search

ribbybibby / ssl_exporter

Exports Prometheus metrics for TLS certificates
Apache License 2.0
507 stars 95 forks source link

Not able configure FTP endpoint #39

Closed guptaalok20 closed 4 years ago

guptaalok20 commented 4 years ago

I'm trying to setup monitoring for SSL certificates over FTP and did below configurations:

  1. Setting config: modules: tcp_ftp_starttls: prober: tcp tcp: starttls: ftp

  2. Setting scrape config in prometheus: job_name: "xyz" scrape_interval: 60s metrics_path: /probe static_configs:

    • targets:
      • :22 relabel_configs:
    • source_labels: [address] target_label: __param_target
    • source_labels: [__param_target] target_label: instance
    • target_label: address replacement: 127.0.0.1:9319

But this does not seem to be working. Am i missing something?

ribbybibby commented 4 years ago

When you say that it isn't working, what do you mean? Do you get any messages in the logs? What metrics do you get back?

Looking at your scrape config, I think the issue is probably that you aren't setting the module you've defined as a parameter in your scrape config:

  - job_name: 'xyz'
    scrape_interval: 60s
    metrics_path: /probe
    params:
      module: ["tcp_ftp_starttls"] # <----- module
    static_configs:
      - targets:
        - <IP_Address>:22
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9319
guptaalok20 commented 4 years ago

Thanks a lot for your prompt response.

By not working I meant I was able to configure and scrape the FTP endpoint successfully.

I've now updated the prometheus.yaml as you suggested and now i see below error: time="2020-07-13T20:03:50Z" level=debug msg="read line: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8" source="tcp.go:141" time="2020-07-13T20:04:00Z" level=error msg="read tcp 172.17.0.5:49554-><IP_Address>:22: i/o timeout" source="ssl_exporter.go:78"

I'm able to telnet the IP and port from this host so not sure why I'm getting timeout.

In Prometheus target is see below error: Get "http://127.0.0.1:9319/probe?module=tcp_ftp_starttls&target=IPaddress%3A22": context deadline exceeded

ribbybibby commented 4 years ago 
"read line: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8"

This suggests to me that you're connecting to an SFTP server (FTP over SSH) rather than an FTPS server (FTP over SSL). There's no certificate involved in the former, so this exporter is of no use to you there.

Perhaps you want to probe port 21? That's commonly where FTPS listens.

guptaalok20 commented 4 years ago

I will confirm if that's the case. Appreciate you help!

Cheers,