how to check smtps, pop3s, imaps, ldpas withy nrpe ?

J. Bakshi joydeep at infoservices.in
Tue Sep 2 12:31:35 CEST 2008


Alex Dehaini wrote:
> So, check_tcp worked for smtp? but not for ftps?

Exactly.

1> SMTPS is not working at all with check_smtp  :-(

2> chekck_ftp is working without -S !!!  but not with -S ;
though it is not possible to loginto my ftpserver ( using lftp, filezilla)



>
> On Tue, Sep 2, 2008 at 10:15 AM, J. Bakshi <joydeep at infoservices.in
> <mailto:joydeep at infoservices.in>> wrote:
>
>     Alex Dehaini wrote:
>     > Use check_tcp or check_udp to see if you can connect to these ports
>
>     Here is for ftp port
>     ~~~~~~~~~~~~~~~
>
>     ./check_tcp -H localhost -p 60021
>     TCP OK - 0.003 second response time on port 60021
>     |time=0.002922s;0.000000;0.000000;0.000000;10.000000
>
>     ./check_tcp -H localhost -p 60021 -S
>     CRITICAL - Cannot make  SSL connection 15556:error:140770FC:SSL
>     routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478:
>
>
>     Here is for smtps
>     ~~~~~~~~~~~~~~~
>
>     ./check_tcp -H localhost -p 465
>     TCP OK - 0.001 second response time on port 465
>     |time=0.000886s;0.000000;0.000000;0.000000;10.000000
>
>     ./check_tcp -H localhost -p 465 -S
>     TCP OK - 0.119 second response time on port 465
>     |time=0.118984s;0.000000;0.000000;0.000000;10.000000
>
>
>     thanks
>     >
>     > Lex
>     >
>     > On Tue, Sep 2, 2008 at 9:42 AM, J. Bakshi
>     <joydeep at infoservices.in <mailto:joydeep at infoservices.in>
>     > <mailto:joydeep at infoservices.in
>     <mailto:joydeep at infoservices.in>>> wrote:
>     >
>     >     Alex Dehaini wrote:
>     >     > Your smtp server and your ftp server, are they different from
>     >     your pop
>     >     > and imap server?
>     >     >
>     >     > Your imaps and pop3s are connected locally i.e. on the
>     nagios server
>     >     > if I am correct? Your ftp and smtp are not. Is this correct?
>     >     >
>     >
>     >     Hi Alex,
>     >
>     >     My ftp (vsftpd with ssl support), postfix, Cyrus all are in
>     the same
>     >     server where nrpe is running.
>     >     thanks
>     >
>     >
>     >
>     >
>     >
>     >     > Lex
>     >     >
>     >     > On Tue, Sep 2, 2008 at 9:26 AM, J. Bakshi
>     >     <joydeep at infoservices.in <mailto:joydeep at infoservices.in>
>     <mailto:joydeep at infoservices.in <mailto:joydeep at infoservices.in>>
>     >     > <mailto:joydeep at infoservices.in
>     <mailto:joydeep at infoservices.in>
>     >     <mailto:joydeep at infoservices.in
>     <mailto:joydeep at infoservices.in>>>> wrote:
>     >     >
>     >     >     Arno Lehmann wrote:
>     >     >     > Hello,
>     >     >     >
>     >     >     > please respond to the list.
>     >     >     >
>     >     >     > 02.09.2008 10:44, J. Bakshi wrote:
>     >     >     >
>     >     >     >> Arno Lehmann wrote:
>     >     >     >>
>     >     >     >>> Hi,
>     >     >     >>>
>     >     >     >>> 02.09.2008 09:37, J. Bakshi wrote:
>     >     >     >>>
>     >     >     >>>> Dear list,
>     >     >     >>>>
>     >     >     >>>> I have installed
>     >     >     >>>>
>     >     >     >>>> nagios-nrpe   2.0
>     >     >     >>>> nagios-plugins  1.4
>     >     >     >>>> nagios-plugins-extras 1.4
>     >     >     >>>>
>     >     >     >>>> How can I check smtps, ldaps, pop3s, imaps  with
>     nrpe ?
>     >     >     >>>> the default check_smtp ; check_imap etc can't
>     check the SSL
>     >     >     version of
>     >     >     >>>> the services.
>     >     >     >>>>
>     >     >     >>> Mine can; call them with -h for help and read the
>     output. I
>     >     >     usually
>     >     >     >>> use the -S swich plus, as needed, -p for the
>     target port.
>     >     >     >>>
>     >     >     >>> Example output:
>     >     >     >>> $ /usr/local/nagios3/libexec/check_imap -H
>     192.168.1.2 <http://192.168.1.2>
>     >     <http://192.168.1.2>
>     >     >     <http://192.168.1.2> -S -p 993 -D 12
>     >     >     >>> OK - Certificate will expire on 04/27/2009 21:13.
>     >     >     >>> IMAP OK - 0.060 second response time on port 993 [* OK
>     >     IMAP4 Ready
>     >     >     >>> balrog.privat.lehleute.de
>     <http://balrog.privat.lehleute.de>
>     >     <http://balrog.privat.lehleute.de>
>     <http://balrog.privat.lehleute.de>
>     >     >     0001b1a4]|time=0.059891s;;;0.000000;10.000000
>     >     >     >>>
>     >     >     >>>
>     >     >     >> Hi Arno,
>     >     >     >>
>     >     >     >> first of all thanks for your kind response. I have
>     also found
>     >     >     the "-S"
>     >     >     >> option but the story is different here and it is
>     >     >     >> negative :-(
>     >     >     >>
>     >     >     >> here is the nmap output which proves the required port
>     >     are open
>     >     >     >>
>     >     >     >
>     >     >     > It does not actually prove the services are listening on
>     >     localhost,
>     >     >     > and that access is not filtered, for example by
>     hosts files.
>     >     >     >
>     >     >     >
>     >     >     >> PORT     STATE SERVICE
>     >     >     >> 25/tcp   open  smtp
>     >     >     >> 80/tcp   open  http
>     >     >     >> 143/tcp  open  imap
>     >     >     >> 389/tcp  open  ldap
>     >     >     >> 443/tcp  open  https
>     >     >     >> 465/tcp  open  smtps
>     >     >     >> 993/tcp  open  imaps
>     >     >     >> 995/tcp  open  pop3s
>     >     >     >> 1234/tcp open  hotline
>     >     >     >> 2000/tcp open  callbook
>     >     >     >> 3306/tcp open  mysql
>     >     >     >>
>     >     >     >> more important I can use the SSL enabled services, like
>     >     pop3s ,
>     >     >     smtps etc...
>     >     >     >>
>     >     >     >> If I check with check_smtp I get the following
>     >     >     >>
>     >     >     >> /usr/lib/nagios/plugins/check_smtp -H localhost  -p 465
>     >     -S  -v
>     >     >     >> CRITICAL - Socket timeout after 10 seconds
>     >     >     >>
>     >     >     >
>     >     >     > Check with the ip address that is usually used - it's
>     >     quite possible
>     >     >     > the service is not bound to localhost.
>     >     >     >
>     >     >     >
>     >     >     >> And here is the check fir ftp :-(
>     >     >     >>
>     >     >     >> /usr/lib/nagios/plugins/check_ftp -H localhost  -p
>     60021
>     >     -S  -v
>     >     >     >> CRITICAL - Cannot make  SSL connection
>     >     13948:error:140770FC:SSL
>     >     >     >> routines:SSL23_GET_SERVER_HELLO:unknown
>     >     protocol:s23_clnt.c:478:
>     >     >     >>
>     >     >     >> Plese note I am practically using ftps, smtps, pop3s
>     >     >     >>
>     >     >     >> I have no clue really.
>     >     >     >> Hope you can enlighten me to point out my mistake.
>     >     >     >>
>     >     >     >
>     >     >     > Try what I suggested... that's what I'd do now.
>     >     >     >
>     >     >     > Arno
>     >     >     >
>     >     >
>     >     >     Dear Arno and Alex,
>     >     >
>     >     >     thanks a lot for your kind guidance.
>     >     >
>     >     >     Arno, I have also checked with IP but no success.
>     >     >
>     >     >     Here is some more feedback which you can find interesting
>     >     >
>     >     >     #### IMAPS successful ##########
>     >     >
>     >     >     /usr/lib/nagios/plugins/check_imap -H localhost  -p 993 -S
>     >     -w 5 -c
>     >     >     8 -t 10
>     >     >     IMAP OK - 0.099 second response time on port 993 [* OK
>     >      Cyrus IMAP4
>     >     >     v2.2.12 server ready]
>     >     >     |time=0.098621s;5.000000;8.000000;0.000000;10.000000
>     >     >
>     >     >     ######## POP3S  successful ##########
>     >     >     /usr/lib/nagios/plugins/check_pop -H localhost  -p 995
>      -w 5
>     >     -c 8
>     >     >     -t 10 -S
>     >     >     POP OK - 0.101 second response time on port 995 [+OK
>     >     lvps87­230­8­228.
>     >     >     Cyrus POP3 v2.2.12 server ready
>     >     >
>     >    
>     <4156316096.1220347347 at lvps87­230­8­228.dedicated.hosteurope.de
>     <http://228.dedicated.hosteurope.de>
>     >     <http://228.dedicated.hosteurope.de>
>     >     >     <http://228.dedicated.hosteurope.de>>]
>     >     >     |time=0.101278s;5.000000;8.000000;0.000000;10.000000
>     >     >
>     >     >     ######## SMTPS failed but telnet successful #########
>     >     >
>     >     >     /usr/lib/nagios/plugins/check_smtp -H   <replaced by my
>     >     server IP>
>     >     >       -p
>     >     >     465 -w 5 -c 8 -t 10 -S
>     >     >     CRITICAL - Socket timeout after 10 seconds
>     >     >
>     >     >     telnet 87.230.8.228 <http://87.230.8.228>
>     <http://87.230.8.228>
>     >     <http://87.230.8.228> 465
>     >     >     Trying 87.230.8.228...
>     >     >     Connected to 87.230.8.228 <http://87.230.8.228>
>     <http://87.230.8.228>
>     >     <http://87.230.8.228>.
>     >     >     Escape character is '^]'.
>     >     >
>     >     >     quit
>     >     >     quit
>     >     >     Connection closed by foreign host.
>     >     >
>     >     >
>     >     >     ####### FTPS failed but successful by telnet
>     ###############33
>     >     >
>     >     >     /usr/lib/nagios/plugins/check_ftp -H  <replaced by my
>     server
>     >     IP>   -p
>     >     >     60021 -w 5 -c 8 -t 10 -S
>     >     >     CRITICAL - Cannot make  SSL connection
>     30050:error:140770FC:SSL
>     >     >     routines:SSL23_GET_SERVER_HELLO:unknown
>     protocol:s23_clnt.c:478:
>     >     >
>     >     >     telnet localhost 60021
>     >     >     Trying 127.0.0.1...
>     >     >     Connected to localhost.
>     >     >     Escape character is '^]'.
>     >     >     220 *******This server is configured by Jatasankar*******
>     >     >
>     >     >     530 Please login with USER and PASS.
>     >     >
>     >     >     530 Please login with USER and PASS.
>     >     >     quit
>     >     >     221 Goodbye.
>     >     >     Connection closed by foreign host.
>     >     >
>     >     >
>     >     >     Any clue ?
>     >     >     thanks
>     >     >
>     >     >
>     >     >
>     >     >
>     >     >     >
>     >     >     >> with many thanks
>     >     >     >>
>     >     >     >>
>     >     >     >>> Arno
>     >     >     >>>
>     >     >     >>>
>     >     >     >>>> thanks
>     >     >     >>>>
>     >     >     >>>>
>     >     >     >>>>
>     >     >     >>
>     >     >     >
>     >     >     >
>     >     >
>     >     >
>     >     >     --
>     >     >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >     >     Joydeep Bakshi, Linux System Admin
>     >     >     Kolkatainfoservices Pvt Ltd,
>     >     >     23A Royd Street, Kolkata 700016, India
>     >     >     Work Phone 91 033 40014784
>     >     >     http://infoservices.in/
>     >     >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >     >
>     >     >
>     >     >
>     >     >
>     >     > --
>     >     > Alex Dehaini
>     >     > Developer
>     >     > Site - www.alexdehaini.com <http://www.alexdehaini.com>
>     <http://www.alexdehaini.com>
>     >     <http://www.alexdehaini.com>
>     >     > Email - alexdehaini at gmail.com
>     <mailto:alexdehaini at gmail.com> <mailto:alexdehaini at gmail.com
>     <mailto:alexdehaini at gmail.com>>
>     >     <mailto:alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>
>     <mailto:alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>>>
>     >
>     >
>     >     --
>     >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >     Joydeep Bakshi, Linux System Admin
>     >     Kolkatainfoservices Pvt Ltd,
>     >     23A Royd Street, Kolkata 700016, India
>     >     Work Phone 91 033 40014784
>     >     http://infoservices.in/
>     >     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >
>     >
>     >
>     >
>     > --
>     > Alex Dehaini
>     > Developer
>     > Site - www.alexdehaini.com <http://www.alexdehaini.com>
>     <http://www.alexdehaini.com>
>     > Email - alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>
>     <mailto:alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>>
>
>
>     --
>     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     Joydeep Bakshi, Linux System Admin
>     Kolkatainfoservices Pvt Ltd,
>     23A Royd Street, Kolkata 700016, India
>     Work Phone 91 033 40014784
>     http://infoservices.in/
>     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
> -- 
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com <http://www.alexdehaini.com>
> Email - alexdehaini at gmail.com <mailto:alexdehaini at gmail.com>


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joydeep Bakshi, Linux System Admin
Kolkatainfoservices Pvt Ltd,
23A Royd Street, Kolkata 700016, India
Work Phone 91 033 40014784
http://infoservices.in/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list