On 10 Oct 2014, at 14:52, Marcus Mülbüsch <[email protected]> wrote:
> However, the syntax from the monit manual: > >> if failed host 1.2.3.4 port 443 type tcpssl protocol http http >> headers [Authorization: Basic QWxhZGRpbjpvcGVu] and request >> /LOG0/FAULT/mod_cmd.xml?cmd=something with content == 'alarms' then >> alert > > results in: > >> 'uri.to.check' failed protocol test [HTTP] at >> INET[1.2.3.4:443/LOG0/FAULT/mod_cmd.xml?cmd=something] via TCPSSL -- >> HTTP error: Server returned status 401 > > So: > > I can do my connection testing with the "old" syntax, which solves my > immediate problem. > > But: how long will that syntax be supported by monit? > > And since I get these 401-errors (no 407 errors, there is no proxy > inbetween), either my base64 encoding is wrong, or I did some other simple > error in my configuration, or both of the syntaxes do not do the same... > > Any help on that point is still appreciated. The configuration looks ok. I tried to replicate the problem but i'm unable to trigger it (used also wireshark to check the HTTP headers in the request - everything looked fine). Please can you create small configuration file with both test versions and take a network trace (using wireshark) with SSL decryption enabled? (you can find tutorial for wireshark SSL decryption for example here: http://blogs.technet.com/b/nettracer/archive/2013/10/12/decrypting-ssl-tls-sessions-with-wireshark-reloaded.aspx). You'll need to import the private from the HTTP server to decrypt the captured data. The configuration may look like this (save it for example as ~/.monitrc_test and set its permissions to 0600: chmod 600 ~/.monitrc_test): --8<-- set daemon 60 set httpd port 2813 allow localhost set idfile /tmp/monit_test.id set pidfile /tmp/monit_test.pid set statefile /tmp/monit_test.state check host myhost with address 1.2.3.4 if failed host 1.2.3.4 port 443 protocol https http headers [Authorization: Basic QWxhZGRpbjpvcGVu] and request /LOG0/FAULT/mod_cmd.xml?cmd=something with content == 'alarms' then alert if failed (url https://Aladdin:[email protected]/LOG0/FAULT/mod_cmd.xml?cmd=something with content == 'alarms') then alert --8<-- Then: 1.) start wireshark, import 1.2.3.4:443's SSL key to it and set the capture filter for 1.2.3.4:443 traffic 2.) start monit with: monit -vIc ~/.monitrc_test 3.) stop monit (^C) and wireshark when both tests completed and export the request packet from each test as plaintext Best regards, Martin
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
