Xymon Mailing List Archive search

SSL checks no longer working on 4.3.26?

list Japheth Cleaver
Wed, 24 Feb 2016 08:22:27 -0800
Message-Id: <user-545a799c2abc@xymon.invalid>

Hi Josh,


Gotcha. Yes, as of Xymon 4.3.22 401's and 403's (all 4xx, really) are
considered alert states instead of green. Explicitly allowing them (or
taking a '301' from warning back to green) can be done, but it's not a
globally available option yet.


To change a specific test, use the 'httpstatus' prefix to the regular
HTTP(s) check:

192.168.0.0 foobar.com # https://secure.example.com/

192.168.0.0 foobar.com # httpstatus;https://secure.example.com/;403;


cf. https://xymon.com/help/manpages/man5/hosts.cfg.5.html#lbAR


HTH,
-jc


On Wed, February 24, 2016 8:11 am, Jason Chambers wrote:
Ahh, maybe that's it. All the HTTPS checks went to red stating Forbidden.
I guess it's actually parsing the state of the HTTP and not just checking
if the port is alive? Is there tag I can use that would do the old method
and just tell me if the port is up and responding, and not the HTTP
response codes?

Jason Chambers
Network Administrator | Geosoft
geosoft.com | blog | twitter | linkedIn | facebook | T +X XXX.XXX.XXXX
#344 | M +X XXX.XXX.XXXX


-----Original Message-----
From: J.C. Cleaver [mailto:user-87556346d4af@xymon.invalid]
Sent: February 24, 2016 11:09 AM
To: Jason Chambers <user-3fa671c0a30d@xymon.invalid>
Cc: Xymon Mailing List <xymon at xymon.com>
Subject: Re: SSL checks no longer working on 4.3.26?

On Wed, February 24, 2016 6:46 am, Jason Chambers wrote:
Hi All,

I just did an upgrade from 4.3.21 to 4.3.26 and all of a sudden all of
my SSL checks stopped working even though I configured the Makefile to
use SSL. Is there a change that I'm unaware of that I need to make? I
have reverted back to 4.3.21 for now.

Hi Jason,

There were some SSL certificate parsing fixes in 4.3.25, and a few
alterations in 4.3.22 to bring in additional certificate details, but
nothing that should have broken all SSL testing, nor any real changes in
the build process that I recall.

Are the tests reporting 'red' now, or simply 'purple' (not reporting at
all)?

Can you provide the system you're building on, and the config output? If
it's built properly, xymonnet should indicate the OpenSSL version it's
using near the top of its own test results. e.g.:

 xymonnet version 4.3.26
 SSL library : OpenSSL 1.0.1e 11 Feb 2013  LDAP library: OpenLDAP 20440

-jc