Ad Widget

Collapse

HTTPS check not working properly

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • slartibartfast
    Junior Member
    • Aug 2016
    • 11
    #1

    HTTPS check not working properly

    Using Zabbix 3.0.3, official rpm build on CentOS 7, and for some servers HTTPS check (stock Template) is not working, and for some does.

    Remote server does run Apache on https/443 port, telnet from Zabbix works to remote server, I can see in Apache ssl logs successful accesses from Zabbix server, but still it triggers as https is down:

    [ commands ran from zabbix server]

    $ zabbix_get -s 192.168.0.22 -k "net.tcp.service[https]"
    0

    $ telnet 192.168.0.22 https
    Trying 192.168.0.22...
    Connected to 192.168.0.22.
    Escape character is '^]'.

    Apache logs on 192.168.0.22 shows
    192.168.0.14 - - [28/Aug/2016:13:31:53] "HEAD / HTTP/1.1" 200 -

    Strange thing is that same HTTPS check works for some servers without issues. Also, firewall is not deployed at all.

    Any thoughts?

    Thanks
    Tags: https monitoring
    • LenR
      Senior Member
      • Sep 2009
      • 1005
      #2
      net.tcp.service is a "simple check", I think zabbix_get is for Zabbix Agent items only. Try net.tcp.listen(443).
      Last edited by LenR; 29-08-2016, 21:45. Reason: typo

        Comment

        • slartibartfast
          Junior Member
          • Aug 2016
          • 11
          #3
          Yes -- you are correct.

          Still, somehow this https check works for some servers and not for others.

            Comment

            • Atsushi
              Senior Member
              • Aug 2013
              • 2028
              #4
              https is not bound by specifying the ip address?
              If you specify the IP address are bound, please try to also specify the IP address in the argument.

              ex.
              net.tcp.service[https,<ip address>]

                Comment

                • LenR
                  Senior Member
                  • Sep 2009
                  • 1005
                  #5
                  Ok, net.tcp.service is an agent item. See the doc at https://www.zabbix.com/documentation...s#https_checks

                  Try debugging with curl and/or tcpdump from the same network perspective as this test. The various TLS exploits have caused some web servers to require TLS versions that curl doesn't support.

                  We use Redhat, I had to install a local version of curl on my zabbix proxies until RHEL put newer TLS support in the channel for curl.

                  Note that doc says https isn't supported for windows agents.

                  Sorry for the bad info before.

                    Comment

                    • slartibartfast
                      Junior Member
                      • Aug 2016
                      • 11
                      #6
                      Indeed, using curl it hits some error:

                      $ curl https://192.168.0.22
                      curl: (35) SSL received a record that exceeded the maximum permissible length.

                      Other than this, this server is working for years with success in regard serving from https port.

                        Comment

                        Previous template Next
                        Working...