blackbox for checking ldap certificate?
1,376 views
Skip to first unread message
lroch...@leapfrogonline.com
Apr 23, 2018, 5:04:20 PM4/23/18
to Prometheus Users
Hello,
I'm looking to check the expiration of certificates on our AD servers, and thought maybe the blackbox exporter would work. However it seems that there's a protocol mismatch, as I think blackbox is using https and the AD servers don't respond to https requests. I can check via an openssl command however. Does anyone know if there's a way to get blackbox to work for this? If not, is writing a custom exporter using openssl the best option?
I'm looking to check the expiration of certificates on our AD servers, and thought maybe the blackbox exporter would work. However it seems that there's a protocol mismatch, as I think blackbox is using https and the AD servers don't respond to https requests. I can check via an openssl command however. Does anyone know if there's a way to get blackbox to work for this? If not, is writing a custom exporter using openssl the best option?
thanks,
luther
Brian Brazil
Apr 23, 2018, 5:07:25 PM4/23/18
to lroch...@leapfrogonline.com, Prometheus Users
On 23 April 2018 at 22:04, lrochester via Prometheus Users <promethe...@googlegroups.com> wrote:
Hello,
I'm looking to check the expiration of certificates on our AD servers, and thought maybe the blackbox exporter would work. However it seems that there's a protocol mismatch, as I think blackbox is using https and the AD servers don't respond to https requests. I can check via an openssl command however. Does anyone know if there's a way to get blackbox to work for this? If not, is writing a custom exporter using openssl the best option?
lroch...@leapfrogonline.com
Apr 23, 2018, 5:29:27 PM4/23/18
to Prometheus Users
Ooh I'll look into that, thanks!
Luther
Message has been deleted
lroch...@leapfrogonline.com
Apr 26, 2018, 1:49:58 AM4/26/18
to Prometheus Users
For posterity, here's what I ended up adding which works great:
prometheus.yml:
- job_name: 'ldap_cert_check'
scrape_interval: 1h
metrics_path: /probe
params:
module: [tcp_cert]
static_configs:
- targets:
- '<hostname>:636'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # Blackbox exporter.
blackbox_exporter.yml
tcp_cert:
prober: tcp
timeout: 5s
tcp:
tls: true
alert:
- alert: ldap_cert_expiration
expr: round((probe_ssl_earliest_cert_expiry - time()) / 86402) < 10
labels:
severity: warning
audience: "hammertime"
annotations:
summary: "`{{ $labels.instance }}` has an ldap cert which will expire in {{ $value }} days."
description: "The ldap certificate is expiring soon."
Reply all
Reply to author
Forward
0 new messages