<div dir="ltr">So, check_tcp worked for smtp? but not for ftps? <br><br><div class="gmail_quote">On Tue, Sep 2, 2008 at 10:15 AM, J. Bakshi <span dir="ltr"><<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">Alex Dehaini wrote:<br>
> Use check_tcp or check_udp to see if you can connect to these ports<br>
<br>
</div>Here is for ftp port<br>
~~~~~~~~~~~~~~~<br>
<br>
./check_tcp -H localhost -p 60021<br>
TCP OK - 0.003 second response time on port 60021<br>
|time=0.002922s;0.000000;0.000000;0.000000;10.000000<br>
<br>
./check_tcp -H localhost -p 60021 -S<br>
CRITICAL - Cannot make SSL connection 15556:error:140770FC:SSL<br>
<div class="Ih2E3d">routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478:<br>
<br>
<br>
</div>Here is for smtps<br>
~~~~~~~~~~~~~~~<br>
<br>
./check_tcp -H localhost -p 465<br>
TCP OK - 0.001 second response time on port 465<br>
|time=0.000886s;0.000000;0.000000;0.000000;10.000000<br>
<br>
./check_tcp -H localhost -p 465 -S<br>
TCP OK - 0.119 second response time on port 465<br>
|time=0.118984s;0.000000;0.000000;0.000000;10.000000<br>
<br>
<br>
thanks<br>
><br>
> Lex<br>
><br>
<div class="Ih2E3d">> On Tue, Sep 2, 2008 at 9:42 AM, J. Bakshi <<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a><br>
</div><div class="Ih2E3d">> <mailto:<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>>> wrote:<br>
><br>
> Alex Dehaini wrote:<br>
> > Your smtp server and your ftp server, are they different from<br>
> your pop<br>
> > and imap server?<br>
> ><br>
> > Your imaps and pop3s are connected locally i.e. on the nagios server<br>
> > if I am correct? Your ftp and smtp are not. Is this correct?<br>
> ><br>
><br>
> Hi Alex,<br>
><br>
> My ftp (vsftpd with ssl support), postfix, Cyrus all are in the same<br>
> server where nrpe is running.<br>
> thanks<br>
><br>
><br>
><br>
><br>
><br>
> > Lex<br>
> ><br>
> > On Tue, Sep 2, 2008 at 9:26 AM, J. Bakshi<br>
> <<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a> <mailto:<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>><br>
</div>> > <mailto:<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a><br>
<div><div></div><div class="Wj3C7c">> <mailto:<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>>>> wrote:<br>
> ><br>
> > Arno Lehmann wrote:<br>
> > > Hello,<br>
> > ><br>
> > > please respond to the list.<br>
> > ><br>
> > > 02.09.2008 10:44, J. Bakshi wrote:<br>
> > ><br>
> > >> Arno Lehmann wrote:<br>
> > >><br>
> > >>> Hi,<br>
> > >>><br>
> > >>> 02.09.2008 09:37, J. Bakshi wrote:<br>
> > >>><br>
> > >>>> Dear list,<br>
> > >>>><br>
> > >>>> I have installed<br>
> > >>>><br>
> > >>>> nagios-nrpe 2.0<br>
> > >>>> nagios-plugins 1.4<br>
> > >>>> nagios-plugins-extras 1.4<br>
> > >>>><br>
> > >>>> How can I check smtps, ldaps, pop3s, imaps with nrpe ?<br>
> > >>>> the default check_smtp ; check_imap etc can't check the SSL<br>
> > version of<br>
> > >>>> the services.<br>
> > >>>><br>
> > >>> Mine can; call them with -h for help and read the output. I<br>
> > usually<br>
> > >>> use the -S swich plus, as needed, -p for the target port.<br>
> > >>><br>
> > >>> Example output:<br>
> > >>> $ /usr/local/nagios3/libexec/check_imap -H <a href="http://192.168.1.2" target="_blank">192.168.1.2</a><br>
> <<a href="http://192.168.1.2" target="_blank">http://192.168.1.2</a>><br>
> > <<a href="http://192.168.1.2" target="_blank">http://192.168.1.2</a>> -S -p 993 -D 12<br>
> > >>> OK - Certificate will expire on 04/27/2009 21:13.<br>
> > >>> IMAP OK - 0.060 second response time on port 993 [* OK<br>
> IMAP4 Ready<br>
> > >>> <a href="http://balrog.privat.lehleute.de" target="_blank">balrog.privat.lehleute.de</a><br>
</div></div>> <<a href="http://balrog.privat.lehleute.de" target="_blank">http://balrog.privat.lehleute.de</a>> <<a href="http://balrog.privat.lehleute.de" target="_blank">http://balrog.privat.lehleute.de</a>><br>
<div><div></div><div class="Wj3C7c">> > 0001b1a4]|time=0.059891s;;;0.000000;10.000000<br>
> > >>><br>
> > >>><br>
> > >> Hi Arno,<br>
> > >><br>
> > >> first of all thanks for your kind response. I have also found<br>
> > the "-S"<br>
> > >> option but the story is different here and it is<br>
> > >> negative :-(<br>
> > >><br>
> > >> here is the nmap output which proves the required port<br>
> are open<br>
> > >><br>
> > ><br>
> > > It does not actually prove the services are listening on<br>
> localhost,<br>
> > > and that access is not filtered, for example by hosts files.<br>
> > ><br>
> > ><br>
> > >> PORT STATE SERVICE<br>
> > >> 25/tcp open smtp<br>
> > >> 80/tcp open http<br>
> > >> 143/tcp open imap<br>
> > >> 389/tcp open ldap<br>
> > >> 443/tcp open https<br>
> > >> 465/tcp open smtps<br>
> > >> 993/tcp open imaps<br>
> > >> 995/tcp open pop3s<br>
> > >> 1234/tcp open hotline<br>
> > >> 2000/tcp open callbook<br>
> > >> 3306/tcp open mysql<br>
> > >><br>
> > >> more important I can use the SSL enabled services, like<br>
> pop3s ,<br>
> > smtps etc...<br>
> > >><br>
> > >> If I check with check_smtp I get the following<br>
> > >><br>
> > >> /usr/lib/nagios/plugins/check_smtp -H localhost -p 465<br>
> -S -v<br>
> > >> CRITICAL - Socket timeout after 10 seconds<br>
> > >><br>
> > ><br>
> > > Check with the ip address that is usually used - it's<br>
> quite possible<br>
> > > the service is not bound to localhost.<br>
> > ><br>
> > ><br>
> > >> And here is the check fir ftp :-(<br>
> > >><br>
> > >> /usr/lib/nagios/plugins/check_ftp -H localhost -p 60021<br>
> -S -v<br>
> > >> CRITICAL - Cannot make SSL connection<br>
> 13948:error:140770FC:SSL<br>
> > >> routines:SSL23_GET_SERVER_HELLO:unknown<br>
> protocol:s23_clnt.c:478:<br>
> > >><br>
> > >> Plese note I am practically using ftps, smtps, pop3s<br>
> > >><br>
> > >> I have no clue really.<br>
> > >> Hope you can enlighten me to point out my mistake.<br>
> > >><br>
> > ><br>
> > > Try what I suggested... that's what I'd do now.<br>
> > ><br>
> > > Arno<br>
> > ><br>
> ><br>
> > Dear Arno and Alex,<br>
> ><br>
> > thanks a lot for your kind guidance.<br>
> ><br>
> > Arno, I have also checked with IP but no success.<br>
> ><br>
> > Here is some more feedback which you can find interesting<br>
> ><br>
> > #### IMAPS successful ##########<br>
> ><br>
> > /usr/lib/nagios/plugins/check_imap -H localhost -p 993 -S<br>
> -w 5 -c<br>
> > 8 -t 10<br>
> > IMAP OK - 0.099 second response time on port 993 [* OK<br>
> Cyrus IMAP4<br>
> > v2.2.12 server ready]<br>
> > |time=0.098621s;5.000000;8.000000;0.000000;10.000000<br>
> ><br>
> > ######## POP3S successful ##########<br>
> > /usr/lib/nagios/plugins/check_pop -H localhost -p 995 -w 5<br>
> -c 8<br>
> > -t 10 -S<br>
> > POP OK - 0.101 second response time on port 995 [+OK<br>
> lvps872308228.<br>
> > Cyrus POP3 v2.2.12 server ready<br>
> ><br>
> <4156316096.1220347347@lvps872308<a href="http://228.dedicated.hosteurope.de" target="_blank">228.dedicated.hosteurope.de</a><br>
> <<a href="http://228.dedicated.hosteurope.de" target="_blank">http://228.dedicated.hosteurope.de</a>><br>
> > <<a href="http://228.dedicated.hosteurope.de" target="_blank">http://228.dedicated.hosteurope.de</a>>>]<br>
> > |time=0.101278s;5.000000;8.000000;0.000000;10.000000<br>
> ><br>
> > ######## SMTPS failed but telnet successful #########<br>
> ><br>
> > /usr/lib/nagios/plugins/check_smtp -H <replaced by my<br>
> server IP><br>
> > -p<br>
> > 465 -w 5 -c 8 -t 10 -S<br>
> > CRITICAL - Socket timeout after 10 seconds<br>
> ><br>
> > telnet <a href="http://87.230.8.228" target="_blank">87.230.8.228</a> <<a href="http://87.230.8.228" target="_blank">http://87.230.8.228</a>><br>
> <<a href="http://87.230.8.228" target="_blank">http://87.230.8.228</a>> 465<br>
> > Trying 87.230.8.228...<br>
> > Connected to <a href="http://87.230.8.228" target="_blank">87.230.8.228</a> <<a href="http://87.230.8.228" target="_blank">http://87.230.8.228</a>><br>
> <<a href="http://87.230.8.228" target="_blank">http://87.230.8.228</a>>.<br>
> > Escape character is '^]'.<br>
> ><br>
> > quit<br>
> > quit<br>
> > Connection closed by foreign host.<br>
> ><br>
> ><br>
> > ####### FTPS failed but successful by telnet ###############33<br>
> ><br>
> > /usr/lib/nagios/plugins/check_ftp -H <replaced by my server<br>
> IP> -p<br>
> > 60021 -w 5 -c 8 -t 10 -S<br>
> > CRITICAL - Cannot make SSL connection 30050:error:140770FC:SSL<br>
> > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478:<br>
> ><br>
> > telnet localhost 60021<br>
> > Trying 127.0.0.1...<br>
> > Connected to localhost.<br>
> > Escape character is '^]'.<br>
> > 220 *******This server is configured by Jatasankar*******<br>
> ><br>
> > 530 Please login with USER and PASS.<br>
> ><br>
> > 530 Please login with USER and PASS.<br>
> > quit<br>
> > 221 Goodbye.<br>
> > Connection closed by foreign host.<br>
> ><br>
> ><br>
> > Any clue ?<br>
> > thanks<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > ><br>
> > >> with many thanks<br>
> > >><br>
> > >><br>
> > >>> Arno<br>
> > >>><br>
> > >>><br>
> > >>>> thanks<br>
> > >>>><br>
> > >>>><br>
> > >>>><br>
> > >><br>
> > ><br>
> > ><br>
> ><br>
> ><br>
> > --<br>
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
> > Joydeep Bakshi, Linux System Admin<br>
> > Kolkatainfoservices Pvt Ltd,<br>
> > 23A Royd Street, Kolkata 700016, India<br>
> > Work Phone 91 033 40014784<br>
> > <a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a><br>
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Alex Dehaini<br>
> > Developer<br>
> > Site - <a href="http://www.alexdehaini.com" target="_blank">www.alexdehaini.com</a> <<a href="http://www.alexdehaini.com" target="_blank">http://www.alexdehaini.com</a>><br>
> <<a href="http://www.alexdehaini.com" target="_blank">http://www.alexdehaini.com</a>><br>
> > Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> <mailto:<a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a>><br>
</div></div>> <mailto:<a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> <mailto:<a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a>>><br>
<div><div></div><div class="Wj3C7c">><br>
><br>
> --<br>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
> Joydeep Bakshi, Linux System Admin<br>
> Kolkatainfoservices Pvt Ltd,<br>
> 23A Royd Street, Kolkata 700016, India<br>
> Work Phone 91 033 40014784<br>
> <a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a><br>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
><br>
><br>
><br>
><br>
> --<br>
> Alex Dehaini<br>
> Developer<br>
> Site - <a href="http://www.alexdehaini.com" target="_blank">www.alexdehaini.com</a> <<a href="http://www.alexdehaini.com" target="_blank">http://www.alexdehaini.com</a>><br>
> Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> <mailto:<a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a>><br>
<br>
<br>
--<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Joydeep Bakshi, Linux System Admin<br>
Kolkatainfoservices Pvt Ltd,<br>
23A Royd Street, Kolkata 700016, India<br>
Work Phone 91 033 40014784<br>
<a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a><br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Alex Dehaini<br>Developer<br>Site - <a href="http://www.alexdehaini.com">www.alexdehaini.com</a><br>Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a><br>
</div>