CustoSec:Check HTTP-String

From CustosecWiki
Jump to navigation Jump to search
caption
Basic Information on Check
Name of Check HTTP String Technical Name check_http_string
Available in Standard Number of Arguments 4
From Version ARANSEC 2.34 Compability All ARANSEC and CustoSec



Scope of Check

This is an easy to use standard check to monitor content of websites. It calls a website and checks for a string on the HTTP content. This check only supports the http - protocol.

The check has two variants as well, which provide additional arguments for WARNING and CRITICAL thresholds for the response time. (See Variants)

Requirements

For the check to work properly the following requirements must be met:

  • The check can be configured on any host, but it is recommended to implement it as a service check on the target host/website that should be monitored. In case an external website should be monitored, it should be configured as a host.
  • If an external website is to be monitored, the firewall must be configured to allow ARANSEC / CustoSec to access this external website only. (Note: Keep security in mind!)


Arguments

To configure the check, the following arguments are available:

Argument No. Argument Name Allowed Arguments Explanation Examples
Arg1 host fqdn
addr
Host name argument for servers using host headers (virtual host). Append a port to include it in the header (eg: example.com:5000). Fully qualified domain name or IP-Address of the Host that is to be monitored.
No empty field allowed
Try first with no other parameters set. Check should deliver an OK state when the host is set correctly.
192.168.77.17
localhost
www.myserver.com
www.custosec.org
www.tagesschau.de
Arg2 path URL path URL Path to site (excluding the host-address from argument 1. Default is / /index.php
Arg3 port integer Http-port number. Default is 80. 80
Arg4 string string expected string. Any string on the website's content that is expected to return an OK state. Buy article

The check returns the state KO, when the string has been found. Additionally it also returns the response time an the size of the page.


Return States

The check returns to following states and information.

Return Description Example
OK The check can connect to the server and the string can be found in the response. Status: OK
Output: HTTP OK HTTP/1.0 200 OK - 0.766 second response time |time=0.766346s;;;0.000000 size=170355B;;;0
WARNING The check cannot find the string on the servers response (content of the page). Status: WARNING
Output:HTTP WARNING: HTTP/1.1 404 Not Found
CRITICAL The check can not connect to the server, because connection is refused or times out. Status: Critical
Output:
UNKNOWN All other errors Status: UNKNOWN
Output:


Examples

The following examples should explain the usage of the check and how to enter the arguments

Example Description Output
!!www.amazon.com!/!80!Kindle This is a simple example to check the starting page of Amazon's website. The check is checking the page and expects the string "Kindle" being returned. Status: OK
Output: HTTP OK HTTP/1.0 200 OK - 0.766 second response time |time=0.766346s;;;0.000000 size=170355B;;;0
!www.amazon.com!/dp/1517058465!80!H. G. Wells This is another example on how to check a webshop by calling a product page (here: The book "The Food of the Goods...") in Amazon's shop. The check is checking the page and expects the string "H. G. Wells" being returned. Status: OK
Output: HTTP OK HTTP/1.0 200 OK - 2.226 second response time |time=2.226161s;;;0.000000 size=401851B;;;0
!http://192.168.75.112/!/!80!WebManaged Switch In this case the check is used to monitor the website of a switch in the internal network.
Since the website is asking for a password in a frame, there is only the html title ("WebManaged Switch") available for the check. No other information can be obtained.
Status: OK
Output: HTTP OK HTTP/1.0 200 OK - 0.011 second response time |time=0.010666s;;;0.000000 size=599B;;;0


Check Variants

The check has a predefined time out after which the check will return CRITICAL (default = 10 seconds). For special needs the check is provided in 2 variants.

Check HTTP String (High)

This variant of the check is like the main variant, only it has fixed time out thresholds (WARNING = 15 sec., CRITICAL = 20 sec. thresholds), but no standard time out.
This means, in addition to the explanations above, a WARNING and a CRITICAl will be send when the respective thresholds have been reached.

Check HTTP String (Free)

This variant of the check offers 2 more arguments to provide a possibilty to enter free WARNING and CRITICAL thresholds.
These can be used to check the performance of a web site by setting low thresholds to get a WARNING or CRITICAL in case of a slow response of the site.

Argument No. Argument Name Allowed Arguments Explanation Examples
Arg5 WARNING Integer WARNING threshold in seconds 1
0.5
Arg6 CRITICAL Integer CRITICAL threshold in seconds 20
1.5