blob: e373f33d77e117dcb33d4988379a7c34c7ad3084 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
plugin_name: go.d.plugin
modules:
- meta:
id: collector-go.d.plugin-x509check
plugin_name: go.d.plugin
module_name: x509check
monitored_instance:
name: X.509 certificate
link: ""
categories:
- data-collection.synthetic-checks
icon_filename: lock.svg
keywords:
- x509
- certificate
most_popular: false
info_provided_to_referring_integrations:
description: ""
related_resources:
integrations:
list: []
overview:
data_collection:
metrics_description: ""
method_description: |
This collectors monitors x509 certificates expiration time and revocation status.
default_behavior:
auto_detection:
description: ""
limits:
description: ""
performance_impact:
description: ""
additional_permissions:
description: ""
multi_instance: true
supported_platforms:
include: []
exclude: []
setup:
prerequisites:
list: []
configuration:
file:
name: "go.d/x509check.conf"
options:
description: |
The following options can be defined globally: update_every, autodetection_retry.
folding:
title: Config options
enabled: true
list:
- name: update_every
description: Data collection frequency.
default_value: 1
required: false
- name: autodetection_retry
description: Recheck interval in seconds. Zero means no recheck will be scheduled.
default_value: 0
required: false
- name: source
description: "Certificate source. Allowed schemes: https, tcp, tcp4, tcp6, udp, udp4, udp6, file, smtp."
default_value: ""
required: false
- name: days_until_expiration_warning
description: Number of days before the alarm status is warning.
default_value: 30
required: false
- name: days_until_expiration_critical
description: Number of days before the alarm status is critical.
default_value: 15
required: false
- name: check_revocation_status
description: Whether to check the revocation status of the certificate.
default_value: false
required: false
- name: timeout
description: SSL connection timeout.
default_value: 2
required: false
- name: tls_skip_verify
description: Server certificate chain and hostname validation policy. Controls whether the client performs this check.
default_value: false
required: false
- name: tls_ca
description: Certification authority that the client uses when verifying the server's certificates.
default_value: ""
required: false
- name: tls_cert
description: Client TLS certificate.
default_value: ""
required: false
- name: tls_key
description: Client TLS key.
default_value: ""
required: false
examples:
folding:
title: Config
enabled: true
list:
- name: Website certificate
description: Website certificate.
config: |
jobs:
- name: my_site_cert
source: https://my_site.org:443
- name: Local file certificate
description: Local file certificate.
config: |
jobs:
- name: my_file_cert
source: file:///home/me/cert.pem
- name: SMTP certificate
description: SMTP certificate.
config: |
jobs:
- name: my_smtp_cert
source: smtp://smtp.my_mail.org:587
- name: Multi-instance
description: |
> **Note**: When you define more than one job, their names must be unique.
Check the expiration status of the multiple websites' certificates.
config: |
jobs:
- name: my_site_cert1
source: https://my_site1.org:443
- name: my_site_cert2
source: https://my_site1.org:443
- name: my_site_cert3
source: https://my_site3.org:443
troubleshooting:
problems:
list: []
alerts:
- name: x509check_days_until_expiration
metric: x509check.time_until_expiration
info: "Time until x509 certificate expires for ${label:source}"
link: https://github.com/netdata/netdata/blob/master/src/health/health.d/x509check.conf
- name: x509check_revocation_status
metric: x509check.revocation_status
info: "x509 certificate revocation status for ${label:source}"
link: https://github.com/netdata/netdata/blob/master/src/health/health.d/x509check.conf
metrics:
folding:
title: Metrics
enabled: false
description: ""
availability: []
scopes:
- name: source
description: These metrics refer to the configured source.
labels:
- name: source
description: Configured source.
metrics:
- name: x509check.time_until_expiration
description: Time Until Certificate Expiration
unit: seconds
chart_type: line
dimensions:
- name: expiry
- name: x509check.revocation_status
description: Revocation Status
unit: boolean
chart_type: line
dimensions:
- name: not_revoked
- name: revoked
|