x509
Deploy this integration to collect X509 certificate metrics from URLs and send them to Logz.io. The following metrics are collected by this integration:
- x509_age (duration in milliseconds)
- x509_expiry (duration in milliseconds)
- x509_start_date (in seconds passed since 1.1.1970)
- x509_end_date (in seconds passed since 1.1.1970)
Collect certificate metrics using AWS Lambda
The integration is based on a Lambda function that will be auto-deployed together with the layer LogzioLambdaExtensionLogs.
Auto-deploy the Lambda function
👇 To begin, click this button to start the automated deployment. You will need to deploy it in your environment.
| Region | Deployment |
|---|---|
us-east-1 |  |
us-east-2 | |
us-west-1 | |
us-west-2 | |
eu-central-1 | |
eu-north-1 | |
eu-west-1 | |
eu-west-2 | |
eu-west-3 | |
sa-east-1 | |
ap-northeast-1 | |
ap-northeast-2 | |
ap-northeast-3 | |
ap-south-1 | |
ap-southeast-1 | |
ap-southeast-2 | |
ca-central-1 | |
Specify the stack details
Specify the stack details as per the table below and select Create stack.
| Parameter | Description |
|---|---|
LogzioMetricsToken | Your Logz.io metrics shipping token:<<PROMETHEUS-METRICS-SHIPPING-TOKEN>> |
LogzioListener | The Logz.io listener URL: https://<<LISTENER-HOST>>:8071 Replace <<LISTENER-HOST>> with the host for your region. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071. |
CertificateURL | The URL to collect x509 certificate metrics from, including port. i.e: https://app.logz.io:443 |
LambdaTimeout | The amount of time that Lambda allows a function to run before stopping it. Minimum value is 1 second and Maximum value is 900 seconds. We recommend to start with 300 seconds (5 minutes). |
CloudWatchEventScheduleExpression | The scheduling expression that determines when and how often the Lambda function runs. We recommend to start with 10 hour rate. |
LogzioLogsToken | Your Logz.io log shipping token:<<LOG-SHIPPING-TOKEN>> Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to. |
Run the tests
Run the ping statistics tests to generate metrics.
Check Logz.io for your metrics
Give your metrics some time to get from your system to ours, and then open OpenSearch Dashboards. All metrics that were sent from the Lambda function will have the prefix x509 in their name.
Install the pre-built dashboard to enhance the observability of your metrics.
To view the metrics on the main dashboard, log in to your Logz.io Metrics account, and open the Logz.io Metrics tab.
Collect certificate metrics using Telegraf
The integration uses a locally hosted Telegraf agent with a Prometheus remote write plugin to send metrics to Logz.io.
Set up Telegraf v1.17 or higher
For Windows
wget https://dl.influxdata.com/telegraf/releases/telegraf-1.27.3_windows_amd64.zip
After downloading the archive, extract its content into C:\Program Files\Logzio\telegraf\.
The configuration file is located at C:\Program Files\Logzio\telegraf\.
For MacOS
brew install telegraf
The configuration file is located at /usr/local/etc/telegraf.conf.
For Linux
Ubuntu & Debian
sudo apt-get update && sudo apt-get install telegraf
The configuration file is located at /etc/telegraf/telegraf.conf.
RedHat and CentOS
sudo yum install telegraf
The configuration file is located at /etc/telegraf/telegraf.conf.
SLES & openSUSE
# add go repository
zypper ar -f obs://devel:languages:go/ go
# install latest telegraf
zypper in telegraf
The configuration file is located at /etc/telegraf/telegraf.conf.
FreeBSD/PC-BSD
sudo pkg install telegraf
The configuration file is located at /etc/telegraf/telegraf.conf.
Enable the inputs.x509_cert plug-in
Add the inputs.x509_cert section to the configuration file:
[[processors.rename]]
[[processors.rename.replace]]
measurement = "x509_cert"
dest = "x509"
[[inputs.x509_cert]]
## List certificate sources, support wildcard expands for files
## Prefix your entry with 'file://' if you intend to use relative paths
sources = ["tcp://example.org:443", "https://influxdata.com:443",
"smtp://mail.localhost:25", "udp://127.0.0.1:4433",
"/etc/ssl/certs/ssl-cert-snakeoil.pem",
"/etc/mycerts/*.mydomain.org.pem", "file:///path/to/*.pem"]
## Timeout for SSL connection
timeout = "5s"
## Pass a different name into the TLS request (Server Name Indication).
## This is synonymous with tls_server_name, and only one of the two
## options may be specified at one time.
## example: server_name = "myhost.example.org"
# server_name = "myhost.example.org"
## Only output the leaf certificates and omit the root ones.
# exclude_root_certs = false
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
# tls_server_name = "myhost.example.org"
## Set the proxy URL
# use_proxy = true
# proxy_url = "http://localhost:8888"
Configure the iinputs.x509_cert plugin
Specify the plugin parameters as per the table below:
| Parameter | Description | Required/Optional | Default |
|---|---|---|---|
| sources | Comma-separated list of your the URLs to collect metrics from. | Required | - |
| timeout | Your response timeout (seconds). | Required | 5 (seconds) |
| server_name | Server Name Indication used as a different name into the TLS request | Optional | - |
| exclude_root_certs | Selector to output the leaf certificates and omit the root ones | Optional | false |
| tls_ca | Optional TLS Config setting | Optional | - |
| tls_cert | Optional TLS Config setting | Optional | - |
| tls_key | Optional TLS Config setting | Optional | - |
| tls_server_name | Use the given name as the SNI server name on each URL | Optional | - |
| use_proxy | Selector to enable proxy URL. | Optional | true |
| proxy _url | HTTP proxy URL. | Optional | - |
Add the outputs.http plug-in
After you create a config file for Telegraf, configure the output plug-in to enable your data to be sent to Logz.io in Prometheus-format and add the following code to the configuration file:
[[outputs.http]]
url = "https://<<LISTENER-HOST>>:8053"
data_format = "prometheusremotewrite"
[outputs.http.headers]
Content-Type = "application/x-protobuf"
Content-Encoding = "snappy"
X-Prometheus-Remote-Write-Version = "0.1.0"
Authorization = "Bearer <<PROMETHEUS-METRICS-SHIPPING-TOKEN>>"
Replace the placeholders to match your specifics. (They are indicated by the double angle brackets << >>):
- Replace
<<LISTENER-HOST>>with the Logz.io Listener URL for your region, configured to use port 8052 for http traffic, or port 8053 for https traffic. - Replace
<<PROMETHEUS-METRICS-SHIPPING-TOKEN>>with a token for the Metrics account you want to ship to. Look up your Metrics token.
The full list of data scraping and configuring options can be found here.
Start Telegraf
On Windows:
telegraf.exe --service start
On MacOS:
telegraf --config telegraf.conf
On Linux:
Linux (sysvinit and upstart installations)
sudo service telegraf start
Linux (systemd installations)
systemctl start telegraf
Check Logz.io for your metrics
Install the pre-built dashboard to enhance the observability of your metrics.
To view the metrics on the main dashboard, log in to your Logz.io Metrics account, and open the Logz.io Metrics tab.