Greetings friends, during these last years we have seen how to monitor all kinds of services with Grafana, InfluxDB, and Telegraf, such as VMware vSphere, Linux, Windows, Veeam and more. Today I bring you one of these entries that are extremely useful and simple at the same time.

I’m talking about how to monitor your SSL certificates, yours or any manufacturer’s, URLs, etc. So that we can avoid failure like the one Microsoft had just a few days ago when an SSL certificate expired due to being a leap year.

Telegraf, InfluxDB and Grafana topology monitoring SSL

Although I have already shown you some times the diagram of how would be the monitoring using Telegraf, Grafana, and InfluxDB, I leave you again the diagram, this time monitoring SSL:

How to activate Telegraf’s native input to monitor SSL Certificates x.509

Luckily for us, Telegraf already brings natively an input (plugin) to monitor the status of SSL x.509 certificates, we will be able to monitor the following, which is certainly more than complete for our purpose:

x509_cert

tags: source – source of the certificate organization organizational_unit country province locality verification serial_number signature_algorithm public_key_algorithm issuer_common_name issuer_serial_number san

fields: verification_code (int) verification_error (string) expiry (int, seconds) age (int, seconds) startdate (int, seconds) enddate (int, seconds)



To activate it, it will be as simple as editing the telegraf.conf, or better, creating a new file in /etc/telegraf/telegraf.d/ssl.conf, and inside we will introduce the following:

[[inputs.x509_cert]] sources = ["https://TUURL1:443/", "https://TUURL2:443/", "TUURL3:8443/", "tcp://TUAPPQUEESCUCHAPORTCP:8086/"] insecure_skip_verify = true 1 2 3 [ [ inputs .x509_cert ] ] sources = [ "https://TUURL1:443/" , "https://TUURL2:443/" , "TUURL3:8443/" , "tcp://TUAPPQUEESCUCHAPORTCP:8086/" ] insecure_skip_verify = true

Once we have all the URLs added, we will restart the telegraph service:

telegraf service restart 1 telegraf service restart

Checking that we are ingesting information with Chronograf

The normal thing at this point, if we have done all the steps well, is that we are already sending information collected by the script to InfluxDB, if we perform a search using the wonderful Chronograf, we can check that we have information:

All the variables of this input to monitor SSL are stored in x509_* so it is really easy to find them.

Grafana Dashboard

I created a Dashboard from scratch by selecting the best requests to the database, finishing off colors, thinking about graphics and how to display them, and everything is automated so that it fits our environment without any problem and without having to edit anything manually. The Dashboard can be found here, once imported, you can use the top drop-down menus to select between SSL:

Import Grafana Dashboards easily

So that you don’t have to waste hours configuring a new dashboard, and ingesting and debugging you want, I’ve already created four wonderful dashboards with everything you need to monitor our environment in a very simple way, it will look like the image I showed you above.

From our Graph, we will make Create – Import

Select the name you want and enter the ID: 11707, which is the unique ID of the Dashboard, or the URL:

Please leave your feedback in the comments.

If you want to see them working without installing anything, here is the link to my environment.

Just friends, I hope you like it, and I’d like to leave the whole series here:

That’s all folks, if you want to follow the full Blog series about Grafana, InfluxDB, Telegraf, please click on the next links:

Like this: Like Loading...