I want to create a nagios check of my secure website. All the check needs to do is login to the site with login details that I pass the script.
Does anyone know of a plugin or script that will allow me to do this?
I have tried using check_http, but I get success even if the website is redirected to an error page.
I have tried using check_http but I get success even if the website is redirected to an error page
This can be solved with check_http --expect. Here is the documentation from check_http --help:
-e, --expect=STRING Comma-delimited list of strings, at least one of them is expected in the first (status) line of the server response (default: HTTP/1.) If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)
The following example will return an 'OK' for a 200 OK HTTP response code, but will give a critical error for a 302 redirect.
host % check_http --expect=200
HTTP CRITICAL - Invalid HTTP response received from host: HTTP/1.0 301 OK
For a secure website (over SSL), and authentication, also check out the check_http --ssl and the --authorization flags.
-S, --ssl Connect via SSL. Port defaults to 443
-a, --authorization=AUTH_PAIR Username:password on sites with basic authentication
Or, perhaps you don't actually want to log into the system but just want to make sure that the page requires a username/password, because that username/password can become a security concern. In that case, try something like the following/ 401 is the HTTP response code for 'Unauthorized' or 'Authorization Required'-- the 401 is mandatory, the text string afterwards is optional and may say one of several different things, so I just tell Nagios to expect 401.
check_http --expect="401"
You can create more complex checks (in the spirit of Behavior Driven Development/Monitoring) with Cucumber-Nagios.
