Monitoring Network from a distance ?

[Ilhem Hamdi]

Hello,

I would like to Monitor VIP on F5 by : 

- Monitoring  the ssl certfications

- Monitoring the status of VIP ( Up /down)

The probleme is I don't have access on F5 , all I have is the URLS  to check the connectivity of the VIP or I use curl command  to check the expiration of certifcations  I need to Monitor these VIP via Prometheus ans send alerts to clients .  I konw that you can configure exporter to do the job for you but  is it possible if you don't have acess to network equipeemnt  ? any recommendation  ?

Thanks 

[Brian Brazil]

You want the blackbox exporter: https://www.robustperception.io/checking-for-http-200s-with-the-blackbox-exporter 

--

Brian Brazil

www.robustperception.io

[Cameron Kerr]

If you have a VIP, then chances are you have multiple servers behind it and have some type of health-check URI/mechanism in place (or using a default one, such as whether a TCP connection or ICMP ping succeeds).

I would suggest that you use the blackbox_exporter, but you use it to monitor:

* each backends healthcheck (directly, in the same manner that your load-balancer would) --- this will help you know when your application is ABOUT to fail (eg. a rolling upgrade is causing things to fall out of the load-balancer).

* each backends application statistics (this could be a combination of things like node_exporter, plus perhaps things like node_exporter's file metrics, or jmx_exporter, or ....

* the application as experienced at the front-door(s). You might also imagine having multiple targets for this if you have multiple points of presence for your application (eg. CDNs) or just want to test from different places.

* test SSL certificates too (I believe you can do this using blackbox_exporter, but I haven't looked myself). If you terminate SSL in multiple places (eg. your load-balancer deployment is layer-4 and not layer-7) then monitor all of these places.

* if testing per-server application readiness/health which is designed to bust through caching layers and exercise the various backends such as database and storage, then you might want to change the scrape interval for that... or use something like node_exporter with the file metrics so you can have some other testing/readiness engine running tests and then reporting the results quickly.

Note that load-balancer configuration may influence error behaviour. For example, if the VIP goes down, does ARP respond? If it doesn't, then that may cause probes to take much longer before timing out, so be mindful of timeout settings for blackbox_exporter and tune if required.

You didn't say whether you had access to the various backends, so I've made some assumptions here, as if you're like where I work, you have access to the servers, but perhaps not access to the load-balancer.

There's lots to think about with this topic; just take what's useful.

Cheers,

Cameron

[Ilhem Hamdi]

Thanks a lot for your responses .

From  the initial testes Black box exporter works just fine for me . thanks for the suggestion.

Yes, I do have access to the backends servers 

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/08371e91-ec74-4c0d-bc66-3a3a2c4dd024%40googlegroups.com.