Skip to content

Commit

Permalink
Add riemann-tls-check to monitor TLS resources
Browse files Browse the repository at this point in the history
Add a riemann-tls-check that accept a list of URI of resources to check
TLS certificates. For each URI, resolve the IP addresses that provide
the service, and for each IP address generate 6 events for:

1. availability: state (reachability + status of all the following
   metrics);
2. not after: state + metric (number of seconds until the certificate is
   expired);
3. not before: state + metric (number of seconds since the certificate
   is valid);
4. identity: state (certificate subject match the URI hostname);
5. trust: state (validity of the certificate trust chain);
6. OCSP satus: state (validity of the OCSP status if applicable).

A STARTTLS handshake is automatically done for imap://, ldap:// and
smtp://; a protocol specific handshake is done for mysql:// and
postgres:// URI.
  • Loading branch information
smortex committed Jun 29, 2024
1 parent 100b59c commit 2225906
Show file tree
Hide file tree
Showing 7 changed files with 727 additions and 8 deletions.
8 changes: 8 additions & 0 deletions bin/riemann-tls-check
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/usr/bin/env ruby
# frozen_string_literal: true

Process.setproctitle($PROGRAM_NAME)

require 'riemann/tools/tls_check'

Riemann::Tools::TLSCheck.run
8 changes: 8 additions & 0 deletions lib/riemann/tools.rb
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,13 @@ def run
end

def tick; end

def endpoint_name(address, port)
if address.ipv6?
"[#{address}]:#{port}"
else
"#{address}:#{port}"
end
end
end
end
8 changes: 0 additions & 8 deletions lib/riemann/tools/http_check.rb
Original file line number Diff line number Diff line change
Expand Up @@ -323,14 +323,6 @@ def redact_uri(uri)
reported_uri.password = '**redacted**' if reported_uri.password
reported_uri
end

def endpoint_name(address, port)
if address.ipv6?
"[#{address}]:#{port}"
else
"#{address}:#{port}"
end
end
end
end
end
Loading

0 comments on commit 2225906

Please sign in to comment.