Monitoring SSL Certs using X509 input. I want the alert to trigger if an SSL < 5 days remaining but if i check against more than 1 SSL then the alert trigger flip flops as 1 is critical and the other is not.
If FQDN1 is Crit and FQDN2 or 3 isnt then they flip-flop…
Should you make individual scripts for each SSL or is there a more efficient way to write a tickscript ?
var db = 'telegraf'
var rp = 'autogen'
var measurement = 'x509_cert'
var groupBy = ['san']
var whereFilter = lambda: ("san" == 'FQDN1' OR "san" == 'FQDN2' OR "san" == 'FQDN3' )
var name = 'SSL'
var idVar = name + '-{{.Group}}'
var message = '=== SSL Monitor ===
SSL Status: {{.Level}}
Certificate ID: {{.ID}}'
var idTag = 'alertID'
var levelTag = 'level'
var messageField = 'message'
var durationField = 'duration'
var outputDB = 'chronograf'
var outputRP = 'autogen'
var outputMeasurement = 'alerts'
var triggerType = 'threshold'
var warn = 5
var crit = 0
var data = stream
|from()
.database(db)
.retentionPolicy(rp)
.measurement(measurement)
.groupBy(groupBy)
.where(whereFilter)
|eval(lambda: "expiry" / (3600 * 24))
.as('value')
var trigger = data
|alert()
.warn(lambda: "value" < warn)
.crit(lambda: "value" < crit)
.message(message)
.id(idVar)
.idTag(idTag)
.levelTag(levelTag)
.messageField(messageField)
.durationField(durationField)
.stateChangesOnly()
.telegram()
.chatId('MYCHAT')
.parseMode('Markdown')
trigger
|eval(lambda: float("value"))
.as('value')
.keep()
|influxDBOut()
.create()
.database(outputDB)
.retentionPolicy(outputRP)
.measurement(outputMeasurement)
.tag('alertName', name)
.tag('triggerType', triggerType)
trigger
|httpOut('output')
