5

I have a requirement to monitor certificate expiry of tcp endpoints.

I've tried configuring blackbox exporter to monitor tcp endpoints. But unfortunately not able to achieve proper results.

We have used blackbox exporter to monitor ssl certificates for https endpoints and it's working absolutely fine. However, we want something similar for tcp endpoints.

BlackBox Exporter:

modules:
  http_2xx:
    prober: http
    timeout: 70s
    http:
      method: GET
      preferred_ip_protocol: "ip4"
      tls_config:
        insecure_skip_verify: true

  http_OpenAPI_2xx:
    prober: http
    timeout: 70s
    http:
      method: GET
      preferred_ip_protocol: "ip4"
      tls_config:
        insecure_skip_verify: true
      fail_if_not_matches_regexp:
       - "HTTP/1.1 200 OK*"

  http_post_2xx:
    prober: http
    http:
      method: POST
  tcp_connect:
    prober: tcp
    timeout: 5s
    tcp:
     tls: false
  pop3s_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^+OK"
      tls: false
      tls_config:
        insecure_skip_verify: true
  ssh_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^SSH-2.0-"
  irc_banner:
    prober: tcp
    tcp:
      query_response:
      - send: "NICK prober"
      - send: "USER prober prober prober :prober"
      - expect: "PING :([^ ]+)"
        send: "PONG ${1}"
      - expect: "^:[^ ]+ 001"
  icmp:
    prober: icmp

Prometheus:

  - job_name: 'blackbox-tcp'
    metrics_path: /probe
    params:
      module: [tcp_connect]
    scrape_interval: 30s
    scrape_timeout: 20s
    static_configs:
      - targets:
                - tcp://171.17.25.12:38205
                - tcp://171.17.25.12:5071

    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 171.12.30.12:9115  # Blackbox exporter.

We want to monitor ssl certificates for these tcp endpoints

Priyotosh deb
  • 83
  • 2
  • 8

1 Answers1

5

Using the TLS option for the TCP module in the Blackbox exporter configuration should do the job:

tcp_connect_tls:
  prober: tcp
  tcp:
    tls: true

Also, it seems that the targets that you have defined for the TCP prober have an incorrect syntax. TCP prober targets should not have the tcp:// prefix:

...
static_configs:
  - targets:
    - 171.17.25.12:38205
    - 171.17.25.12:5071
...
johan
  • 518
  • 6
  • 18