Hello There, Guest! Login Register
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Can NEMS check https/ssl on a server where ping is blocked?


Yesterday i installed NEMS version 1.5 on a Raspberry Pi2b to monitor a few websites. Most important for me is if the Let's Encrypt certificates are renewed in time. Sometimes this renewal failed and it took too long before i was aware. As far as i see now, NEMS is the solution for me to monitor this. I did the configuration of NEMS according the following document: https://magazine.odroid.com/article/intr...ems-linux/

For some reason my hosting provider sometimes blocks pings and he did this yesterday for about one hour. According to the support desk it had to do with a DDOS attack. During the time that the provider blocked pings (ICMP) NEMS told me that the Host was down but the service was up.

My conclusion is that the check for the host being up relies on pinging the host. 

My question is: how can i configure NEMS in a way that the check does not depend on pinging the server?

Any help would be appreciated.

Regards and thanks to the developer for this nice peace of tooling.

It took me a few days of puzzeling and getting acquainted with NEMS/Nagios but I think I found the solution. Under Misccommands i created a check_host_alive_tcp with the following command line: $USER1$/check_tcp -H $HOSTADDRESS$ -p 80.
Under Host presets I selected the check_host_alive_tcp in stead of check-host-alive-v4.
At this very moment all hosts have status UP although ping is disabled.

It looks like this solved my 'problem' Wink

For now I'm a happy user of NEMS.
It seems like your raw tcp approach worked. But I think the proper way to configure it is as follows:

The -S is for https and the -p is for the port. 

Thanks a lot for your advice. I will reconfigere NEMS as soon as someone has an answer on my other thread (https://forum.category5.tv/thread-561.html)
When reconfiguring i will take your advice into account.
I'm new to this as well so take my advice with a grain of salt. It just seems to me to use the service specific check command rather than raw TCP connection seemed more logical. I'm not sure what the pros/cons would be.
Forum Jump:

Users browsing this thread: 1 Guest(s)