Certificate monitoring with Zabbix Agent 2
===== Overview =====
- Details for each individual FQDN are stored in json files.
- each json file contains the following information
==== json monitoring files ====
{
"hostname": "example.com",
"ip_address": "",
"port": "443",
"warning_days": "25",
"critical_days": "10",
"contact": "somebody to contact here",
"ticket": "abc-1234"
}
- hostname: name of host to monitor
- ip_address: if you need to check a specific ip address
- port: tcp port to check
- warning_days: number of days till expiration that a warning will alert will trigger
- critical_days: number of days till expiration that a critical will alert will trigger
- contact: contact information for this specific certificate
- ticket: ticket number used to track the creation of the monitoring
*N.B.*
- all fields are mandatory.
- the template doesn't currently handle missing fields cleanly.
===== setup =====
- install jq to parse the json files , and Zabbix Agent 2
- configure zabbix agent to allow 'system.run[]'
- place json files in /certs/public/
- add discover-certs.sh script to /zabbix/bin/ directory
- should probably be done via external scripts directory
-
==== script ====
discover-certs.sh
#!/bin/sh
DIR="${1}"
if [ ! -d "${DIR}" ];then
echo "${DIR} does not exist"
exit 1
fi
jq -s '.' "${DIR}"/*.json
an item "get hosts to monitor" that will gather the json files ( tag: Application: Certificate Monitoring Discovery)
==== Discovery ====
For discovery:
- Create a discovery rule as a dependent item of "get hosts to monitor"
- preprocessing to create LLD macros
{#CERT_EXPIRY_CRITICAL_DAYS} : $.critical_days
{#CERT_EXPIRY_WARNING_DAYS} : $.warning_days
{#CONTACT_INFO} : $.contact
{#CRITICAL_DAYS} : $.critical_days
{#HOSTNAME} : $.hostname
{#IP_ADDRESS} : $.ip_address
{#PORT} : $.port
=== Item prototypes ===
Item prototypes
Item prototype 1
Name: cert monitor for {#HOSTNAME}:{#PORT} {#IP_ADDRESS}
=== Trigger prototypes ===
Trigger prototypes