mackerelio / go-check-plugins Goto Github PK

Hi,
Now the check-tcp.exe output like this:

# check-tcp.exe /H 192.168.0.1 /p 12345 /w 2 /c 3 /t 5
TCP OK: 0.005 seconds response time on 192.168.0.1 port 12345

Could it output like this for support Nagios Performance data
TCP OK: 0.005 seconds response time on 192.168.0.1 port 12345|time=5ms

I have a Redis master/slave setup, where master and slave can be automatically promoted/demoted, and therefore I don't know in advance which one is the slave or the master.
If I use the old check for Redis from Sensu, I don't have problems, as this is what happens on the master:

# check-redis-slave-status.rb -P <password> - h <ip>
RedisSlaveCheck OK: This redis server is master

if I use your check, I get exit status 3:

check-redis slave -P <password> -H <ip>
Redis Slave UNKNOWN: couldn't get master_link_status

In my opinion, the Sensu check makes more sense.
Do you think it's possible to modify your check to behave in the same way?

Hi,

Recent RHEL-type distributions (namely RHEL 7) use chronyd, replacing ntpd.
However, command ntpq is designed to be used in conjunction with crond so if chronyd is running in place of ntpd, ntpq cannot be used because the connection cannot be established. chronyc is used instead.

This prevents check-ntpoffset.go from working on boxes without a working ntpd or the command ntpq.
The origin of the problem is most likely https://github.com/mackerelio/go-check-plugins/blob/master/check-ntpoffset/lib/check-ntpoffset.go#L59 this line.

May I ask for Chrony support in check-ntpoffset.go?
Thanks.

When the server expects the client to provide a certificate, the check for ssl-cert fails:

mackerel-check ssl-cert -H <server-with-client-auth-enabled>
SSL CRITICAL: remote error: tls: bad certificate

In order to check a server certificate (which is what this binary is intended for), it is not required to complete a full tls handshake. Doing a tcpdump reveals that th server cert is presented to the client during the Server Hello message of the handshake. This check should be modified to work in this situation.

Hello.

I use mackerel-check-plugins with v0.28.0.
My agent setting like this:

[plugin.checks.logtest]
command = ["check-log", "--file", "/var/log/messages", "--return", "--pattern" "local1.err"]
check_interval = 1

[plugin.checks.cloudlogtest]
command = ["check-aws-cloudwatch-logs", "--log-group-name", "test", "--log-stream-name-prefix", "test", "--pattern", "error", "--critical-over", "0", "--return"]
env = { AWS_REGION = "ap-northeast-1", "AWS_ACCESS_KEY_ID"="************", "AWS_SECRET_ACCESS_KEY"="************" }
check_interval = 1

Check-log plugin create state file on /var/tmp/mackerel-agent/check-log but check-aws-cloudwatch-logs does not created anywhere.

What is wrong?

The order of the output really bothers me. I think the simplest is to sort by the used %.
Ideally it would be sorted by what thresholds %, specific number or inode flavors. I think if this plugin as refactored it would be easy to implement this but at this time it just seemed to convoluted to me.

The ordering by used % should fit the majority of use cases.

The log having same content length but contents is different is written after log rotation. In this case, check-log plugin reports "Log OK: 0 warnings, 0 criticals".

[eg]
(1) before log rotation
2018/09/02 02:00:03,139 [ERROR] some error contents...

(2) after log rotation
2018/09/03 02:00:03,040 [ERROR] some error contents...

In this case, we can't receive alert of (2).
This is occuring in batch process that working once a day.
If cause of the error is same, error contents might be same.
(Only different for date part)

This issue relates to #181 ...

In conjunction with #181, I want check_http to be able to use a specific source IP address or network interface, similar to curl's --interface option.

With curl, you can do something like this:

curl --interface 127.0.0.127 http://127.0.0.1

Can I achieve the same using check_http ?

Thanks.

On check-http, for example, please add option to skip SSL cert verification.
It is useful to want to check just HTTPS responsiveness without SSL cert verification.

Hi,

We are using check-procs plugin in our environments. Always this plugin fails when check fails. It is failing with below error.
issue is this message paged to pagerduty. I'm passing env_vars as below also did not help. It is still paging same stack trace.

env_vars:

• GOTRACEBACK=none

Is there a way we can prevent stack trace to be pushed to pagerduty. Kindly Please help me by suggesting workaround if any.

Error:
fatal error: runtime: out of memory
runtime stack:
runtime.throw(0x55cdaf, 0x16)
/opt/go/src/runtime/panic.go:608 +0x72 fp=0x7ffd77644650 sp=0x7ffd77644620 pc=0x429722
runtime.sysMap(0xc000000000, 0x4000000, 0x67d018)
/opt/go/src/runtime/mem_linux.go:156 +0xc7 fp=0x7ffd77644690 sp=0x7ffd77644650 pc=0x415c97
runtime.(*mheap).sysAlloc(0x664960, 0x4000000, 0x0, 0x0)
/opt/go/src/runtime/malloc.go:619 +0x1c7 fp=0x7ffd77644718 sp=0x7ffd77644690 pc=0x40a497
runtime.(*mheap).grow(0x664960, 0x1, 0x0)
/opt/go/src/runtime/mheap.go:920 +0x42 fp=0x7ffd77644770 sp=0x7ffd77644718 pc=0x421f92
runtime.(*mheap).allocSpanLocked(0x664960, 0x1, 0x67d028, 0x0)
/opt/go/src/runtime/mheap.go:848

I noticed that the Nagios check-ssh does not try to authenticate and it checks the socket only.
If it's not possible for you to make it the same, would it be possible to add an option like: --no-auth-check ?

If you include ":" in filter-pattern (-p) option of check-aws-cloudwatch-logs, InvalidParameterException will occur.

$ check-aws-cloudwatch-logs --log-group-name log_group_name -p "\"err:\""
CloudWatch Logs UNKNOWN: InvalidParameterException:

Works fine with aws cli

$ aws logs filter-log-events --log-group-name log_group_name --filter-pattern "\"err:\""

This seems to be a matter of interpretation when github.com/jessevdk/go-flags contains\"\" in the string parameter.

Hi,

I'm currently working on a web server with IP blacklist enabled.
If a blacklisted client accesses it, it should return 403.

I would like to make sure such a control is indeed working-- in order to achieve that, I want check_http to return OK when the web server returns 403 under a certain condition (Particularly #182 ) and CRITICAL when it returns anything else, including 200 OK.

I'm concerned that it might be a long way to go, but I'd be very happy to use check_http in this way.
Thanks.

check-http is reporting always 200.

For instance, with curl I get 301:

~# curl -I http://prod.geant.org
HTTP/1.1 301 Moved Permanently
Server: nginx
... [CUT] ...

and with your check I get 200:

root@prod-sensu03:~# check-http -u http://prod.geant.org
HTTP OK: HTTP/1.1 200 OK - 95701 bytes in 0.422392 second response time

I want to fire an alert if the unique count of IP exceeds N cases.
How about adding an option --count-by to check-log plugin ?

Bellow is my image to use:

--count-by 'IP:([0-9\.])+\t'

On the other hand, like the awk , an interface that allows us to choose separator and the number also seems good.

Hi
Will provide binary for windows ?

Thanks.

On my Fedora 29 server, when I run go-check-plugins disk, it gives me:

Disk UNKNOWN: Failed to fetch disk usage: permission denied

If I do the following, it works:

go-check-plugins disk -X overlay -X tmpfs

And if I run go-check-plugins ping -H google.com as regular user, I get

Ping CRITICAL: listen ip4:icmp : socket: operation not permitted

Even though a regular ping google.com works.

I expect the scriptst not to fail in this way when run as a non-root user.

Hi,
is there a reason, why the plugins don't output performance data?
Gerhard

Hi there!

First I'd like to say that I really appreciate this project ❤️

It reminds me this one : uutils/coreutils and I think both are very good initiatives.

The install is easy thanks to the deb package and I achieved to build a new package with 3 news checks :

• check-mem
• check-swap
• check-diff-time

and added a --password flag on check-redis.

Would you like a PR to add this checks and feature?

Thank you!

In this example the load average was around 1.3.

If the load was below critical then everything worked as it should. Warning was fine, just Critical had the bug.

The issue was due to a break in a for loop inside the if critical block. This caused nothing to go into the threshold slice,
which used direct references to threshold[0],threshold[1],threshold[2] in the print statement.

I will provide a PR for the fix.

Critical

-bash-4.2$ ./check-load -w 1,1,1 -c 1.2,1.3,1.4 -r
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/mackerelio/go-check-plugins/check-load/lib.run(0xc00009a130, 0x5, 0x5, 0x0)
        E:/gowork/src/safetydance.premierinc.com/stash/tools/gosensuplugins/vendor/github.com/mackerelio/go-check-plugins/check-load/lib/check_load.go:83 +0x645
github.com/mackerelio/go-check-plugins/check-load/lib.Do()
        E:/gowork/src/safetydance.premierinc.com/stash/tools/gosensuplugins/vendor/github.com/mackerelio/go-check-plugins/check-load/lib/check_load.go:41 +0x68
main.main()
        E:/gowork/src/safetydance.premierinc.com/stash/tools/gosensuplugins/vendor/github.com/mackerelio/go-check-plugins/check-load/main.go:6 +0x20

Warning

-bash-4.2$ ./check-load -w 1,1,1 -c 2,2,3 -r
LOAD WARNING: load average: 1.33, 1.33, 1.33

With FIx

-bash-4.2$ ./check-load -w 1,1,1 -c 1.2,1.2,1.2 -r
LOAD CRITICAL: load average: 1.34, 1.34, 1.34