Monitoring Automation with Icinga – Certificate Monitoring

Monitoring Automation with Icinga – Certificate Monitoring

In our ongoing efforts to make it easier to automate monitoring environments we recently introduced a new module for Icinga Web 2.

Icinga Certificate Monitoring

on Github

This module is first and foremost a platform which lets you have an overview over all the certificates you are using in your environment to prove the identity of your devices. You can take a quick glance or a very detailed look at them. It will help you to know exactly how your certificates are distributed based on the signing certificate authority, the used algorithms and key strengths as well as which certificate expires next.

 

Certificates Dashboard

 

It helps with automation

You don’t need to register each device or certificate by hand. The module will scan the networks you’ll provide it with and harvest any certificates it encounters. Whether it does this regularly or on demand is fully up to you.

Networks are provided by setting up jobs. These jobs define several IP ranges in CIDR notation and ports. Schedules in CRON format may also be set for jobs so that this module’s daemon runs them regularly.

 

Integrates well with your environment

Cloud hosting and virtual machines are on the rise for a long time now and with SNI (Server Name Indication) a single host may easily present different certificates on the same endpoint. In order to facilitate this, the module can be told to scan an endpoint multiple times by setting up SNI maps.

Installed alongside the monitoring module, Icinga Certificate Monitoring even accesses its database backend to fetch SNI information.¹ This will help to match results found in the scan process to already known hostnames in your monitoring environment.

 

Don’t miss to roll out new certificates

Let’s be honest, everyone has sometimes missed to re-new or replace expired certificates. The module provides detailed views showing you exactly which certificates require your attention.

Certificate Overview

Certificate Chain Health

 

Take advantage of your favorite monitoring tool

Though, if you’re not proactively looking at the user interface the check command shipped with this module may help with setting up notifications in Icinga.

Certificate Usage

Monitoring Service List

 

Bridging the gap with the Director

With all this talk about automation one has to wonder how to establish a link between this module’s knowledge about certificates and Icinga’s configuration. You’re right if you think of the Director’s import and synchronization functionality now.

The module lets you easily import known hosts or certificates with its own import sources. By setting this up you only have to define jobs for it and all the rest is handled automatically.

 

¹Available with Icinga Web v2.7 (Scheduled for release mid 2019)

 

 

Icinga X.509 Module

We are pleased to announce the first open source release of our X.509 module for Icinga.
The X.509 module for Icinga keeps track of certificates as they are deployed in a network environment.
It does this by scanning networks for TLS services and collects whatever certificates it finds along the way.
The certificates are verified using its own trust store. (more…)

Graphite module for Icinga Web 2 released

After weeks of development with a lot of brainpower being invested we have finally finished the first stable release of our Graphite integration into Icinga Web 2. The new features include a searchable graphs dashboard, multi-client capability and much more – read on.
Thanks to all contributors – AlexanderBlerimEricFlorianJohannesMarkusMichael and Thomas, you have done an awesome job!
Also many thanks to Deutsche Telekom for sponsoring the development! (more…)

Releasing v2.0 of the Icinga Web 2 Puppet Module

It’s been a while since we have released a new version of our Icinga Web 2 Puppet module. Today we’re happy to announce v2.0 of this module, available on Puppet Forge. We reworked the whole module, with new mechanisms and features that make it easy to install and configure Icinga Web 2 and many of its modules. The new module enables you to configure every possible setting of Icinga Web 2 and is compatible with Puppet starting from version 4.7. Here’s a brief introduction with some examples: (more…)

Monthly Snap March: Icinga Camp, Partners, Trainings, Icingabeat, approved Puppet module

March was all about our lovely community. We’ve had Icinga Camp Berlin and San Francisco, and also joined FLOSSUK. You’ll also recognize that our Puppet module for Icinga 2 was officially approved by Puppet. Blerim released icingabeat and blogged about it at the Elastic blog. And many more things happened …
We’ve also thought about 1st of April, but hey – we have so many great things to share and work on, we’ll skip it for 2017 😉
(more…)