notes:zabbix:certificate_monitoring
This is an old revision of the document!
Table of Contents
Certificate monitoring with Zabbix Agent 2
Overview
- Details for each individual FQDN are stored in json files.
- each json file contains the following information
json monitoring files
{
"hostname": "example.com",
"ip_address": "",
"port": "443",
"warning_days": "25",
"critical_days": "10",
"contact": "somebody to contact here",
"ticket": "abc-1234"
}
- hostname: name of host to monitor
- ip_address: if you need to check a specific ip address
- port: tcp port to check
- warning_days: number of days till expiration that a warning will alert will trigger
- critical_days: number of days till expiration that a critical will alert will trigger
- contact: contact information for this specific certificate
- ticket: ticket number used to track the creation of the monitoring
*N.B.*
- all fields are mandatory.
- the template doesn't currently handle missing fields cleanly.
setup
- install jq to parse the json files , and Zabbix Agent 2
- configure zabbix agent to allow 'system.run[]'
- place json files in /certs/public/
- add discover-certs.sh script to /zabbix/bin/ directory
- should probably be done via external scripts directory
script
discover-certs.sh
#!/bin/sh DIR="${1}" if [ ! -d "${DIR}" ];then echo "${DIR} does not exist" exit 1 fi jq -s '.' "${DIR}"/*.json
an item “get hosts to monitor” that will gather the json files ( tag: Application: Certificate Monitoring Discovery)
Discovery
For discovery:
- Create a discovery rule as a dependent item of “get hosts to monitor”
- preprocessing to create LLD macros
{#CERT_EXPIRY_CRITICAL_DAYS} : $.critical_days
{#CERT_EXPIRY_WARNING_DAYS} : $.warning_days
{#CONTACT_INFO} : $.contact
{#CRITICAL_DAYS} : $.critical_days
{#HOSTNAME} : $.hostname
{#IP_ADDRESS} : $.ip_address
{#PORT} : $.port
Item prototypes
Trigger prototypes
notes/zabbix/certificate_monitoring.1731555759.txt.gz · Last modified: by david