3

我需要监控 tcp 端点的证书过期。

我试过配置黑盒导出器来监控 tcp 端点。但遗憾的是无法达到应有的效果。

我们使用 blackbox exporter 来监控 https 端点的 ssl 证书,它工作得非常好。但是,我们希望 tcp 端点有类似的东西。

黑盒出口商:

modules:
  http_2xx:
    prober: http
    timeout: 70s
    http:
      method: GET
      preferred_ip_protocol: "ip4"
      tls_config:
        insecure_skip_verify: true

  http_OpenAPI_2xx:
    prober: http
    timeout: 70s
    http:
      method: GET
      preferred_ip_protocol: "ip4"
      tls_config:
        insecure_skip_verify: true
      fail_if_not_matches_regexp:
       - "HTTP/1.1 200 OK*"

  http_post_2xx:
    prober: http
    http:
      method: POST
  tcp_connect:
    prober: tcp
    timeout: 5s
    tcp:
     tls: false
  pop3s_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^+OK"
      tls: false
      tls_config:
        insecure_skip_verify: true
  ssh_banner:
    prober: tcp
    tcp:
      query_response:
      - expect: "^SSH-2.0-"
  irc_banner:
    prober: tcp
    tcp:
      query_response:
      - send: "NICK prober"
      - send: "USER prober prober prober :prober"
      - expect: "PING :([^ ]+)"
        send: "PONG ${1}"
      - expect: "^:[^ ]+ 001"
  icmp:
    prober: icmp

普罗米修斯:

  - job_name: 'blackbox-tcp'
    metrics_path: /probe
    params:
      module: [tcp_connect]
    scrape_interval: 30s
    scrape_timeout: 20s
    static_configs:
      - targets:
                - tcp://171.17.25.12:38205
                - tcp://171.17.25.12:5071

    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 171.12.30.12:9115  # Blackbox exporter.

我们要监控这些 tcp 端点的 ssl 证书

4

1 回答 1

3

在 Blackbox 导出器配置中使用 TCP 模块的TLS选项应该可以完成这项工作:

tcp_connect_tls:
  prober: tcp
  tcp:
    tls: true

此外,您为 TCP 探测器定义的目标似乎具有不正确的语法。TCP 探测器目标不应具有tcp ://前缀:

...
static_configs:
  - targets:
    - 171.17.25.12:38205
    - 171.17.25.12:5071
...
于 2020-07-06T21:53:52.917 回答