我需要监视tcp端点的证书过期。
我尝试配置黑盒导出器以监视tcp终结点。但不幸的是无法获得适当的结果。
我们已经使用黑盒导出器来监视https端点的ssl证书,并且它的工作原理绝对不错。但是,对于tcp端点,我们希望有类似的东西。
BlackBox导出器:
modules:
http_2xx:
prober: http
timeout: 70s
http:
method: GET
preferred_ip_protocol: "ip4"
tls_config:
insecure_skip_verify: true
http_OpenAPI_2xx:
prober: http
timeout: 70s
http:
method: GET
preferred_ip_protocol: "ip4"
tls_config:
insecure_skip_verify: true
fail_if_not_matches_regexp:
- "HTTP/1.1 200 OK*"
http_post_2xx:
prober: http
http:
method: POST
tcp_connect:
prober: tcp
timeout: 5s
tcp:
tls: false
pop3s_banner:
prober: tcp
tcp:
query_response:
- expect: "^+OK"
tls: false
tls_config:
insecure_skip_verify: true
ssh_banner:
prober: tcp
tcp:
query_response:
- expect: "^SSH-2.0-"
irc_banner:
prober: tcp
tcp:
query_response:
- send: "NICK prober"
- send: "USER prober prober prober :prober"
- expect: "PING :([^ ]+)"
send: "PONG ${1}"
- expect: "^:[^ ]+ 001"
icmp:
prober: icmp
普罗米修斯:
- job_name: 'blackbox-tcp'
metrics_path: /probe
params:
module: [tcp_connect]
scrape_interval: 30s
scrape_timeout: 20s
static_configs:
- targets:
- tcp://171.17.25.12:38205
- tcp://171.17.25.12:5071
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 171.12.30.12:9115 # Blackbox exporter.
我们要监视这些tcp端点的ssl证书
答案 0 :(得分:1)
在Blackbox导出器配置中为TCP模块使用TLS选项可以完成此任务:
tcp_connect_tls:
prober: tcp
tcp:
tls: true
此外,似乎为TCP探针定义的目标语法不正确。 TCP探针目标应该不具有 tcp:// 前缀:
...
static_configs:
- targets:
- 171.17.25.12:38205
- 171.17.25.12:5071
...