Content check question
list Scot Kreienkamp
Hey guys, I'm trying to build a content check to one of our internal servers. Here's what I've specified in the content check: cont=http-content;http://192.168.10.110 /Main/login.do\?userName=*****\&userPass=*****\&pcno=***;true I know the URL works, I can do it from the command line: [hobbit at retv6100 bb-hosts-includes]$ curl http://192.168.10.110/Main/login.do\?userName=*****\&userPass=*****\&pcno=*** And it returns: <loginResult loggedin='true' userloginid='1070002' pcid='****' address=******' session='ACAEB9D8C0C6D8D32824F977A1AEB2E3' /> But the test on Xymon returns "No output received from server". I'm stumped how it can be getting no output? Can anyone enlighten me? Scot Kreienkamp | Senior Systems Engineer | La-Z-Boy Incorporated 1284 N. Telegraph Rd. | Monroe, MI 48162 | user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid> | www.la-z-boy.com<http://www.la-z-boy.com/>; This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
list Jeremy Laidman
On 11 October 2013 08:14, Scot Kreienkamp <user-462cf0b6d846@xymon.invalid> wrote:
cont=http-content;http://192.168.10.110/Main/login.do\?userName=*****\&userPass=*****\&pcno=***;true
Firstly, there's a space after the IP address and the "/". Is this space
in your hosts.cfg? Spaces are not allowed in a "cont" clause.
Secondly, check that the URL is being sent as you expect it to. Can you
check the web server logs, or use tcpdump/snoop/wireshark to view the URL
that was sent to the web server? I wonder if the "\?" and "\&" are being
sent literally, because the escaping is not for the URL, only for the
matching regexp. Try just removing the backslashes and see if it works.
Alternatively, replace them with their URL-escaped equivalents ("%3F" for
"?" and "%26" for "&").
J
list Scot Kreienkamp
Thank you for the TCP dump idea Jeremy, that was spot on. I assumed that I had to escape the special characters in the URL as I did on the command line. Apparently Xymon already takes care of that for me. When I looked at the dump the escapes were being passed straight through. As soon as I took them out I started getting the true response that I was looking for. There was no space, that's my email client being "helpful".
▸
Scot Kreienkamp | Senior Systems Engineer | La-Z-Boy Incorporated 1284 N. Telegraph Rd. | Monroe, MI 48162 | user-9678697f1438@xymon.invalid<mailto:user-9678697f1438@xymon.invalid> | www.la-z-boy.com<http://www.la-z-boy.com/>; From: Jeremy Laidman [mailto:user-71895fb2e44c@xymon.invalid] Sent: Thursday, October 10, 2013 7:39 PM To: Scot Kreienkamp Cc: xymon at xymon.com Subject: Re: [Xymon] Content check question On 11 October 2013 08:14, Scot Kreienkamp <user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>> wrote:
cont=http-content;http://192.168.10.110 /Main/login.do\?userName=*****\&userPass=*****\&pcno=***;true
▸
Firstly, there's a space after the IP address and the "/". Is this space in your hosts.cfg? Spaces are not allowed in a "cont" clause.
Secondly, check that the URL is being sent as you expect it to. Can you check the web server logs, or use tcpdump/snoop/wireshark to view the URL that was sent to the web server? I wonder if the "\?" and "\&" are being sent literally, because the escaping is not for the URL, only for the matching regexp. Try just removing the backslashes and see if it works. Alternatively, replace them with their URL-escaped equivalents ("%3F" for "?" and "%26" for "&").
J
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
list Jeremy Laidman
▸
On 11 October 2013 12:34, Scot Kreienkamp <user-462cf0b6d846@xymon.invalid> wrote:
Thank you for the TCP dump idea Jeremy, that was spot on. I assumed that I had to escape the special characters in the URL as I did on the command line. Apparently Xymon already takes care of that for me.
Not quite. What was most likely happening is that your shell was interpreting the "&" character for you (to put the command to that point into background), and you needed to escape it to prevent this from happening. Xymon didn't take care of these for you, it simply doesn't use special characters, other than the space character, in this context. It's unlikely that the "?" needed escaping on the command line. A "?" causes the shell to try a glob match on a filename, but you probably don't have a filename matching "cont=...?..." and so it didn't expand to anything when not escaped. In the shell, "\?" is treated the same as "?" if there is no glob match, which is why it worked.
▸
When I looked at the dump the escapes were being passed straight through.As soon as I took them out I started getting the true response that I was looking for.
Glad to hear it.
There was no space, that’s my email client being “helpful”.
Ah yes. When computers try to be helpful, they don't always succeed. J