Geek Answers Handbook

Nagios: CRITICAL - socket timeout after 10 seconds

I have been working nagios for about two years, but recently this problem started to appear from one of my services.

I get

CRITICAL - Socket timeout after 10 seconds

for a check_http -H my.host.com -f follow -u /abc/def check, which worked fine. No other services report this issue. The remote site took off and became healthy, and I can do wget http://my.host.com/abc/def from the nagios server, and it downloads the response just fine. Also, doing check_http -H my.host.com -f follow works just fine, i.e. Only when I use the -u argument that things break. I also tried passing it another user agent string, no difference. I tried to increase the timeout, no luck. I tried with -v, but all it has is:

 GET /abc/def HTTP/1.0 User-Agent: check_http/v1861 (nagios-plugins 1.4.11) Connection: close Host: my.host.com CRITICAL - Socket timeout after 10 seconds

... which does not tell me what is going wrong.

Any ideas how I could solve this?

Thanks!

+7
source share
4 answers

Try using the -N check_http .

I had similar problems, and in my case the web server did not end the connection after sending the response (https worked, http was not). check_http tries to read from an open socket until the server closes the connection. If this does not happen, a timeout will occur.

The -N option tells check_http to receive only the title, but not the contents of the page / document.

+15
source

I traced my problem to a problem with security providers configured in the latest version of OpenSUSE.

From a summary of other web pages, there seems to be a problem trying to use the TLSv2 protocol, which does not work correctly, or something is missing in the default configurations to allow it to work.

To solve this problem, I commented on the security provider question from the JRE security configuration file.

 #security.provider.10=sun.security.pkcs11.SunPKCS11

Defender. the value may vary in your configuration, but essentially the SunPKCS11 provider is not working.

This configuration is usually located in

 $JAVA_HOME/lib/security/java.security

JRE you are using.

+1
source

Fixed with this url in nrpe.cfg: (on Deb 6.0 Squeeze using nagios-nrpe server)

 command[check_http]=/usr/lib/nagios/plugins/check_http -H localhost -p 8080 -N -u /login?from=%2F
0
source

For those who are interested, I also came across this problem, and the problem turned out to be mod_itk on the web server.

The patch is available even if it is not included in the current CentOS or Debian packages:

https://lists.err.no/pipermail/mpm-itk/2015-September/000925.html

0
source

More articles:


All Articles