From stu at spacehopper.org Wed Aug 26 01:24:50 2015 From: stu at spacehopper.org (Stuart Henderson) Date: Tue, 25 Aug 2015 23:24:50 +0000 (UTC) Subject: [diff] handle building with OPENSSL_NO_SSL3 Message-ID: Please would you consider taking this patch to support building on systems with SSLv3 disabled? Thanks Stuart >From c0a0c792d1f7b69974219b84023afdd821b35b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= Date: Sat, 25 Jul 2015 20:02:14 -0600 Subject: [PATCH] sslutils: Check if OpenSSL supports SSLv3. --- plugins/sslutils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae474..4933dd0 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -66,7 +66,12 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int #endif break; case 3: /* SSLv3 protocol */ +#if defined(OPENSSL_NO_SSL3) + printf(("%s\n", _("CRITICAL - SSL protocol version 3 is not supported by your SSL library."))); + return STATE_CRITICAL; +#else method = SSLv3_client_method(); +#endif break; default: /* Unsupported */ printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); -- 2.4.5 From holger at zedat.fu-berlin.de Wed Aug 26 11:37:16 2015 From: holger at zedat.fu-berlin.de (Holger =?iso-8859-1?Q?Wei=DF?=) Date: Wed, 26 Aug 2015 11:37:16 +0200 Subject: [diff] handle building with OPENSSL_NO_SSL3 In-Reply-To: References: Message-ID: <20150826093716.GP13667@zedat.fu-berlin.de> * Stuart Henderson [2015-08-25 23:24]: > Please would you consider taking this patch to support building on systems > with SSLv3 disabled? Applied, thank you. Holger From kerolasa at iki.fi Fri Aug 14 22:24:35 2015 From: kerolasa at iki.fi (Sami Kerola) Date: Fri, 14 Aug 2015 21:24:35 +0100 Subject: [PATCH] new executable check_timex Message-ID: <1439583875-1302-1-git-send-email-kerolasa@iki.fi> Hello, This is just a notify about pull request in github. https://github.com/monitoring-plugins/monitoring-plugins/pull/1344 You can find the change also from my remote branch mentioned be.o. ---------------------------------------------------------------- The following changes since commit 82e28411c8803cdfa1868a530e2a56dc046ada92: check_ldap: fix number of skipable tests (2015-04-23 09:51:26 +0200) are available in the git repository at: git://github.com/kerolasa/monitoring-plugins.git timex for you to fetch changes up to 1237ccfb81dc990535c90049195a5a865c26dd88: check_timex: add new plugin (2015-08-14 21:13:22 +0100) ---------------------------------------------------------------- Since I am lazy all I want to say about the new command is the same what I told in commit message: -- snip This plugin uses ntp_adjtime() function to read and report system time using struct timex values. Check is similar to check_ntp_time, but with a difference being completely local execution. This has some desirable effects, such as: 1) This check runs very quickly. 2) The status of clock is reported from solely systems point of view, i.e., a small network hiccup or public DNS failure will not cause spurious failures 3) The check works when clock is syncronized with something else than ntp, such as ptp. Main difference of the check_timex and check_ntp_time is units used in --warning and --critical arguments. This check is using microseconds, while the check_ntp_time is using seconds. That means one should not interchange these checks without additional configuration changes. -- snip -- Sami Kerola http://www.iki.fi/kerolasa/ From michael.melcher82 at gmail.com Wed Aug 26 19:18:20 2015 From: michael.melcher82 at gmail.com (Michael Melcher) Date: Wed, 26 Aug 2015 19:18:20 +0200 Subject: Fwd: Fix check_http to work properly with https and proxy In-Reply-To: References: Message-ID: Hi, Keith4 and Emias suggested in irc to write this to the monitoring plugins devel mail. So here it goes. Hope you find this helpful and will implement it soon. Kind regards Michael aka Vonor on Freenode ---------- Forwarded message ---------- From: Michael Melcher Date: Tue, Aug 25, 2015 at 7:15 PM Subject: Re: Fix check_http to work properly with https and proxy To: devel at nagios-plugins.org I've ported the fix from Frank4dd to the latest git version. Please commit the fix. http://pastebin.ca/3128438 On Mon, Aug 24, 2015 at 9:33 PM, Michael Melcher < michael.melcher82 at gmail.com> wrote: > Hi, > > In 2010 Frank4DD wrote a fix for proxy ssl checks with the -j CONNECT > method. > > Searching for a solution to do https checks behind a proxy I always end up > on Frank's page. Unfortunately his fix is not implemented yet. I've tried > with latest plugins from opensuse's server:monitoring repository as well as > checking check_http.c on github. > > Please add Frank's fix to the official plugins. > http://nagios.frank4dd.com/howto/monitor-ssl-websites-through-proxy.htm > -- > Kind regards > Michael Melcher > > Sent from my phone > -------------- next part -------------- An HTML attachment was scrubbed... URL: From notifications at github.com Thu Aug 27 17:11:00 2015 From: notifications at github.com (waja) Date: Thu, 27 Aug 2015 08:11:00 -0700 Subject: check_http: Adding support for checking SSL-Websites through Proxies (#1349) Message-ID: Ported the fix from Frank4dd to the latest git version. See also http://nagios.frank4dd.com/howto/monitor-ssl-web sites-through-proxy.htm You can view, comment on, or merge this pull request online at: https://github.com/monitoring-plugins/monitoring-plugins/pull/1349 -- Commit Summary -- * check_http: Adding support for checking SSL-Websites through Proxies -- File Changes -- M plugins/check_http.c (45) -- Patch Links -- https://github.com/monitoring-plugins/monitoring-plugins/pull/1349.patch https://github.com/monitoring-plugins/monitoring-plugins/pull/1349.diff -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/pull/1349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From waja at cyconet.org Thu Aug 27 17:11:55 2015 From: waja at cyconet.org (Jan Wagner) Date: Thu, 27 Aug 2015 17:11:55 +0200 Subject: Fwd: Fix check_http to work properly with https and proxy In-Reply-To: References: Message-ID: <55DF28BB.2070507@cyconet.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 26.08.15 um 19:18 schrieb Michael Melcher: > Keith4 and Emias suggested in irc to write this to the monitoring > plugins devel mail. So here it goes. > > Hope you find this helpful and will implement it soon. I`ve created a PR for it: https://github.com/monitoring-plugins/monitoring-plugins/pull/1349 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJV3yi7AAoJEAxwVXtaBlE+cOEQALDP14CUCZ4twF9sF6jgDUIn R5aUQwmHXlrAN9VYwFml0GIRViHr0lG6HlWkPIHiHGT8N0g0dif/wNpTEGxyETJZ mZiwy8xhqK7DudFFERTZO6MIpQ1ant8AmepDo2rXwUzffgjAQgICZ/4pbUcxY5B0 7HT5lbtJsYF8aJbTMB34kOUsPAi/h8TqXwp0yV1BDi9qFAZrimBQzuUM1LAwEQj1 Ed/FW0h/fQ4Swic4iH544cqq7xZUPjeNZA6FvM/4LBHNaCDMzKphbTSNO8A+/Z9m KnGjbJ76y22AaUDIw0rCPSp0x69DbGp0j12uCBUz3luyJR5VJ82i8WhUCANRXJFV sgcNgAy95BUdMaxS/1o0KLGqlwG7QAgedc+8DAS1DZm5W1xP2z6yD4kdrRbcTQJE YQT41IVoh1fyxp9rxTkH5uJnPMjKG/Fi5VvyZ/KLJ2aGuAnhrl4f9UKm5h90ZFbQ jvyJBY7g+1C3D2pmHjYEcdJOEmvg2xHRWR9xXFtvwLG32rlLOPMtlp31Urk2Y1vR 2aMyimH6oFvuAG3rDwHstDnqI5RDgIEum/AwwS6j2sfa11/9E9Z6r7SFIyOYSSZY Y40Bt5NS3Yt/r/oibVaPB33aVDgWJLTQhxQ8w+oSLoJHW0a8RxY4WdaufiRRLm2J WvYnH3WocFXqhQNFLWqb =Iy1A -----END PGP SIGNATURE----- From notifications at github.com Thu Aug 27 17:14:34 2015 From: notifications at github.com (waja) Date: Thu, 27 Aug 2015 08:14:34 -0700 Subject: Issue 1346, allow to alert on ttfb. (#1347) In-Reply-To: References: Message-ID: This should close #1346 -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/pull/1347#issuecomment-135465209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From notifications at github.com Thu Aug 27 20:00:31 2015 From: notifications at github.com (Jason Wilkinson) Date: Thu, 27 Aug 2015 11:00:31 -0700 Subject: check_http - support TLS v1.2 (#1338) In-Reply-To: References: Message-ID: Some QSAs are starting to vail PCI scans when TLSv1 is enabled. They've already disallowed SSLv2 and SSLv3. That means that there are no checks that would be available via SSL with this command unless it's extended to support TLSv1.1 and TLSv1.2. This needs to be updated for this plugin to be useful in any environment that has PCI implications. -- Reply to this email on GitHub: https://github.com/monitoring-plugins/monitoring-plugins/issues/1338#issuecomment-135507996 -------------- next part -------------- An HTML attachment was scrubbed... URL: From stu at spacehopper.org Fri Aug 28 09:34:18 2015 From: stu at spacehopper.org (Stuart Henderson) Date: Fri, 28 Aug 2015 07:34:18 +0000 (UTC) Subject: check_http - support TLS v1.2 (#1338) References: Message-ID: On 2015-08-27, Jason Wilkinson wrote: > > Some QSAs are starting to vail PCI scans when TLSv1 is enabled. They've > already disallowed SSLv2 and SSLv3. That means that there are no checks that > would be available via SSL with this command unless it's extended to support > TLSv1.1 and TLSv1.2. This needs to be updated for this plugin to be useful > in any environment that has PCI implications. It should still connect when you use auto-negotiation.