Better SSL Monitoring (x509_cert)

Dashboard

A very simple and visual Dashboard to monitor SSL Certificates (x.509) using the native inputs.x509_cert from Telegraf. It just works automatically once the sources are added to telegraf.
Last updated: 3 months ago

Start with Grafana Cloud and the new FREE tier. Includes 10K series Prometheus or Graphite Metrics and 50gb Loki Logs

Downloads: 52

Reviews: 0

  • x509dashboard.png
    x509dashboard.png

Just place the configuration to your telegraf instance and import the Dashboard template.

To just have a Box with the next due certificate on your main Situation Room Dashboard you can use the following query:

SELECT (bottom(expiry,common_name,1)/60/60/24) as exp,common_name FROM "x509_cert" WHERE time >= now() - 1h

It's easy to maintain the Config in a Git repo and pull it ever few hours to your Telegraf Server. Such a Cron could look like:

0 0,3,6,9,12,15,18,21 * * * /usr/bin/git archive --remote=ssh://git@your.gitrepo:7999/sslchec/domains.git HEAD certs.conf|tar -xO > /etc/telegraf/telegraf.d/certs.conf && killall -1 telegraf

Collector Configuration Details

File: /etc/telegraf/telegraf.d/certs.conf

[[inputs.x509_cert]]
  interval = "300s"

  ## List certificate sources
  sources = [
        "https://my.host.to.monitor:443",
        "https://my.second.host.to.monitor:443"
  ]

  ## Timeout for SSL connection
  # timeout = "5s"

  ## Pass a different name into the TLS request (Server Name Indication)
  ##   example: server_name = "myhost.example.org"
  # server_name = "myhost.example.org"

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
Dependencies: