Ad Widget

**mmaslouh** · 15-01-2023, 16:09

Hi Again,

So, i go to creating a template for that

, and this is how to make it.

1 - Create a scripte in /etc/zabbix/scripts/checkssl.sh and give it execute rights.

Code:

data=`echo | openssl s_client -servername $1 -connect $1:${2:-443} 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'`

ssldate=`date -d "${data}" '+%s'`

nowdate=`date '+%s'`

diff="$((${ssldate}-${nowdate}))"

2 - Create a new tempalate.

3 - add macros, one for hostname and the other for port and save.

4 - Go again the this template and add a new item and save.

key is : system.run[/etc/zabbix/scripts/checkssl.sh {$CERT.WEBSITE.HOSTNAME} {$CERT.WEBSITE.PORT}]

5 - the last step is to add triggers for alerts and notification when the certificate is close to expiration.

**mmaslouh** · 15-01-2023, 16:22

For item with mutiple teplate, you neet to add the item with 2 agent.

The 127.0.0.1 with be used for ssl check and the seconde agent will be used for the other monitoring steffs like ping or https service check, ect.

This is a test to monitor google certificate expiration via our new tempalte and website availability via ping.

Don't forget to change the hostname marcro.

By default, the first agent will set as host interface for all items, so we need the change all ping items host interface to google.com interface.

**mmaslouh** · 15-01-2023, 16:24

Sources :

https://www.youtube.com/watch?v=xRS2LSSW0q8

Execute a Shell Script using Zabbix Agent - Zabbix Tutorials

https://sbcode.net/zabbix/system-run/

**cyber** · 16-01-2023, 11:10

You wanted to use agent2 then continued to use none of it and created your own scripts to accomplish it? What is the point?

web.certificate.get[hostname,<port>,<address>]
Validates certificates and returns certificate details.	JSON object	hostname - can be either IP or DNS. May contain the URL scheme (https only), path (it will be ignored), and port. If a port is provided in both the first and the second parameters, their values must match. If address (the 3rd parameter) is specified, the hostname is only used for SNI and hostname verification. port - port number (default is 443 for HTTPS). address - can be either IP or DNS. If specified, it will be used for connection, and hostname (the 1st parameter) will be used for SNI, and host verification. In case, the 1st parameter is an IP and the 3rd parameter is DNS, the 1st parameter will be used for connection, and the 3rd parameter will be used for SNI and host verification.	This item turns unsupported if the resource specified in host does not exist or is unavailable or if TLS handshake fails with any error except an invalid certificate. Currently, AIA (Authority Information Access) X.509 extension, CRLs and OCSP (including OCSP stapling), Certificate Transparency, and custom CA trust store are not supported.

Ad Widget

Zabbix server agent 2

Zabbix server agent 2

Comment

Comment

Comment

Comment