[ZBX-7760] net.tcp.service[.perf] simple checks poorly documented Created: 2014 Feb 06  Updated: 2017 May 30  Resolved: 2015 May 19

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Documentation (D)
Affects Version/s: 2.0.10
Fix Version/s: None

Type: Incident report Priority: Minor
Reporter: Tom M. Assignee: Unassigned
Resolution: Fixed Votes: 10
Labels: simplechecks
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

documentation



 Description   

net.tcp.service simple checks are poorly documented, especially for the service parameter.

The manual just says (section 6.2.2.5.2 as for 2.0.10):

  • service - one of ssh, ntp, ldap, smtp, ftp, http, pop, nntp, imap, tcp, https, telnet

But there is no indication whether a higher level protocol has been implemented, what it would do, expect, or how it would handle protocol violations.

This leads to wrong expectations and assumptions, i.e. one could assume that "http" actually does some HTTP, i.e. sending out a HEAD or GET request and check for a HTTP xxx reply - but it doesn't. HTTP is a bare TCP connection. In contrast, ssh seems to do a real handshake.

simple.c in src/libs/zbxsysinfo/simple is the basic workhorse and might be a good starting point for reverse engineering how stuff is implemented.



 Comments   
Comment by Volker Fröhlich [ 2014 Nov 07 ]

I looked it up a first few in 2.4 to save people from digging it up:

smtp

Creates a TCP connection and expects the first 3 characters of the response to be "220", followed by either a space or the line ending. No dash must follow "220". Then sends "QUIT"

pop

Creates a TCP connection and expects the first 3 characters of the response to be "+OK", then sends "QUIT"

imap

Creates a TCP connection and expects the first 4 characters of the response to be "* OK", then sends "at LOGOUT"

nntp

Creates a TCP connection and expects the first 3 characters of the response to be "200" or "201", then sends "QUIT"

ftp

Creates a TCP connection and expects a 220 response, then sends "QUIT"

http

Creates a TCP connection

https

Uses (and only works with) libcurl, does not verify the authenticity of the certificate, does not verify the host name in the SSL certificate, only fetches the response header (HEAD request).

tcp

Creates a TCP connection

Still missing

  • ssh
  • ldap
  • telnet
  • ntp
Comment by Igors Homjakovs (Inactive) [ 2015 Apr 20 ]

Here is updated info for 2.4 and trunk (info for 2.0 and 2.2 is also given if it differs with newer versions):

smtp
Creates a TCP connection and expects the first 3 characters of the response to be "220", followed by a space, the line ending or a dash. The lines containing a dash belong to a multi-line response and the response will be re-read until a line without the dash is received. Then sends "QUIT\r\n".

smtp (2.0, 2.2)
Creates a TCP connection and expects the first 3 characters of the response to be "220". Then sends "QUIT\r\n".

pop
Creates a TCP connection and expects the first 3 characters of the response to be "+OK", then sends "QUIT\r\n"

pop (2.0, 2.2)
Creates a TCP connection and expects the first 3 characters of the response to be "+OK", then sends "QUIT\n"

imap
Creates a TCP connection and expects the first 4 characters of the response to be "* OK", then sends "a1 LOGOUT\r\n"

imap (2.0, 2.2)
Creates a TCP connection and expects the first 4 characters of the response to be "* OK", then sends "a1 LOGOUT\n"

nntp
Creates a TCP connection and expects the first 3 characters of the response to be "200" or "201", then sends "QUIT\r\n"

nntp (2.0, 2.2)
Creates a TCP connection and expects the first 3 characters of the response to be "200", then sends "QUIT\n"

ftp
Creates a TCP connection and expects the first 4 characters of the response to be "220 ", then sends "QUIT\r\n"

ftp (2.0, 2.2)
Creates a TCP connection and expects the first 3 characters of the response to be "220" response, then sends "QUIT\n"

http
Creates a TCP connection without expecting and sending anything. Default port 80 is used if not specified.

https
Uses (and only works with) libcurl, does not verify the authenticity of the certificate, does not verify the host name in the SSL certificate, only fetches the response header (HEAD request).

tcp
Creates a TCP connection without expecting and sending anything. Unlike http check requires port parameter to be specified.

ssh
Creates a TCP connection. If the connection has been established, both sides exchange an identification string (SSH-major.minor-XXXX), where major and minor are protocol versions and XXXX is a string. Zabbix checks if string matching the specification is found and then sends back the string "SSH-major.minor-zabbix_agent\r\n" or "0\" on mismatch.

ldap
Performs LDAP search operation

telnet
Creates a TCP connection and checks telnet connection.

ntp
Creates a TCP connection, sends an ntp packet and expects positive timestamp.

Comment by Martins Valkovskis [ 2015 Apr 21 ]

Added to documentation as:

https://www.zabbix.com/documentation/2.0/manual/appendix/items/net.tcp.service_details
https://www.zabbix.com/documentation/2.2/manual/appendix/items/net.tcp.service_details
https://www.zabbix.com/documentation/2.4/manual/appendix/items/net.tcp.service_details
https://www.zabbix.com/documentation/3.0/manual/appendix/items/net.tcp.service_details

Linked to from:

https://www.zabbix.com/documentation/2.0/manual/config/items/itemtypes/simple_checks
https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/simple_checks
https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/simple_checks
https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/simple_checks

RESOLVED.

asaveljevs Based on the needs of ZBXNEXT-786, the first set of pages above has been moved to the following locations:

asaveljevs Removed "simple" from "simple checks" on those pages, because net.tcp.service[] is also available as an agent check.

RESOLVED.

Comment by richlv [ 2015 Apr 21 ]

(1) really great to see this one finally documented, thanks all

"Performs an LDAP search operation." - what do we search for ? does the result (found/not found) affect the outcome of this check, or is it ignored ?

igorsh
Open a connection to an LDAP server and performs an LDAP search operation with filter set to (objectClass=*). Expects successful retrieval of first attribute of the first entry.

Perhaps the debug message "LDAP - empty sort result." should be changed to "LDAP - empty search result."

martins-v Changed to "Opens a connection to an LDAP server and performs an LDAP search operation with filter set to (objectClass=*). Expects successful retrieval of the first attribute of the first entry." RESOLVED.

<richlv> thanks, CLOSED

Comment by richlv [ 2015 Apr 21 ]

(2) "Unlike the http check..." - maybe that should be "Unlike the other checks..." ?

igorsh True.

martins-v Changed accordingly. RESOLVED.

<richlv> thanks, CLOSED

Comment by richlv [ 2015 Apr 21 ]

(3) "checks telnet connection" - seems a bit vague compared to other descriptions

igorsh
Creates a TCP connection and expects a login prompt. Default port 23 is used if not specified.

martins-v Changed in documentation. RESOLVED.

<richlv> in https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/simple_checks we mention what a login prompt is - should we do that here, too ?

martins-v I think so. Added. Perhaps even the original sentence could be removed from https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/simple_checks, now that there's a special appendix for details.

<richlv> ah, that's a mighty good idea - let's remove it from the items table

martins-v Done. RESOLVED.

<richlv> thanks, CLOSED

Comment by richlv [ 2015 Apr 21 ]

(4) default port is documented for 'http', but not for other checks - probably should be (except 'tcp')

igorsh
ssh: 22
ntp: 123
ldap: 389
smtp: 25
ftp: 21
http: 80
pop: 110
nntp: 119
imap: 143
https: 443
telnet: 23

martins-v Thanks, added to documentation. RESOLVED.

<richlv> thanks, CLOSED

Comment by Volker Fröhlich [ 2015 Apr 21 ]

(5) "Creates a TCP connection, sends an ntp packet and expects positive timestamp." – I would say "expects a positive timestamp". What is "a ntp packet"?

<richlv> also note that ntp checks will get additional description after completion of ZBXNEXT-786
it also seems a bit unclear what a "positive timestamp" is

asaveljevs Updated the description with a reference to RFC 4330. Please take a look and let me know whether an exact list of validation checks is required. RESOLVED.

<richlv> seems to be enough to me, although for pre-3.0 docs we should probably mention that this behaviour changed in this or that version ?

asaveljevs Yes, I am planning to mention that "ntp" only started working since this and that version, but on the main item page (https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/zabbix_agent) and the plan is to do it under ZBXNEXT-786.

asaveljevs Seems CLOSED.

Comment by Aleksandrs Saveljevs [ 2015 May 05 ]

(6) Fixed a typo in SSH check description: it used to say "0\" instead of "0\n".

sasha Thanks! CLOSED

Generated at Fri Mar 29 09:16:30 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.