Whenever you have a ZenPack ready to get posted, email me directly and I'll work with you to get it listed.
Thanks,
Matt Ray
Zenoss Community Manager
unixsamurai wrote:
One thing I did encounter was, we do alot of virtual name based web hosting, and when I tried to add a "new" hostname for SSL cert checking it wouldn't add it, since we already monitor that host's IP under another hostname.
This sounds like an interesting problem. I had been thinking about that as well since I am using some old Raq550's at home with vhost setups. I had a thought about this, and have been thinking that there should be a special class that can allow duplicate IP addresses that does nothing by default. That way we can work on a vhost by vhost basis.
Perhaps even a Psudeo class that has NO IP addresses at all allowed, or only has 127.0.0.1 and will only work with zencommand against the ${here/id} and other non-IP address variables..
Unfortunately either of these options would require changes of the main code itself. A little ZenPack is not going to cut it here I dont think.. (at least I cannot think of an easy way to do it but I am not a real Python coder, I just fake it in forums.. )
I am going to have to think about this for a bit..
Yeah man, get this ZenPack published, it's freaking awesome. I think there'd be a ton of people waiting for this type of feature.
Now what type of ZenPack do we do next ;-)
unixsamurai wrote:
Yeah man, get this ZenPack published, it's freaking awesome. I think there'd be a ton of people waiting for this type of feature.
Now what type of ZenPack do we do next ;-)
Grin, I am starting a ZenPack for Cyclades ACS32's as an addendum to the existing ZenPack. I am going to show Amp use per bus, tempature per power bus and PDU outlet statuses. Still trying to figure out how to split a !@#$! string reply into an array correctly and input the values into a table so that a template can graph this..
Heh after that, assuming I dont get a new request, I am continuing writing my IWILLFEARNOEVIL-SMI for Linux server applications. Trapping defined for events for the standard stuff you find on LAMP servers. (apache, sql, mail queues, etc) I have not been able to find a decent generic trap set anywhere, so I am writing one under my IANA OID number, and just releasing it to the world for anyone who wants standardization on event traps (I REALLY hate seeing /unknown). Heheh...
The basic skeleton for what I am doing is in the forums on my website http://code01.iwillfearnoevil.com If you check it out, keep in mind that my domain is in my garage on a cable modem and I do a lot of weird stuff on my LAN, so it might be a little slow.
If you want to use the current parts of the SMI that have been posted, you are more than welcome to. Otherwise, the actual traps for what is defined in SMI I can do some quick and dirty stuff adhoc if needed before I finish the MIB.
I may have found a fix for the problem that you have with vhosts and the SSL cert expirations. I have written a new script that takes hostnames and ports via a file on the local machine, and sends SNMP traps on cert expiration, as well as SSL failures. If there is no file found, the script will check the localhost:443 (configurable) to see when the main apache instance SSL cert is going to expire.
This is part of an entire trap system that I am writing for Linux based LAMP servers, but you are more than welcome to the code if f would be useful to you. Once I have debugged the monitoring scripts further (and have a few more written) I will be posting everything on s-f.
Currently I have md_stat statusing, SSL checks, Apache daemon checks (and restarting), qmail queues (and perf), sensor checks (via lm_sensors) as well as LAN and WAN checks from the local machine perspective. I am starting ldap verification and DNS tonight, and should have that code into the system by the end of this week.
The criticality is defined under OID 30911.<application unique oid>.0.0.4 for easy zenmappings. 30911.0.0.1 and 0.0.2 are for text areas of the event itself. 30911.<app unique oid>.0.0.3 is for the name of the application being monitored in a generic sense. The main idea of these scripts will be tight intergration into the Zenoss system by defining a new ZenPack that exclusivly deals with these kinds of traps in a standardized form, and allows for the easy addition of new SNMP traps.
Currently it is set to give this kind of information:
For a SSL failure:
summary | snmp trap enterprises.30911.10.2 |
eventKey | |
lastTime | 2009/11/12 19:37:55.000 |
ipAddress | 192.168.15.60 |
Systems | | |
sysUpTime.0 | 49560200 |
sysUpTime | 49560200 |
oid | 1.3.6.1.4.1.30911.0.0.1 |
community | public |
enterprises | SSL failure www.iwillfearnoevilxxx.com:443 |
enterprises.30911.10.0.0.3 | APACHE |
enterprises.30911.0.0.2 | Response : 31630:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE |
enterprises.30911.0.0.1 | SSL failure www.iwillfearnoevilxxx.com:443 |
enterprises.30911.10.0.0.5 | Noted via server-scripts |
enterprises.30911.10.0.0.4 | 2 |
For a Cert expiration:
summary | snmp trap enterprises.30911.10.4 |
eventKey | |
lastTime | 2009/11/12 19:37:55.000 |
ipAddress | 192.168.15.60 |
Systems | | |
sysUpTime.0 | 49559676 |
sysUpTime | 49559676 |
oid | 1.3.6.1.4.1.30911.0.0.1 |
community | public |
enterprises | www.google.com:443 SSL certificate is expiring in less than 700 days. |
enterprises.30911.10.0.0.3 | APACHE |
enterprises.30911.0.0.2 | www.google.com:443 : Sat Mar 27 15:20:07 PDT 2010 |
enterprises.30911.0.0.1 | www.google.com:443 SSL certificate is expiring in less than 700 days. |
enterprises.30911.10.0.0.5 | Noted via server-scripts |
enterprises.30911.10.0.0.4 | 4 |
The ZenPack is now available here: Domain/SSL Certificate Expiration Monitor I made a small fix for the path issues, so there's now a 1.0.5 version available that no longer requires modifying the path in the data source. The key to getting paths within the ZenPack is in this changeset: http://zenpacks.zenoss.org/trac-zenpacks/changeset/438
Thanks again!
Matt Ray
Zenoss Community Manager
Hi Matt and everyone!
I installed this ZenPack and it seems to be working fine for all the domains except .CA (we are in Canada).
I dont know too much about coding but seeing the code of the check_domain.sh i found :
elif [ "${TLDTYPE}" == "uk" ];
then
${WHOIS} -h "whois.nic.uk" "${1}" > ${WHOIS_TMP}
so, I added:
elif [ "${TLDTYPE}" == "ca" ];
then
${WHOIS} -h "whois.cira.ca" "${1}" > ${WHOIS_TMP}
and saved it. Shoud I compile the file? which compiler? can one of you guys please do it for me or let me know what are the steps?
there is something else to do?
Thanks!
Jose
bautistaj wrote:
Hi Matt and everyone!
I installed this ZenPack and it seems to be working fine for all the domains except .CA (we are in Canada).
I dont know too much about coding but seeing the code of the check_domain.sh i found :
elif [ "${TLDTYPE}" == "uk" ];
then
${WHOIS} -h "whois.nic.uk" "${1}" > ${WHOIS_TMP}
so, I added:
elif [ "${TLDTYPE}" == "ca" ];
then
${WHOIS} -h "whois.cira.ca" "${1}" > ${WHOIS_TMP}
and saved it. Shoud I compile the file? which compiler? can one of you guys please do it for me or let me know what are the steps?
there is something else to do?
Thanks!
Jose
I think that it should work for you just fine now that you edited the script. Are you getting unexpected results? If things are goofy, I can do some more debugging, but what you did should be fine..
Hi guyverix
Thanks for your quick reply...I did that change but it's not working, I'm trying to debug and so far I found that the REGISTRAR variable is not getting the right value as the results of the output from the jwhois is different :For example amazon.ca
[Querying whois.cira.ca]
[whois.cira.ca]
Domain name: amazon.ca
Domain status: registered
Creation date: 2000/09/19
Expiry date: 2017/07/16
Updated date: 2010/11/09
Registrar:
Name: Webnames.ca Inc.
Number: 70
Registrant:
Name: Amazon.com (TMA 499121)
Administrative contact:
Name: Amazon Hostmaster
Postal address: Legal Dept.
P.O. Box 81226
Seattle WA 98108-1226 United States
Phone: 1 206 2664064
Fax: 1 206 2667010
Email: hostmaster@amazon.com
Technical contact:
Name: Host Master
Postal address: Amazon.com Legal Dept.
1200 12th Avenue South
Suite Suite 1200
Seattle, WA 98144-2734 United States
Phone: +1 206 266 4064
Fax: +1 206 266 7010
Email: hostmaster@amazon.com
Name servers:
pdns1.ultradns.net
pdns5.ultradns.info
pdns3.ultradns.org
pdns4.ultradns.org
ns1.p31.dynect.net
ns2.p31.dynect.net
and with the script, it returns :
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
amazon.ca Unknown Unknown Unknown Unknown
thanks for your help!!
I will continue trying to do some debug but any help will be greatly appreciated.
Jose
I forgot to mentioned that I got an error with co.uk domains: amazon.co.uk
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
+ 12 - 3")syntax error: invalid arithmetic operator (error token is "
0 Amazon.com Expiring 05-Dec-2012
Thank you!!
Jose
bautistaj wrote:
I forgot to mentioned that I got an error with co.uk domains: amazon.co.uk
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
+ 12 - 3")syntax error: invalid arithmetic operator (error token is "
0 Amazon.com Expiring 05-Dec-2012
Thank you!!
Jose
Well, it looks like I am going to be debugging the script this weeked.. Grin..
I will get an updated one that will handle the .ca domain TLD structure better, and find out why the .co.uk subdomain stuff is broken. I know at one point it was working ok when I did the initial release, as I tested against theregsiter.co.uk. I will find out where my logic error is and get that corrected asap..
Well I figured out the problem with the .co.uk portion easily enough. Recent versions of jwhois have a bug (sorry, dont use it anymore if you are monitoring .uk domains)
chubbard@guyver-barn ~ $jwhois -h "whois.nic.uk" theregsiter.co.uk
[Querying whois.nic.uk]
[Unable to connect to remote host]
This is an easy fix, change line 118 to be active (remove the #) and put a # in front of the jwhois declaration on line 120 (comment it out).
The .ca domain was a bit more of a pain, since once again the date formats are different than elsewhere. You did great in making the first change that you did. The other parts were to allow the script to see the registrar's name, and find out where the expiration date is at. I have taken care of those, and will be updating the ZenPack to by default use a regular whois command, and it will now fully support the .ca domains. In the meantime, I am attaching the check_domain.sh script for you here so you dont have to wait. Just overwrite (or move) the old copy, and put this one in its place..
Thank you!
I will try that script and let you know if I have some issues..finally I'm not so bad "doing" some code
Thanks again!
Jose
I just ran some examples, and I saw that with some .CA domains, the calculation of the date of expiration is not correct :
[zenoss@MOP-ESM-MON-02 libexec]$ ./check_domain.sh -x 30 -d firepay.ca
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
firepay.ca Tucows.com Co. Expiring 18-02-2011 3
[zenoss@MOP-ESM-MON-02 libexec]$ ./check_domain.sh -x 30 -d optimalpayments.ca
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
optimalpayments.ca Tucows.com Co. Expiring 20-01-2011 5
[zenoss@MOP-ESM-MON-02 libexec]$ ./check_domain.sh -x 30 -d tradegard.ca
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
tradegard.ca Tucows.com Co. Expired 07-01-2011 -8
and other example :
[zenoss@MOP-ESM-MON-02 libexec]$ ./check_domain.sh -x 30 -d yahoo.ca
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
yahoo.ca Webnames.ca Inc. Valid 21-09-2012 371
From and including: Wednesday, December 15, 2010
To, but not including : Friday, September 21, 2012
It is 646 days from the start date to the end date, but not including the end date
Or 1 year, 9 months, 6 days excluding the end date
And with co.uk, I'm still having issues
[root@MOP-ESM-MON-02 libexec]# /opt/zenoss/libexec/check_domain.sh -x 30 -d amazon.co.uk
Domain Registrar Status Expires Days Left
--------------------------------------- -------------------- -------- ----------- ---------
+ 12 - 3")syntax error: invalid arithmetic operator (error token is "
0 Amazon.com Expiring 05-Dec-2012
Thanks for all your help!
Jose
Follow Us On Twitter »
|
Latest from the Zenoss Blog » | Community | Products | Services Resources | Customers Partners | About Us | ||
Copyright © 2005-2011 Zenoss, Inc.
|
||||||||