Telegraf http_response POST returns 403s


I am trying to replace a script that uses a curl POST request to verify login on a remote web server. The existing (obfuscated) curl command is:

curl -X POST -d ‘{ “user”: “tester”, “password”: “XXXXX” }’ -H “content-type: text/plain”

When I try to translate this in Telegraf, I get 403 responses (http_response_code is 403 in influxdb).

Are there any gotchas in formatting the body (or anything else) I should know about here? I’ve tried formatting the body section all kinds of different ways.

Here is my http_response inputs section in telegraf:

  name_prefix = "login_health_"

  interval = "60s"

  ## Server address (default http://localhost)
  address = ""

  ## Set http_proxy (telegraf uses the system wide proxy settings if it's is not set)
  # http_proxy = "http://localhost:8888"

  ## Set response_timeout (default 5 seconds)
  # response_timeout = "5s"

  ## HTTP Request Method
  method = "POST"

  ## Whether to follow redirects from the server (defaults to false)
  # follow_redirects = true

  ## Optional HTTP Request Body
  body = "{'user':'tester','password':'XXXXX'}"

  ## Optional substring or regex match in body of the response (case sensitive)
  response_string_match = "SUCCESS"

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = true

  ## HTTP Request Headers (all values must be strings)
    Content-Type = "text/plain"

What were the methods you tried formatting the body? Your current one does look valid. Is there a way you can verify (perhaps in the server logs) why it isn’t authenticating your tester user?

In the readme, it has (which I assume you tried):

body = '''
{'user':'tester', 'password':'xxxxx'}

Using your config against a local netcat server, it looks like your request looks like this:

User-Agent: Go-http-client/1.1
Content-Length: 36
Content-Type: text/plain
Accept-Encoding: gzip
Connection: close



I actually just got access to the web server box(es) we’re hitting against. I’ll take a look in logs there.

I tried
body = “{‘user’:‘tester’, ‘password’:‘xxxxx’}”
body = ‘’{“user”:“tester”, “password”:“xxxxx”}"
body = ‘’{‘user’:‘tester’, ‘password’:‘xxxxx’}"

1 Like