Does Dynatrace monitor SSL certificate validation
Hi Folks,
We have a customer who wants to monitor SSL certification validation check via dynatrace.
Is it possible to monitor SSL certificate validation? I'm seeking more information from the customer about the this but this is what I got as requirement.
BR,
AK
Best Answer
I've written a OneAgent plugin for SSL/TLS certificate expiration check (also does notification in advance). If you need to check certificates locally for any process running on a host monitored by oneagent.
If you are interested, you can download it from https://github.com/juliusloman/dynatrace-oneagent-plugin-sslcertcheck.
Hi Julius,
I have uploaded your OneAgent plugin for SSL/TLS certificate expiration however dont how to deploy plugin to hosts running OneAgents
Download the zip file. (available in the releases tab).
You have to do two steps:
- Upload the plugin into the tenant in Settings > Monitoring > Monitored technologies
- Unzip the plugin on each oneagent monitored host in /opt/dynatrace/oneagent/plugin_deployment/ (if you oneagent is installed in the default path).
Dynatrace does not have any means to deploy the plugin centrally, that why you have to deploy it manually or using some configuration management tools.
OneAgent will pick up the new plugin just after a few minutes. No need to restart OneAgent
i have given it necessary permission as well
*ADMINSHELL* opt/dynatrace/remotepluginmodule/plugin_deployment/dynatrace-oneagent-plugin-sslcertcheck-master # ll
total 20
-rwxr-xr-x 1 root root 2277 Jan 12 21:22 plugin.json
-rwxr-xr-x 1 root root 2172 Jan 12 21:22 README.md
-rwxr-xr-x 1 root root 9410 Jan 12 21:22 sslcertcheck_plugin.py
*ADMINSHELL* opt/dynatrace/remotepluginmodule/plugin_deployment/dynatrace-oneagent-plugin-sslcertcheck-master #
First - you have downloaded the repo, not the built plugin. Head to the releases page and download the release zip file, that's actually here.
Second - you have put it into the directory of ActiveGate plugin module. This is a OneAgent plugin, not an ActiveGate plugin. Unless you have installed OneAgent in some nondefault directory, it is the /opt/dynatrace/oneagent/plugin_deployment/ directory.
Yes,I have downloaded file name called Source code(ZIP) and I have uploaded like below.
Is it right way to download and upload it?
No, it is the file custom.python.sslcertcheck_plugin.zip not the zip code.
Upload this file to the tenant as on your screenshot and also unzip the file on an agent.
unzip the file on an agent means do i have to unzip and put this custom.python.sslcertcheck_pluginunder /opt/dynatrace/oneagent/plugin_deployment/ on the host right?
Exactly. Is should look like this
# ls -l /opt/dynatrace/oneagent/plugin_deployment/custom.python.sslcertcheck_plugin/ total drwxrwxr-x 1 root root 382 Jan 12 22:24 asn1cryp drwxrwxr-x 1 root root 96 Jan 12 22:24 asn1crypto-1.3.0.dist-in -rwxrwxr-x 1 root root 2277 Jan 12 22:21 plugin.js -rwxrwxr-x 1 root root 2172 Jan 12 22:17 README. drwxrwxr-x 1 root root 82 Jan 12 22:24 sslcertcheck_plugin-1.0.dist-in -rwxrwxr-x 1 root root 9410 Jan 12 22:02 sslcertcheck_plugin.py
As per your guideline,I have uploaded,still its not capturing
how to check the certificate are listed and monitoring in dynatrace?
*ADMINSHELL* opt/dynatrace/remotepluginmodule/plugin_deployment/custom.python.sslcertcheck_plugin # ll
total 32
drwxr-xr-x 2 root root 4096 Jan 21 09:18 asn1crypto
drwxr-xr-x 2 root root 4096 Jan 21 09:18 asn1crypto-1.3.0.dist-info
-rwxr-xr-x 1 root root 2277 Jan 21 09:18 plugin.json
-rwxr-xr-x 1 root root 2172 Jan 21 09:18 README.md
drwxr-xr-x 2 root root 4096 Jan 21 09:18 sslcertcheck_plugin-1.0.dist-info
-rwxr-xr-x 1 root root 9410 Jan 21 09:18 sslcertcheck_plugin.py
Hello @Gokul S.,
you still have the plugin copied in an incorrect directory. This directory is for the remote plugins (executed by ActiveGate).
You need to have the plugin copied in this directory
/opt/dynatrace/oneagent/plugin_deployment/custom.python.sslcertcheck_plugin/
and not in:
/opt/dynatrace/remotepluginmodule/plugin_deployment/custom.python.sslcertcheck_plugin
I've added a new release (1.01) that of the plugin that will inform you about certificates the plugin found and will monitor:
Still its not working.
Can you review my below steps :
1)I have place the custom.python.sslcertcheck_plugin zip file under Settings->Monitoring->Monitored technologies->Add new technology monitoring->Build OneAgent plugin with Python->Upload your plugin here or via command line (choose Upload plugin)
2)Unzip the custom.python.sslcertcheck_plugin file and placed the file under
opt/dynatrace/oneagent/plugin_deployment/custom.python.sslcertcheck_plugin/custom.python.sslcertcheck_plugin# ll
total 32
drwxr-xr-x 2 root root 4096 Jan 23 13:11 asn1crypto
drwxr-xr-x 2 root root 4096 Jan 23 13:11 asn1crypto-1.3.0.dist-info
-rwxr-xr-x 1 root root 2278 Jan 23 13:11 plugin.json
-rwxr-xr-x 1 root root 3017 Jan 23 13:11 README.md
drwxr-xr-x 2 root root 4096 Jan 23 13:11 sslcertcheck_plugin-1.1.dist-info
-rwxr-xr-x 1 root root 10459 Jan 23 13:11 sslcertcheck_plugin.py
Is it right?
You have it unzipped in one more directory - you have two directories custom.python.sslcertcheck_plugin in the path.
It must look like this:
# ls -al /opt/dynatrace/oneagent/plugin_deployment/custom.python.sslcertcheck_plugin/ total 20 drwxrwxr-x 1 root root 222 Jan 16 15:41 . drwxr-xr-x 1 root root 140 Jan 13 11:25 .. drwxrwxr-x 1 root root 382 Jan 12 22:24 asn1crypto drwxrwxr-x 1 root root 96 Jan 12 22:24 asn1crypto-1.3.0.dist-info -rwxrwxr-x 1 root root 2277 Jan 12 22:21 plugin.json -rwxrwxr-x 1 root root 2172 Jan 12 22:17 README.md drwxrwxr-x 1 root root 82 Jan 12 22:24 sslcertcheck_plugin-1.0.dist-info -rwxrwxr-x 1 root root 9458 Jan 16 15:41 sslcertcheck_plugin.
Hey Julius,
This is awesome. I have been asked about this type of feature before. Appreciate you for open sourcing this project!
Thanks
-Dallas
Best Answer
By Dynatrace our of the box not but you can make OneAgent plugin that will validate it and send data as custom metrics to Dynatrace
Hi Sebastian,
Thanks for response.
Any document available with respect to this? I mean, specific to OneAgent plugin creation for SSL certification validation check.
BR,
AK
There are not documents like this because these are custom things. What you need to do is first finding way how using python (or bash) get information about certificates. When you will have this you are good to go for writing plugin because you will need those peace of code as source of extra metrics. That's all basically.
Sebastian
