A new version of check_es_system.sh, a monitoring plugin for Elasticsearch, is available. The latest release 1.12.1 is a bugfix release and fixes a bug in the readonly check type (-t readonly).
In order to check for read only indexes, check_es_system needs to get access to the Elasticsearch index(es) settings. Depending on which user you are using for the check, the required privileges might not be granted to the user's role.
The previous version(s) did not catch an unauthorized access to the index settings and the check resulted in a parsing error, but still exited with OK:
On the command line this can be verified:
ck@monitoring:~$ /usr/lib/nagios/plugins/check_es_system.sh -H elasticsearch.example.com -u "user" -p "secret" -t readonly
jq: error (at <stdin>:1): Cannot index number with string "settings"
jq: error (at <stdin>:1): Cannot index number with string "settings"
ES SYSTEM OK - Elasticsearch Indexes (_all) are writeable
The error response returned by Elasticsearch's REST API is not properly parsed and the plugin attempts to continue with missing data, leading to the parsing error.
Now with version 1.12.1, the error exception is correctly handled and the plugin will notify accordingly with a CRITICAL state:
ck@monitoring:~$ /usr/lib/nagios/plugins/check_es_system.sh -H elasticsearch.example.com -u "user" -p "secret" -t readonly
ES SYSTEM CRITICAL - Access denied (action [indices:monitor/settings/get] is unauthorized for user [user] with roles [esmonitoring], this action is granted by the index privileges [monitor,view_index_metadata,manage,all])
Obviously the plugin tells you what is missing, but it can't fix the privilege error for you. In the example above, the Elasticsearch user "user" is not allowed to read the settings of the "monitor" index. To solve this, you can add an index privilege on the "monitor" index and give the privilege "monitor" to the user's role:
The documentation of check_es_system was also adjusted accordingly.
With the required index privilege added in Elasticsearch, the check is now working correctly:
ck@monitoring:~$ /usr/lib/nagios/plugins/check_es_system.sh -H elasticsearch.example.com -u "user" -p "secret" -t readonly
ES SYSTEM OK - Elasticsearch Indexes (_all) are writeable
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Observability Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder