Firewalls: RE: Monitoring Web Server

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Monitoring Web Server
From:	Mike Hedlund <mike @ isi . net>
Date:	Thu, 26 Feb 1998 08:38:27 -0800 (PST)
To:	firewalls @ GreatCircle . COM
In-reply-to:	<6BD566AAE85DD011A2980000F654628B01A45C62 @ exgau30000 . mel227trk . au . anz . 3 . 19 . 150 . in-addr . arpa>


Many years ago i wrote a little program called pping. its a tcp 'port
pinger' works like regular ping, except over tcp. it doesnt actually get a
file, check checks a tcp port to see if its accepting connections...

$ pping -v -h www.yahoo.com -t 3 -s 1 -c 3 -p 80
[1] www.yahoo.com:80 ...  [time=6.986ms] accepting connections.
[2] www.yahoo.com:80 ...  [time=6.624ms] accepting connections.
[3] www.yahoo.com:80 ...  [time=7.122ms] accepting connections.
----------- www.yahoo.com:80 PPING Stats ----------
3 attempts, 3 connections, 0 failures, 0% failure rate
connect time (ms) min/avg/max 6.624/6.911/7.122
$ 

$ pping -h www.yahoo.com -c 1 -t 3 -p 80 -q
[1] www.yahoo.com:80 ...  [time=7.807ms] accepting connections.
$ pping -h www.yahoo.com -c 1 -t 3 -p 81 -q
[1] www.yahoo.com:81 ... connection refused.
$ 

Its a C program that should compile on anything, except windows. :)
Should be easy to port over, but i never bothered. i actually wrote
a windows app that monitors local cpu/memory/disk usage, and a list
of remote sites, and if any of those sites fail a check, it sends mail to
someone...

If anyone wants either one ill throw it up on a web page somewere..

-mike

On Thu, 26 Feb 1998, Gasparini, Edy wrote:

> On Thursday, 26 February 1998 2:00, Michael
> Sorbera[SMTP:msorber @
 ibm .
 net] wrote:
> > 
> > Does anyone know of a program that will monitor a web server (no ping,
> > but an actual access of the URL), and if the access doesn't work, page
> > me...
> > 
> 
> this is real quick and real dirty - but it works ...
> 
> I wrote a simple shell script that simply telnets to a port. Let's
> assume we monitoring a web server, running on standard port 80. I telnet
> to port 80 and capture std error and output to a file. close the telnet
> session and then grep the outfile for "Connected to" which is the
> standard string you get when telnet connects to a remote system. If the
> grep is successful, then no problems - if grep fails then you know the
> telnet connection failed and the web server is in trouble - quick do
> something! Our paging service provides an email interface where you can
> send a mesg to an email address which is then passed to the pager. Bingo
> - automatic alerting. This job is then scheduled to run regularly via
> cron.
> 
> two main problems with this setup: one is you have to rely on your email
> gateway to be up and running in order to receive the alert. the other is
> that the host running the script could go down (in which case you
> probably have bigger problems) but you need to have that host monitored
> via some other mechanism.
> 
> > I would prefer a DOS, Win 3.X or WIN95 solution.  But will go to NT or
> > UNIX if need be.
> > 
> 
> If you want continuous monitoring, then I would suggest using a reliable
> and stable Unix host (please, no flame wars - if you've got Bourne on
> NT, then use that if you must). 
> 
> Here's a copy of my script:
> 
> -----start script----
> #!/bin/sh
> 
> #
> 
> # This script will check the status of given port of a given
> host, ie. whether
> 
> # port 80 (http) is listening on the web server. It
> achieves this by simply
> 
> # telnetting to the host and port and looking
> for the connected string that
> 
> # telnet returns when it is successful. As
> an example:
> 
> #
> 
> # $ telnet hostname 80
> 
> # Trying...
> 
> # Connected to
> hostname.
> 
> # Escape character is '^]'.
> 
> #
> 
> # We specifically look for the
> "Connected to" string. If it's not found then we
> 
> # assume something is
> broken and then raise an alert by sending email (either
> 
> # to a real
> email address or a pager via email gateway).
> 
> #
> 
> # We can check the status
> of multiple hosts and ports with this one script. The
> 
> # variable
> controlling this is DESTHOST which is simply space delimited 
> 
> #
> host:port pairs. For example, to test port 80 of the web server you
> would
> 
> # define DESTHOST as www:80.
> 
> #
> 
> # The sendmesg function is where we
> actually deliver an alert. The case 
> 
> # statement MUST have an entry for
> each host:port defined in DESTHOST. This way,
> 
> # we can notify different
> ways for each individual
> host:port.
> 
> #
> 
> ###########################################################
> #################
> 
> #
> 
> # add each host:port to check in
> DESTHOST
> 
> #
> 
> DESTHOST="hostname1:port hostname2:port ..."
> 
> #
> 
> # no need to
> modify any of this stuff - have a look in sendmesg function!
> 
> # (just
> make sure the paths are OK)
> #
> 
> OUTFILE=/tmp/www.out.$$
> 
> SERVER_STATUS=0	# 0=alive,
> 1=dead
> 
> TELNET=/usr/ucb/telnet
> 
> LOGGER=/usr/ucb/logger
> 
> MAIL=/usr/bin/mailx
> 
> 
> MESG=""
> 
> ###############################################################
> ##########
> 
> # use this function to send a message when something fails.
> Ensure you define
> 
> # MESG and TO correctly and that each entry in
> DESTHOST has a case here. 
> # You can have multiple entries in TO (so you can send the same mesg to
> multiple 
> # recipients in one hit). Remember that email aliases are defined in 
> # /usr/lib/aliases, so you can either have the fully qualified email
> address 
> # in here or an alias defined in aliases.
> 
> #
> 
> #
> 
> sendmesg()
> 
> {
> 
> 	case
> ${server} in
> 
> 		hostname1:port)
> 
> 		SUBJ="URGENT!
> hostname1 is down! "
> 
> 		MESG="insert some extra info here if you
> want"
> 
> 		TO="support pager"
> 
> 
> 
> 		echo ${MESG} | ${MAIL}
> -s "${SUBJ}" ${TO}
> 
> 		${LOGGER} -t server_check "${SUBJ}"
> #place an entry in syslog
> 
> 		;;
> 
> 
> 		hostname2:port)
> 		SUBJ="URGENT! hostname2 is down! "
> 		MESG="insert some extra info here if you want"
> 		TO="support pager someone-else"
> 
> 		echo ${MESG} | ${MAIL} -s "${SUBJ}" ${TO}
> 		${LOGGER} -t server_check "${SUBJ}"	#place an entry
> in syslog
> 		;;
> 	
> esac
> 
> }
> 
> 
> 
> #
> 
> ##############################################################
> ###########
> 
> # for each host:port pair listed in $DESTHOST, try and
> connect to see
> 
> # if something is listening.
> 
> #
> 
> 
> 
> for server in
> ${DESTHOST}
> 
> do
> 
> 	SERVER=`echo ${server}|awk -F: '{print $1}'`
> 
> 
> PORT=`echo ${server}|awk -F: '{print $2}'`
> 
> 	rm -rf
> ${OUTFILE}_${SERVER}
> 
> 
> 
> 	${TELNET} ${SERVER} ${PORT} >
> ${OUTFILE}_${SERVER} 2>1 <<EOF
> 
> EOF
> 
> 
> 
> 	grep "Connected to ${SERVER}"
> ${OUTFILE}_${SERVER} >/dev/null
> 
> 	status=$?	#quick, grab the
> status of that last command
> 
> 
> 
> 	if [ ${status} != 0 ] #which means the
> connect failed
> 
> 	then
> 
> 		SERVER_STATUS=1
> 
> 
> sendmesg
> 
> 	else
> 
> 		echo "$server OK"
> 
> 
> ${LOGGER} -t server_check "$server responds OK"
> 
> 	fi
> 
> 
> 
> 	rm -rf
> ${OUTFILE}_${SERVER}  #cleanup after ourselves
> 
> done
> 
> 
> 
> exit 0
> 
> 
> -----end script----
> 
> ./edy gasparini  - Internet Security Manager 
>

References:

RE: Monitoring Web Server
From: "Gasparini, Edy" <gasparie @ anz . com>

Indexed By Date	Previous:	Re: Building a Cisco firewall From: Wes Kaufmann <wes @ osds . com>
Indexed By Date	Next:	RE: Protocol 47 From: Vinod Valloppillil <vinodv @ microsoft . com>
Indexed By Thread	Previous:	RE: Monitoring Web Server From: "Gasparini, Edy" <gasparie @ anz . com>
Indexed By Thread	Next:	Re: Monitoring Web Server From: rdew @ el . nec . com (Bob De Witt)