Ad Widget

Collapse

SSL monitoring with Zabbix

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • szremo
    Junior Member
    • Jul 2018
    • 12
    #1

    SSL monitoring with Zabbix

    Dear Zabbix forum,
    I would like to share you my solution to monitoring SSL certificate on each website.

    That has been configured based on external check.

    First of all, simple script has been prepared and placed in /externalcheck directory

    Code:
      
 root@zabbix:/# cat /etc/zabbix/externalscripts/ssl_valid.sh  
#!/bin/bash
#Prepared by Marcin 'szremo' Szremski'
SSL_DATE=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep notAfter | awk -F = '{ print $2 }' | awk 'BEGIN {OFS = "-"} {print $1,$2,$4}')
EXPTIME=$(date -d$SSL_DATE +%s)
TODAY=$(date +"%b-%d-%Y")
CURRENT=$(date -d$TODAY +%s)
NUM=$(($EXPTIME - $CURRENT))
RESULT=$(($NUM/86400))
echo $RESULT

    Next, template has been prepared which execute that script once per day(value of Update interval): Click image for larger version Name: Screenshot 2019-06-11 at 11.24.02.png Views: 1 Size: 63.8 KB ID: 380486


    Pls. note that if your host in Zabbix is different that FQDN of your web site you should replace{HOST.NAME} by FQDN. Last think is to setup a triggers, in my case as on picture below:

    Click image for larger version Name: Screenshot 2019-06-11 at 11.26.25.png Views: 1 Size: 53.6 KB ID: 380487

    And result for host called Zabbix.com

    Click image for larger version Name: Screenshot 2019-06-11 at 11.27.32.png Views: 1 Size: 11.6 KB ID: 380489
    Click image for larger version Name: Screenshot 2019-06-11 at 11.27.44.png Views: 2 Size: 11.8 KB ID: 380490
    Attached Files
    Last edited by szremo; 11-06-2019, 11:46.
    Tags: ssl, ssl cert check
    • rvanderkooi
      Member
      • May 2019
      • 33
      #2
      Many thanks! This working perfect for me!

        Comment

        • sancho
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Mar 2015
          • 295
          #3
          Great!!!!

          Thank you szremo

            Comment

            • Hamardaban
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • May 2019
              • 2713
              #4
              Thanks!
              for FreeBSD:

              #!/bin/sh
              #Prepared by Marcin 'szremo' Szremski'
              # set locale of date in cert
              LC_ALL=en_GB.UTF-8
              export LC_ALL
              SSL_DATE=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep notAfter | awk -F = '{ print $2 }' | awk 'BEGIN {OFS = "-"} {print $1,$2,$4}')
              EXPTIME=$(date -j -f "%b-%d-%Y" $SSL_DATE +%s)
              CURRENT=$(date -j +%s)
              NUM=$(($EXPTIME - $CURRENT))
              RESULT=$(($NUM/86400))
              echo $RESULT

                Comment

                • wladimir50
                  Junior Member
                  • Nov 2018
                  • 9
                  #5
                  good stuff! working like a dream for me.
                  THANKS!

                    Comment

                    • alientm
                      Member
                      • Aug 2014
                      • 51
                      #6
                      Dziękuję

                        Comment

                        • nilldot
                          Junior Member
                          • Aug 2011
                          • 21
                          #7
                          Guys, Any chance you could attache the template please ?

                            Comment

                            • Alex G
                              Junior Member
                              • Jan 2020
                              • 3
                              #8
                              This is good, but it would be cool to do this in preprocessing on the JS.

                                Comment

                                • gofree
                                  Senior Member
                                  Zabbix Certified SpecialistZabbix Certified Professional
                                  • Dec 2017
                                  • 400
                                  #9
                                  Originally posted by Alex G
                                  This is good, but it would be cool to do this in preprocessing on the JS.
                                  I think not as its "preprocessing". Maybe some ugly way with trapper item and after use preporcessing. But I dont think it will be possible with duktape ( javascript engine in zabbix ) what I've googled a bit. I found something for nodejs engine - this doesnt help I guess

                                  GitHub - dyaa/ssl-checker: A tiny NodeJS module to check SSL expiry 🔒
                                  https://github.com/dyaa/ssl-checker
                                  A tiny NodeJS module to check SSL expiry 🔒. Contribute to dyaa/ssl-checker development by creating an account on GitHub.

                                    Comment

                                    • rafael.mendes
                                      Junior Member
                                      • Dec 2020
                                      • 1
                                      #10
                                      I have a error in "Last Data"...

                                      The error:

                                      ################################################## ###################
                                      2020-12-08 00:13:22

                                      unable to load certificate
                                      140244526622608:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:707:Expecting: TRUSTED CERTIFICATE
                                      date: invalid date '+%s'
                                      -18604
                                      ################################################## ###################

                                        Comment

                                        • LenR
                                          Senior Member
                                          • Sep 2009
                                          • 1005
                                          #11
                                          You can also parameterize the port if it's not always 443 :-)

                                            Comment

                                            • DRO
                                              Junior Member
                                              • Jan 2022
                                              • 7
                                              #12
                                              Originally posted by rafael.mendes
                                              I have a error in "Last Data"...

                                              The error:

                                              ################################################## ###################
                                              2020-12-08 00:13:22

                                              unable to load certificate
                                              140244526622608:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:707:Expecting: TRUSTED CERTIFICATE
                                              date: invalid date '+%s'
                                              -18604
                                              ################################################## ###################
                                              Same problem I have, did you ever fix it?

                                                Comment

                                                Previous template Next
                                                Working...