fluent-plugin-ssl-check

Fluentd input plugin to check ssl service.

plugins

in - ssl_check

Poll ssl service, to report status.

Example:

<source>
  @type ssl_check
  tag ssl_check

  hosts my-service.com:4443

  interval 600

  ca_path /my/ca_dir/
  ca_file /my/ca_file
</source>

Options are:

  • tag: Tag to emit events on
  • hosts: list of : to check
  • interval: check every X seconds
  • ca_path: directory that contains CA files
  • ca_file: specify a CA file directly
  • sni: want the sni support (true)
  • verify_mode: none or peer
  • cert: client cert for ssl connection
  • key: client key associated to client cert for ssl connection
  • timeout: timeout for ssl check execution (5sec)
  • paths: local certificate file paths
  • log_events: emit log format (true)
  • metric_events: emit metric format (false)
  • event_prefix: metric event prefix for extra dimension
  • timestamp_format: iso, epochmillis timestamp format (iso)

If no port is specified with host, default port is 443.

in - ssl_file_check

Poll ssl local file and report status.

Example:

<source>
  @type ssl_file_check
  tag ssl_check

  paths /etc/cert/host.pem,/app/application_1/cert.pem

  interval 600

  ca_path /my/ca_dir/
  ca_file /my/ca_file
</source>

Options are:

  • tag: Tag to emit events on
  • interval: check every X seconds
  • paths: local certificate file paths
  • ca_path: directory that contains CA files
  • ca_file: specify a CA file directly
  • log_events: emit log format (true)
  • metric_events: emit metric format (false)
  • event_prefix: metric event prefix for extra dimension
  • timestamp_format: iso, epochmillis timestamp format (iso)

output examples

log output example

{
    "timestamp": "2023-10-03T09:59:41.580+02:00",
    "status": 1,
    "host": "www.google.fr",
    "port": 443,
    "ssl_version": "TLSv1.2",
    "ssl_dn": "/CN=*.google.fr",
    "ssl_not_after": "2023-11-27T08:25:08.000Z",
    "expire_in_days": 55,
    "serial": "4e79dbb13c6b57b309780da2d1edbda4"
}

metric output example

{
    "timestamp": "2023-10-03T10:06:21.417+02:00",
    "metric_name": "ssl_status",
    "metric_value": 1,
    "host": "www.google.fr",
    "port": 443,
    "ssl_dn": "/CN=*.google.fr",
    "ssl_version": "TLSv1.2",
    "ssl_not_after": "2023-11-27T08:25:08.000Z",
    "serial": "4e79dbb13c6b57b309780da2d1edbda4"
}

{
    "timestamp": "2023-10-03T10:06:21.417+02:00",
    "metric_name": "ssl_expirency",
    "metric_value": 55,
    "host": "www.google.fr",
    "port": 443,
    "ssl_dn": "/CN=*.google.fr",
    "serial": "4e79dbb13c6b57b309780da2d1edbda4"
}

Installation

Manual install, by executing:

$ gem install fluent-plugin-ssl-check

Add to Gemfile with:

$ bundle add fluent-plugin-ssl-check

Compatibility

plugin in 1.x.x will work with:

  • ruby >= 2.7.7
  • td-agent >= 4.0.0
  • Copyright(c) 2023- Thomas Tych
  • License
    • Apache License, Version 2.0