Check_mk_active-http fails with "return code 139 is out of bounds"

CMK version: 2.2.0p19
OS version: Ubuntu 22.04

Error message:

Output of “cmk --debug -vvn hostname”: (Return code of 139 is out of bounds)

Service check command is check_mk_active-http!–ssl --extended-perfdata -L --sni -I drive.domain.de -H drive.domain.de

Active service check:

image712×782 56.7 KB

The strange thing: we have a reverse proxy with 8 URLs. All URLs are checked for cert date (no problems), all URLs are also checked for proper HTTP Response codes. Two are no working for any reasons since update from 2.1.0p36 .

If I curl from the server, I have no problem to get a response from the virtual hosts of the Reverse Proxy. How can I troubleshoot this any further?

You can try to run the check on the command line in verbose mode:
check_http –ssl --extended-perfdata -L --sni -I drive.domain.de -H drive.domain.de -vvv
You may be able to see more this way and get a clue to the problem.

Thanks for your reply.

I tried the command. Obviously, check_http failed somehow

OMD[siteA]:~$ /omd/sites/siteA/lib/nagios/plugins/check_http --ssl --extended-perfdata -L --sni -I drive.domain.de -H drive.domain.de -vvv
<A HREF="https://drive.domain.de:443/" target="_blank">SSL initialized
GET / HTTP/1.1
User-Agent: check_http/v2.3.3 (monitoring-plugins 2.3.3)
Connection: close
Host: drive.domain.de


https://drive.domain.de:443/ is 1448 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Server: nginx
Date: Mon, 22 Jan 2024 11:20:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: [truncated] path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-[truncated]'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: [truncated] path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: [truncated] path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Set-Cookie: [truncated] path=/; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://drive.domain.de/login
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
**** CONTENT ****
0


Found chunked content
Segmentation fault (core dumped)

I’m going to try another (older) version of check_http, I am wondering what changed?

Ah, an older version of check_http works as expected (at least for me):

OMD[siteA]:~$ /omd/sites/siteB/lib/nagios/plugins/check_http --ssl --extended-perfdata -L --sni -I drive.domain.de -H drive.domain.de -vvv
<A HREF="https://drive.domain.de:443/" target="_blank">SSL initialized
GET / HTTP/1.1
User-Agent: check_http/v2.3.2 (monitoring-plugins 2.3.2)
Connection: close
Host: drive.domain.de


https://drive.domain.de:443/ is 1442 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Server: nginx
Date: Mon, 22 Jan 2024 11:27:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: [truncated] path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-[truncated]'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: [truncated] path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: [truncated] path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Set-Cookie: [truncated] path=/; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://drive.domain.de/login
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
**** CONTENT ****
0


HTTP OK: HTTP/1.1 302 Found - 1442 bytes in 0.180 second response time </A>|time=0.179678s;;;0.000000;10.000000 size=1442B;;;0; time_connect=0.004437s;;;;10.000000 time_ssl=0.014162s;;;;10.000000 time_headers=0.000020s;;;;10.000000 time_firstbyte=0.160836s;;;;10.000000 time_transfer=0.160863s;;;;10.000000

Is it wise to copy the older file into the plugin directory? It may help for the second, but maybe not for solving the root cause…

edit/encore: I kept check_http (v2.3.3) as check_http233 and copied check_http (v2.3.2) into the directory. Therefore, I am ready for troubleshooting.

I would place your own check_http v2.3.2 version in a directory of your choice and call the plugin with the “Integrate Nagios plugins” rule. This will continue to work even after a checkmk release upgrade.

It seems that check_http sometimes has problems with transfer-encoding:chunked. Perhaps you can avoid the problem by using the option “–onredirect=follow” (How to handle redirect), which automatically redirects check_http to the target page, or test the target page directly with “-u /login” (URI to fetch)

Maybe Checkmk will change the HTTP Check in the near future to check_curl which, according to the monitoring-plugins homepage, will one day replace check_http.

I have the same issue in checkmk 2.3.0p6,
check_http is still at v2.3.3

Any way to fix this?
How can I get the old version?

It’s not clear at all what we should do… it says “deprecated” but what’s the replacement? and how to migrate all the checks?

image1311×442 10 KB

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.