Skip to main content

Hello,

When I want to check the expiry date of my certificate, if I set a date lower than the number of days remaining, in the 

/usr/lib/centreon/plugins//centreon_netscaler.pl --plugin=network::citrix::netscaler::snmp::plugin --mode=certificates-expire --hostname='192.168.201.189' --snmp-version='2c' --snmp-community='test' --filter-name='Citrix' --critical-days='90'

 

CRITICAL: Certificate 'Citrix ' 106 days remaining before expiration

 

/usr/lib/centreon/plugins//centreon_netscaler.pl --plugin=network::citrix::netscaler::snmp::plugin --mode=certificates-expire --hostname='192. 168.201.189' --snmp-version='2c' --snmp-community='M9UqgrSKDc8VEjCTsDYUQdj7l5Q4ufk' --filter-name='Citrix Habellis' --critical-days='107'

 


OK: Certificate 'Citrix' 106 days remaining before expiration

 

 

I think there is an inversion in the calculation of the date.

Hello

I didn’t know there was a “certificate” check in netscaler (lol)

I personnaly use the standard x509 certificate check that comes in a separate plugins, and it has a different syntax for alerting :

/usr/lib/centreon/plugins/centreon_protocol_x509.pl --plugin=apps::protocols::x509::plugin --mode=certificate --hostname=10.10.10.1 --port=443 --warning-status='%{expiration} < 30' --critical-status='%{expiration} < 15' --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE" --custommode=tcp --ssl-ignore-errors

I did a bit of tweaking on the command line to pass a different hostname to the original command and I either pass the fqdn of the netscaler virtual ip, or I put the ip directly

 

I will try this snmp check for netscaler and see if I have the same bug


hmm yes, I have the same bug, the --critical-days value is not used as a standard value counter  : if above then alert. (usually the case whent you want 80% capcity or %usage), but that is not adapted to a “less than x” value.

 

I tried a few other variant, like “-15” or some “%{something} < 15”, it’s not working

 

so you have found a bug, I did look at the code, but it’s the part of the centreon code I can’t make any sense “how you check value against parameters”

 

as a working alternative, try the x509 pluginpack, and adapt it to your need, I use the check x509 in tcp mode, and I have made a custom command using a custom macro where I put the ip/dns/url I want to check the ssl validity on (you have the command line I used in the post above, you just need to use your own macro)


Looking at issue 588, it appears you need to pass <min>:<max> to the critical and warning threshold. So, using ‘--critical=107:’ will get you a CRITICAL output if your cert has less than 107 days to go.


Reply