Skip to content

Execute a Shell Script using Zabbix Agent

Video Lecture

Check SSL Certificate Expiry on Websites using Custom Script and system.run Check SSL Certificate Expiry on Websites using Custom Script and system.run

Description

In this lesson I will run a Shell Script (.sh) using the agent running on my Zabbix Server.

This script will return the number of days remaining before an SSL certificate expires.

You can use any Linux agent you desire to run this script.

Create a folder on the Linux host. (if the folder doesn't already exist)

#
mkdir /home/zabbix/

CD into the folder

#
cd /home/zabbix

Then create the script on your server,

#
nano checkssl.sh

1
2
3
4
5
6
7
8
9
data=`echo | openssl s_client -servername $1 -connect $1:${2:-443} 2>/dev/null | openssl x509 -in /dev/stdin -noout -enddate | sed -e 's#notAfter=##'`

ssldate=`date -d "${data}" '+%s'`

nowdate=`date '+%s'`

diff="$((${ssldate}-${nowdate}))"

echo $((${diff}/86400))

Save it, and give it execute permissions.

#
chmod a+x checkssl.sh

Test that it works using

#
./checkssl.sh example.com

or

#
./checkssl.sh example.com 443

Adding port 443 is optional and default. You can put any port here in case your certificate was bound to a different port, e.g., 3000 or 8443

or use any other domain name rather than example.com

Then go into Zabbix and create items that call this script for each website SSL you want to monitor.

Example item key is

system.run[/home/zabbix/checkssl.sh example.com 443]

Since the expiry days can go negative, I advise you use the numeric(float) option in the type of information drop down.

See the video for more requirements to get this to work.

Zabbix Agent Items

Restricting Agent Checks

Comments