[icinga-users] Beginners question smtpauth check

Michael Friedrich Michael.Friedrich at netways.de
Thu Nov 26 13:33:04 CET 2015


> On 26 Nov 2015, at 13:14, Andreas Grabner <andreas.grabner at fenz-software.at> wrote:
>
>> -----Ursprüngliche Nachricht-----
>> Von: icinga-users [mailto:icinga-users-bounces at lists.icinga.org] Im Auftrag
>> von Michael Friedrich
>> Gesendet: Donnerstag, 26. November 2015 12:38
>> An: icinga-users at lists.icinga.org
>> Betreff: Re: [icinga-users] Beginners question smtpauth check
>>
>>
>>> On 26 Nov 2015, at 12:33, Andreas Grabner <andreas.grabner at fenz-
>> software.at> wrote:
>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: icinga-users [mailto:icinga-users-bounces at lists.icinga.org] Im
>>>> Auftrag von Michael Friedrich
>>>> Gesendet: Donnerstag, 26. November 2015 12:25
>>>> An: icinga-users at lists.icinga.org
>>>> Betreff: Re: [icinga-users] Beginners question smtpauth check
>>>>
>>>>
>>>>> On 26 Nov 2015, at 11:48, Andreas Grabner <andreas.grabner at fenz-
>>>> software.at> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> i used nagios around 10 years ago. Now I start with incinga and have
>>>>> some
>>>> questions. The most concrete is:
>>>>>
>>>>> I want to check a SMTP Server with TLS and authentication. The setup
>>>>> on a
>>>> debian jessie looks like this:
>>>>>
>>>>> object Host "any.host.at" {
>>>>> import "generic-host"
>>>>> address = "any.host.at"
>>>>> // address6 = "::1"
>>>>> vars.os = "Windows"
>>>>> vars.smtp_authtype = "LOGIN"
>>>>> vars.smtp_authuser = "user1"
>>>>> vars.smtp_authpass = "xxxxxxxxxxxxxx"
>>>>> vars.smtp_starttls = true
>>>>> vars.smtp_mail_from = "xxxx at xxxxx.at"
>>>>> /* Define notification mail attributes for notification apply rules
>>>>> in
>>>> `notifications.conf`. */
>>>>> vars.notification["mail"] = {
>>>>>   /* The UserGroup `icingaadmins` is defined in `users.conf`. */
>>>>>   groups = [ "icingaadmins" ]
>>>>> }
>>>>> }
>>>>>
>>>>> Icinga2 reports:  SMTP CRITICAL - no authuser specified, 0.143 sec.
>>>>> response time
>>>>
>>>> And your service object configuration looks like?
>>>>
>>> This:
>>>
>>> apply Service "smtp" {
>>> import "generic-service"
>>>
>>> check_command = "smtp"
>>>
>>> assign where host.name == " any.host.at"
>>> }
>>>
>>> vars.smtp_authtype = "LOGIN"
>>> is used, without it the service is OK
>>
>> The CheckCommand parameters are described here:
>> http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/plugin-
>> check-commands#plugin-check-command-smtp
>> In case you want to debug the executed command line for your plugin, either
>> enable the debug log and force a check, or use the Icinga 2 console cli
>> command connected to the API (requires that you did setup it in 2.4) to fetch
>> the service check result and its command line.
>>
>> http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/cli-
>> commands#cli-command-console
>
> Thanks for the debug log tip. The problem is the "vars.smtp_starttls = true" because the command looks like
>
> /usr/lib/nagios/plugins/check_smtp -A 'LOGIN' '-H' 'xxxxxxxxxx '-P' 'xxxxxxx' '-S' 'true' '-U' 'xxxxxxxxxxxxxxx' '-f' 'xxxxxxxxxxxxxxx'
>
> -S does not take an argument
> (-S, --starttls
>    Use STARTTLS for the connection. )
>
> /usr/lib/nagios/plugins/check_smtp -A 'LOGIN' '-H' 'xxxxxxxxxx '-P' 'xxxxxxx'  '-U' 'xxxxxxxxxxxxxxx' '-f' 'xxxxxxxxxxxxxxx' '-S' 'true'
> Is working, but don`t know how to put it there.
>
> I think it is an misconfiguration or ab bug. I think the mistake is in command-plugins.conf
>
> object CheckCommand "smtp" {
>        import "plugin-check-command"
>        import "ipv4-or-ipv6"
>
>        command = [ PluginDir + "/check_smtp" ]
>
>        arguments = {
>                "-H" = "$smtp_address$"
>                "-p" = "$smtp_port$"
>                "-f" = "$smtp_mail_from$"
>                "-e" = "$smtp_expect$"
>                "-C" = "$smtp_command$"
>                "-R" = "$smtp_response$"
>                "-F" = "$smtp_helo_fqdn$"
>                "-D" = "$smtp_certificate_age$"
>                "-A" = "$smtp_authtype$"
>                "-U" = "$smtp_authuser$"
>                "-P" = "$smtp_authpass$"
>                "-q" = "$smtp_ignore_quit$"
>                "-w" = "$smtp_warning$"
>                "-c" = "$smtp_critical$"
>                "-t" = "$smtp_timeout$"
>                "-S" = "$smtp_starttls$"
>        }
>
>        vars.smtp_address = "$check_address$"
> }
>
> Whats your opinion?

Bug. smtp_starttls should use set_if.

“-S” = {
  set_if = “$smtp_starttls$"
}

Could you please test that patch, open an issue on dev.icinga.org and add a git patch (against current git master) in format of ‘git format-patch’.
https://wiki.icinga.org/display/Dev/Developer+Guidelines#DeveloperGuidelines-SendingaPatch

Thanks,
Michael



>
> Andreas
> _______________________________________________
> icinga-users mailing list
> icinga-users at lists.icinga.org
> https://lists.icinga.org/mailman/listinfo/icinga-users


-- 
Michael Friedrich, DI (FH)
Senior Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | Michael.Friedrich at netways.de

** OSDC 2016 - April - netways.de/osdc **
** OSBConf 2016 - September - osbconf.org **


More information about the icinga-users mailing list