sslcert test frequency
list John Rothlisberger
Is there a way to limit the number of times a test runs for an sslcert check? The results of the tests are measured in days and there is no point in testing this really every 5 minutes. Just for verbosities sake - this is what my host.cfg entry looks like: 0.0.0.0 serverA.mydomain.com # noconn DOWNTIME=06:0700:1200 badconn:1:1:2 NOCOLUMNS:http --sslwarn=60 --sslalarm=21 https://serverA.mydomain.com I have looked through the docs and didn't see anything obvious - so, I apologize if I missed it. Thanks, John John Rothlisberger Senior Analyst Application & Technology Integration Implementation & Managed Services for Business Process Outsourcing IT Strategy, Infrastructure & Security - Technology Growth Platform Accenture XXX.XXX.XXXX office This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
list Henrik Størner
▸
Den 07-04-2011 20:33, user-7adce57665bb@xymon.invalid skrev:
Is there a way to limit the number of times a test runs for an sslcert check? The results of the tests are measured in days and there is no point in testing this really every 5 minutes.
The sslcert check is essentially "free" - whenever you connect to an https-webserver, the certificate is provided as part of the SSL handshake. So there really is no overhead involved in checking this every 5 minutes. Regards, Henrik
list John Rothlisberger
Yes, that is true if I was also checking the status of the connection or content. In this case, all I care about is the sslcert. I would prefer not to do any more tests then necessary - in this case maybe 4 times per day.
▸
Thanks,
John
John Rothlisberger
Senior Analyst
Application & Technology Integration
Implementation & Managed Services for Business Process Outsourcing
IT Strategy, Infrastructure & Security - Technology Growth Platform
Accenture
XXX.XXX.XXXX office
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Henrik Størner
Sent: Thursday, April 07, 2011 3:11 PM
To: xymon at xymon.com
Subject: Re: [Xymon] sslcert test frequency
Den 07-04-2011 20:33, user-7adce57665bb@xymon.invalid skrev:Is there a way to limit the number of times a test runs for an sslcert check? The results of the tests are measured in days and there is no point in testing this really every 5 minutes.
The sslcert check is essentially "free" - whenever you connect to an https-webserver, the certificate is provided as part of the SSL handshake. So there really is no overhead involved in checking this every 5 minutes. Regards, Henrik This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
list Henrik Størner
Yes, that is true if I was also checking the status of the connection or content. In this case, all I care about is the sslcert. I would prefer not to do any more tests then necessary - in this case maybe 4 times per day.
The general solution to run network tests at different intervals is to "abuse" the Xymon 'NET:foo' definition in hosts.cfg, and then run an
instance of xymonnet to handle just those tests.
1) In hosts.cfg, add a "NET:4perday" to the hosts you want this for. Leave the other hosts unchanged.
2) Set the XYMONNETWORK setting in xymonserver.cfg to XYMONSERVER="standard" - this is for the normal every-5-minutes tests.
3) Change the xymonnet task definition in tasks.cfg: Add the option "--test-untagged" to the xymonnet commandline.
4) Create this shell script in $XYMONHOME/ext/4perday.sh :
#!/bin/sh
XYMONNETWORK=4perday
export XYMONNETWORK
xymonnet --ping --checkresponse
exit 0
5) Add a custom task to tasks.cfg like this to run the 4-per-day tests:
[4perday]
CMD $XYMONHOME/ext/4perday.sh
INTERVAL 6h
Steps 2) and 3) are needed to keep the regular xymonnet task from testing all hosts, but still check all those hosts that don't have a "NET:..." definition.
Regards,
Henrik
list John Rothlisberger
Yep, that is abuse! :) Thanks for the info!
▸
Thanks,
John
John Rothlisberger
Senior Analyst
Application & Technology Integration
Implementation & Managed Services for Business Process Outsourcing
IT Strategy, Infrastructure & Security - Technology Growth Platform
Accenture
XXX.XXX.XXXX office
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Henrik Størner
Sent: Friday, April 08, 2011 8:15 AM
To: xymon at xymon.com
Subject: Re: [Xymon] sslcert test frequency
Yes, that is true if I was also checking the status of the connection or content. In this case, all I care about is the sslcert. I would prefer not to do any more tests then necessary - in this case maybe 4 times per day.
The general solution to run network tests at different intervals is to
"abuse" the Xymon 'NET:foo' definition in hosts.cfg, and then run an
instance of xymonnet to handle just those tests.
1) In hosts.cfg, add a "NET:4perday" to the hosts you want this for.
Leave the other hosts unchanged.
2) Set the XYMONNETWORK setting in xymonserver.cfg to
XYMONSERVER="standard" - this is for the normal every-5-minutes tests.
3) Change the xymonnet task definition in tasks.cfg: Add the option
"--test-untagged" to the xymonnet commandline.
4) Create this shell script in $XYMONHOME/ext/4perday.sh :
#!/bin/sh
XYMONNETWORK=4perday
export XYMONNETWORK
xymonnet --ping --checkresponse
exit 0
5) Add a custom task to tasks.cfg like this to run the 4-per-day tests:
[4perday]
CMD $XYMONHOME/ext/4perday.sh
INTERVAL 6h
Steps 2) and 3) are needed to keep the regular xymonnet task from
testing all hosts, but still check all those hosts that don't have a
"NET:..." definition.
Regards,
Henrik
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.