To check if the login is working on a website using Check MK Infrastructure & Application Monitoring

kaushalshriyan · May 21, 2021, 3:41pm

Hi,

I am new to Check MK Infrastructure & Application Monitoring and running check-mk-raw-2.0.0p4-el8-38.x86_64 on CentOS Linux release 8.3.2011. Is there a way to check if the login is working on a website using Check MK?

For example:- https://developerportal.mydomain.com/login using the below login credentials if the login is successful. If login fails then Check MK will trigger an alert saying login failure.

URL :- https://developerportal.mydomain.com/login
Username :- devadmin@mydomain.com
Password :- xxxxxxxxxxxxxxxxxx

Thanks in Advance. I look forward to hearing from you.

Best Regards,

Kaushal

andreas-doehler · May 21, 2021, 8:18pm

It is relatively easy if you website uses basic auth over HTTP/S.
If the login are form fields it gets a little bit complicated.
For the first one you can use the classic “check_http” and for the second one you can try the “Check HTML Form Submit”
All more complicated web pages can be checked with the help of tools like robot framework and the integration into CMK by @simonm you can find this integration here. https://www.simon-meggle.de/robotmk/

rprengel · May 22, 2021, 4:46am

Hallo,
some links for you.

in germam

Works fine here for checking some of our cloud solutions.
If you are working behind a proxy you may have some problems checking systems outside.
Ralf

r.sander · May 22, 2021, 8:54am

If the website uses HTTP Basic Auth you can also use check_http for that task.

kaushalshriyan · May 22, 2021, 6:14pm

@r.sander I did the below config

OMD[checkmk]:/opt/omd/versions/2.0.0p4.cre/lib/nagios/plugins$./check_http -a "devops@mydomain.com:xxxxxxxxxx" develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.018 second response time |time=0.018391s;;;0.000000;10.000000 size=437B;;;0

OMD[checkmk]:/opt/omd/versions/2.0.0p4.cre/lib/nagios/plugins$./check_http -a “ops@mydomain.com:xxxxxxxxxx” develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.024 second response time |time=0.024078s;;;0.000000;10.000000 size=437B;;;0

I tested it using the wrong email id and password, I see the same result. Ideally, it should return Unauthenticated. Am I missing anything?

Best Regards,

Kaushal

r.sander · May 22, 2021, 8:46pm

Run check_http with -v to see the whole conversation. It looks like the website does not use HTTP Basic Auth but redirects to a login form.

kaushalshriyan · May 23, 2021, 2:39am

Thanks Robert. I am still finding the same issue and enabled verbose.

./check_http -vvv -a "devops@mydomain.com:test@4563" -u https://develop.mydomain.com/user/login develop.mydomain.com -P POST
POST https://develop.mydomain.com/user/login HTTP/1.0
User-Agent: check_http/v2.3 (monitoring-plugins 2.3)
Connection: close
Authorization: Basic ZGV2b3BzQGRpZ2l0YYxhcKjcmFmdC5jb206RGlnaXRhbEAxMjM0
Content-Type: application/x-www-form-urlencoded
Content-Length: 3

POST

http://develop.mydomain.com:80https://develop.mydomain.com/user/login is 465 characters
STATUS: HTTP/1.0 301 Moved Permanently
**** HEADER ****
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: https://develop.mydomain.com/user/login
Content-Length: 232
Date: Sun, 23 May 2021 02:29:24 GMT
**** CONTENT ****
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://develop.mydomain.com/user/login">here</A>.
</BODY></HTML>

HTTP OK: HTTP/1.0 301 Moved Permanently - 465 bytes in 0.009 second response time |time=0.008571s;;;0.000000;10.000000 size=465B;;;0
OMD[checkmk]:/opt/omd/versions/2.0.0p4.cre/lib/nagios/plugins$

When I give the wrong password it still returns 200 OK

./check_http -vvv -a "devops@mydomain.com:test@1234" -u https://develop.mydomain.com/user/login develop.mydomain.com -P POST
POST https://develop.mydomain.com/user/login HTTP/1.0
User-Agent: check_http/v2.3 (monitoring-plugins 2.3)
Connection: close
Authorization: Basic ZGV2b3BzQGRpZ2l0YYxhcKjcmFmdC5jb206RGlnaXRhbEAxMjM0
Content-Type: application/x-www-form-urlencoded
Content-Length: 3

POST

http://develop.mydomain.com:80https://develop.mydomain.com/user/login is 465 characters
STATUS: HTTP/1.0 301 Moved Permanently
**** HEADER ****
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: https://develop.mydomain.com/user/login
Content-Length: 232
Date: Sun, 23 May 2021 02:29:24 GMT
**** CONTENT ****
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://develop.mydomain.com/user/login">here</A>.
</BODY></HTML>

HTTP OK: HTTP/1.0 301 Moved Permanently - 465 bytes in 0.009 second response time |time=0.008571s;;;0.000000;10.000000 size=465B;;;0
OMD[checkmk]:/opt/omd/versions/2.0.0p4.cre/lib/nagios/plugins$

Please suggest further.

Best Regards,

Kaushal

r.sander · May 23, 2021, 3:29pm

The webserver returns a redirect to a login page as I assumed. It does not use HTTP Basic Auth.

You need to have a look at the code of the login page. If it uses a simple HTML form (and not some JavaScript) you may be successful by posting the form data with check_http but otherwise you are out of look with this simple tool. You will then need to go the End2End-Monitoring route with e.g. RobotMK.

andreas-doehler · May 23, 2021, 5:06pm

Another problem is that your query is wrong formatted.

First thing - why do your use POST? There is nothing you can post (no body).

Second one the URI your wrote - “https://develop.mydomain.com/user/login” - this should normally be only “/user/login”

In the end your command should look like this

./check_http -vvv -a "devops@mydomain.com:test@1234" --ssl -u /user/login -H develop.mydomain.com

But the problem @r.sander mentioned can also be the reason for a not working check.

kaushalshriyan · May 28, 2021, 11:36pm

@andreas-doehler Thanks for the reply. I am attaching the screenshot for your reference.

I use devops@mydomain.com:test@1234 to log in to https://develop.mydomain.com/user/login. It works without issue. If I use the wrong password it will report an Unrecognized username or password. Forgot your password? I am attaching the screenshot for your reference.

./check_http -vvv -a "devops@mydomain.com:test@1234" --ssl -u /user/login -H develop.mydomain.com

HTTP OK: HTTP/1.1 200 OK - 334002 bytes in 0.088 second response time |time=0.087709s;;;0.000000;10.000000 size=334002B;;;0

./check_http -vvv -a "devops@mydomain.com:**t1234**" --ssl -u /user/login -H develop.mydomain.com

HTTP OK: HTTP/1.1 200 OK - 334034 bytes in 0.089 second response time |time=0.088863s;;;0.000000;10.000000 size=334034B;;;0

When I use the wrong password I still get 200 OK instead of 401 Unauthorized.

Please suggest further. Thanks in Advance.

Best Regards,

Kaushal

system · May 28, 2022, 11:36pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.