Monitoring Automation with Icinga – Certificate Monitoring

Monitoring Automation with Icinga – Certificate Monitoring

In our ongoing efforts to make it easier to automate monitoring environments we recently introduced a new module for Icinga Web 2.

Icinga Certificate Monitoring

on Github

This module is first and foremost a platform which lets you have an overview over all the certificates you are using in your environment to prove the identity of your devices. You can take a quick glance or a very detailed look at them. It will help you to know exactly how your certificates are distributed based on the signing certificate authority, the used algorithms and key strengths as well as which certificate expires next.

 

Certificates Dashboard

 

It helps with automation

You don’t need to register each device or certificate by hand. The module will scan the networks you’ll provide it with and harvest any certificates it encounters. Whether it does this regularly or on demand is fully up to you.

Networks are provided by setting up jobs. These jobs define several IP ranges in CIDR notation and ports. Schedules in CRON format may also be set for jobs so that this module’s daemon runs them regularly.

 

Integrates well with your environment

Cloud hosting and virtual machines are on the rise for a long time now and with SNI (Server Name Indication) a single host may easily present different certificates on the same endpoint. In order to facilitate this, the module can be told to scan an endpoint multiple times by setting up SNI maps.

Installed alongside the monitoring module, Icinga Certificate Monitoring even accesses its database backend to fetch SNI information.¹ This will help to match results found in the scan process to already known hostnames in your monitoring environment.

 

Don’t miss to roll out new certificates

Let’s be honest, everyone has sometimes missed to re-new or replace expired certificates. The module provides detailed views showing you exactly which certificates require your attention.

Certificate Overview

Certificate Chain Health

 

Take advantage of your favorite monitoring tool

Though, if you’re not proactively looking at the user interface the check command shipped with this module may help with setting up notifications in Icinga.

Certificate Usage

Monitoring Service List

 

Bridging the gap with the Director

With all this talk about automation one has to wonder how to establish a link between this module’s knowledge about certificates and Icinga’s configuration. You’re right if you think of the Director’s import and synchronization functionality now.

The module lets you easily import known hosts or certificates with its own import sources. By setting this up you only have to define jobs for it and all the rest is handled automatically.

 

¹Available with Icinga Web v2.7 (Scheduled for release mid 2019)

 

 

Icinga Web 2.6.3

Icinga Web 2.6.3

We are happy to announce a new bugfix release for Icinga Web 2. Official packages are available on packages.icinga.com. Community repositories might need a while to catch up.

You can find issues related to this release on our Roadmap.

 

PHP 7.3

Now supported.

 

LDAP – Community contributions, that’s the spirit

With the help of our users we’ve finally fixed the issue that defining multiple hostnames and enabling STARTTLS has never properly worked. Also, they’ve identified that defining multiple hostnames caused a customized port not being utilized and fixed it themselves.

There has also a rare case been fixed that caused no group members being found in case object classes had a different casing than what we expected. (Good news for all the non-OpenLdap and non-MSActiveDirectory users)

  • LDAP connection fails with multiple servers using STARTTLS #3639
  • LDAPS authentication ignores custom port setting #3713
  • LDAP group members not found #3650

 

We take care about your data even better now

With this are newlines and HTML entities (such as  ) in plugin output and custom variables meant. Sorry if I’ve teased some data security folks now.

  • Newlines in plugin output disappear #3662
  • Windows path separators are converted to newlines in custom variables #3636
  • HTML entities in plugin output are not resolved if no other HTML is there #3707

 

You’ve wondered how you got into a famous blue police box?

Don’t worry, not only you and the european union are sometimes unsure what’s the correct time.

  • Set client timezone on DB connection #3525
  • Ensure a valid default timezone is set in any case #3747
  • Fix that the event detail view is not showing times in correct timezone #3660

 

UI – The portal to your monitoring environment, improved

The collapsible sidebar introduced with v2.5 has been plagued by some issues since then. They’re now fixed. Also, the UI should now flicker less and properly preserve the scroll position when interacting with action links. (This also allows the business process module to behave more stable when using drag and drop in large configurations.)

  • Collapsible Sidebar Issues #3187
  • Fix title when closing right column #3654
  • Preserve scroll position upon form submits #3661

 

Corrected things we’ve broke recently

That’s due to preemptive changes to protect you from bad individuals. Unfortunately this meant that some unforeseen side-effects appeared after the release of v2.6.2. These are now fixed.

  • Multiline values in ini files broken #3705
  • PHP ini parser doesn’t strip trailing whitespace #3733
  • Escaped characters in INI values are not unescaped #3648

Though, if you’ve faced issue #3705 you still need to take manual action (if not already done) as the provided fix does only prevent further occurrences of the resulting error. The required changes involve the transformation of all real newlines in Icinga Web 2’s INI files to literal \n or \r\n sequences. (Files likely having such are the roles.ini and announcements.ini)

Business Process 2.2.0

Business Process 2.2.0

Gut Ding will Weile haben. Or, Rome wasn’t built in a day. Though, I like the German version more because it’s not that quite a stretch.

Well, what this is all about you ask? It’s been the first quarter of 2017 when the first version of the Icinga Business Process Module had the chance to impress its audience. It’s gone rather quiet since then. But don’t worry, just two years later there is the solution to the so-called order it imposed on us: Chaos.

Okay, okay, straight to the point:

 

Drag’n’Drop

Previously it wasn’t possible to disable the automatically applied alphabetical order of nodes. It is now possible to simply grab a node and move it wherever you want it to. Or, to be the master of chaos, so to speak.

 

Importing Processes

Ever wanted to re-use a process you defined within a different configuration? Without duplicating it? This has been an undocumented feature but is now fully integrated into the UI and documented.

 

Usability and Visualization

Additionally the breadcrumbs and the tree view were adjusted and got a lighter design to help those with epilepsy. Well, not quite correct, we just thought a change is due. Besides, the navigation has been enhanced by allowing you to jump to the overview using the breadcrumbs and letting external info URLs open in a new browser tab.

 

The full changelog can be found here.

All issues and features related to this release can be found on our roadmap.

Icinga Exchange – The Journey Continues


We’ve launched a new iteration of Icinga Exchange last autumn and modernized the look and feel as well as improved the overall user experience. Since then we’ve solved a few issues and made some enhancements. Just small things to make it a little better.
 

 
But that’s not a reason to stop, we thought. That’s why we recently added the possibility to.. (more…)